关于 Apache http 的 mod_ssl_ct

事出于 https://disqus.com/home/discussion/jerryqu/certificate_transparency_67/#comment-2579209424

我按照 https://www.certificate-transparency.org/resources-for-site-owners/apache 上面的教程编译了 apache trunk 和 ssl-ct module 然后启用没有问题， http 可以正常打开， https 打开不能

下面是 log

[Sat Mar 26 16:21:12.242621 2016] [mpm_event:notice] [pid 12038:tid 139709956175744] AH00489: Apache/2.5.0-dev (Unix) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Mar 26 16:21:12.242646 2016] [core:notice] [pid 12038:tid 139709956175744] AH00094: Command line: '/usr/local/apache/bin/httpd'
[Sat Mar 26 16:21:42.254098 2016] [ssl_ct:error] [pid 12043:tid 139709956175744] (13)Permission denied: AH02779: couldn't read /usr/local/apache/conf/scts/ct.googleapis.com-rocketeer.sct
[Sat Mar 26 16:21:42.254304 2016] [ssl_ct:error] [pid 12043:tid 139709956175744] (13)Permission denied: AH02704: SCT maintenance daemon - SCT refresh failed; will try again later

发现是 Permission denied ，但是即使我把权限调成 apache 运行权限也没有任何改变还是一样的错误，一样的味道 http://ww2.sinaimg.cn/large/a15b4afegw1f2bdr5i5rej20yp0l87al

所以来请教下有没有什么解决方法

系统参数

root@main:~# uname -a
Linux main 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86_64 GNU/Linux
root@main:~# openssl version
OpenSSL 1.0.2g  1 Mar 2016
root@main:~# httpd -v
Server version: Apache/2.5.0-dev (Unix)
Server built:   Mar 20 2016 00:38:01

ssl 配置

SSLCertificateFile /root/ssl/loli_pet.crt
SSLCertificateKeyFile /root/ssl/loli.pet.key
SSLCertificateChainFile /root/ssl/CA.crt
SSLCompression off
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
CTSCTStorage /tmp/scts
CTStaticSCTs /root/ssl/loli_pet.crt /usr/local/apache/conf/scts

证书使用的是 COMODO ECC https://loli.pet 现在暂时关掉了 ct 模块