首页 文章

在Debian上启用SSL

提问于
浏览
1

我想在我的Debian / Apache和Letsencrypt上启用SLL(由Certbot提供) .

在ports.conf上,端口80和443都在监听:

Listen 80

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

SSL已启用:

> a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled

我的VirtualHosts配置如下:my-host.conf

<VirtualHost XX.XX.XX.XX:80>
        ServerName www.myhost.com
        ServerAlias myhost.com
        Redirect / https://www.myhost.com
        DocumentRoot /home/myhost/www/public/
        CustomLog /var/log/apache2/myhost.com-access.log combined
        ErrorLog /var/log/apache2/lmyhost.com-error.log
        LogLevel warn
        <Directory "/home/myhost/www/public/">
                Require all granted
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>
</VirtualHost>

myhost.com-LE-ssl.conf中:

<IfModule mod_ssl.c>
<VirtualHost XX.XX.XX.XX:443>
        ServerName www.myhost.com
        ServerAlias myhost.com
#       Redirect / https://www.myhost.com
        DocumentRoot /home/myhost/www/public/
        CustomLog /var/log/apache2/myhost.com-access.log combined
        ErrorLog /var/log/apache2/myhost.com-error.log
        LogLevel warn
        <Directory "/home/myhost/www/public/">
                Require all granted
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>
SSLCertificateFile /etc/letsencrypt/live/www.myhost.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.myhost.com-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

当我试图达到http:///www.myhost.com:443时,它有效 . 但是https:///www.myhost.com我在Chrome上出错了:

ERR_SSL_PROTOCOL_ERROR

在我的服务器上,当我检查时:

openssl s_client -crlf -debug -connect www.myhost.com:443 -status -servername www.myhost.com

我明白了:

...
124222757861008:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:782:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 323 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1494247901
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

最后,在我的Apache错误日志中,我可以看到:

[Sun May 07 20:06:53.419500 2017] [core:debug] [pid 18433] protocol.c(1275): [client xx.xx.xx.xx:52254] AH00566: request failed: malformed request line

简而言之,SSL已启用,端口是正确的,当我通过其hosts:端口呼叫时,Apache可以通过 . 但是,此端口无法调用我的证书并通过https打开我的主机 . 就像SSL被禁用了......!

你能给我一些解决方法吗?谢谢大家!

apache ssl https debian

1 回答

  • 0

    我遇到了和你一样的问题,这就是我解决它的方法 . [详情Site does not exist error for a2ensite]但是tl; dr是:

    • vhost配置文件必须以.conf结尾

    • 您必须将它放在sites-available目录中,然后

    • 您必须运行a2ensite才能启用该站点 .

    回复于

相关问题