我想在我的Debian / Apache和Letsencrypt上启用SLL(由Certbot提供) .
在ports.conf上,端口80和443都在监听:
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
SSL已启用:
> a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled
我的VirtualHosts配置如下:my-host.conf
<VirtualHost XX.XX.XX.XX:80>
ServerName www.myhost.com
ServerAlias myhost.com
Redirect / https://www.myhost.com
DocumentRoot /home/myhost/www/public/
CustomLog /var/log/apache2/myhost.com-access.log combined
ErrorLog /var/log/apache2/lmyhost.com-error.log
LogLevel warn
<Directory "/home/myhost/www/public/">
Require all granted
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
myhost.com-LE-ssl.conf中:
<IfModule mod_ssl.c>
<VirtualHost XX.XX.XX.XX:443>
ServerName www.myhost.com
ServerAlias myhost.com
# Redirect / https://www.myhost.com
DocumentRoot /home/myhost/www/public/
CustomLog /var/log/apache2/myhost.com-access.log combined
ErrorLog /var/log/apache2/myhost.com-error.log
LogLevel warn
<Directory "/home/myhost/www/public/">
Require all granted
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
SSLCertificateFile /etc/letsencrypt/live/www.myhost.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.myhost.com-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
当我试图达到http:///www.myhost.com:443时,它有效 . 但是https:///www.myhost.com我在Chrome上出错了:
ERR_SSL_PROTOCOL_ERROR
在我的服务器上,当我检查时:
openssl s_client -crlf -debug -connect www.myhost.com:443 -status -servername www.myhost.com
我明白了:
...
124222757861008:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:782:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 323 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1494247901
Timeout : 300 (sec)
Verify return code: 0 (ok)
最后,在我的Apache错误日志中,我可以看到:
[Sun May 07 20:06:53.419500 2017] [core:debug] [pid 18433] protocol.c(1275): [client xx.xx.xx.xx:52254] AH00566: request failed: malformed request line
简而言之,SSL已启用,端口是正确的,当我通过其hosts:端口呼叫时,Apache可以通过 . 但是,此端口无法调用我的证书并通过https打开我的主机 . 就像SSL被禁用了......!
你能给我一些解决方法吗?谢谢大家!
1 回答
我遇到了和你一样的问题,这就是我解决它的方法 . [详情Site does not exist error for a2ensite]但是tl; dr是:
vhost配置文件必须以.conf结尾
您必须将它放在sites-available目录中,然后
您必须运行a2ensite才能启用该站点 .