0
我想在我的Debian/Apache上启用SLL & Letsencrypt(通过Certbot)。在Debian上启用SSL
在ports.conf,两个端口80 & 443正在听:
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
启用SSL:
> a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled
而且我VirtualHosts配置如下: 我-host.conf中
<VirtualHost XX.XX.XX.XX:80>
ServerName www.myhost.com
ServerAlias myhost.com
Redirect/https://www.myhost.com
DocumentRoot /home/myhost/www/public/
CustomLog /var/log/apache2/myhost.com-access.log combined
ErrorLog /var/log/apache2/lmyhost.com-error.log
LogLevel warn
<Directory "/home/myhost/www/public/">
Require all granted
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
myhost.com-le-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost XX.XX.XX.XX:443>
ServerName www.myhost.com
ServerAlias myhost.com
# Redirect/https://www.myhost.com
DocumentRoot /home/myhost/www/public/
CustomLog /var/log/apache2/myhost.com-access.log combined
ErrorLog /var/log/apache2/myhost.com-error.log
LogLevel warn
<Directory "/home/myhost/www/public/">
Require all granted
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
SSLCertificateFile /etc/letsencrypt/live/www.myhost.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.myhost.com-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
当我试图去http:///www.myhost.com:443,它的工作原理。但随着https:///www.myhost.com我在Chrome的错误:
ERR_SSL_PROTOCOL_ERROR
我的服务器上,当我检查:
openssl s_client -crlf -debug -connect www.myhost.com:443 -status -servername www.myhost.com
我得到这个:
...
124222757861008:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:782:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 323 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1494247901
Timeout : 300 (sec)
Verify return code: 0 (ok)
最后,当我Apache错误日志,我可以看到:
[Sun May 07 20:06:53.419500 2017] [core:debug] [pid 18433] protocol.c(1275): [client xx.xx.xx.xx:52254] AH00566: request failed: malformed request line
简而言之,启用了SSL,端口是正确的,当我通过主机:端口调用Apache时,Apache可以通过。 但是,此端口无法调用我的证书并通过https打开我的主机。这就像SSL被禁用...!
你能给我一些方法来解决这个问题吗? 谢谢大家!
我试过这个......没有成功:/ 我现在重新安装了我的Debian及其作品。我不知道发生了什么...... 感谢您的回复! –