1. 首页
  2. 问答
  3. 在Debian上启用SSL

在Debian上启用SSL

2017-05-08 297 views
0

我想在我的Debian/Apache上启用SLL & Letsencrypt(通过Certbot)。在Debian上启用SSL

在ports.conf,两个端口80 & 443正在听:

Listen 80 

<IfModule ssl_module> 
     Listen 443 
</IfModule> 

<IfModule mod_gnutls.c> 
     Listen 443 
</IfModule>

启用SSL:

> a2enmod ssl 
Considering dependency setenvif for ssl: 
Module setenvif already enabled 
Considering dependency mime for ssl: 
Module mime already enabled 
Considering dependency socache_shmcb for ssl: 
Module socache_shmcb already enabled 
Module ssl already enabled

而且我VirtualHosts配置如下: 我-host.conf中

<VirtualHost XX.XX.XX.XX:80> 
     ServerName www.myhost.com 
     ServerAlias myhost.com 
     Redirect/https://www.myhost.com 
     DocumentRoot /home/myhost/www/public/ 
     CustomLog /var/log/apache2/myhost.com-access.log combined 
     ErrorLog /var/log/apache2/lmyhost.com-error.log 
     LogLevel warn 
     <Directory "/home/myhost/www/public/"> 
       Require all granted 
       Options Indexes FollowSymLinks MultiViews 
       AllowOverride All 
       Order allow,deny 
       allow from all 
     </Directory> 
</VirtualHost>

myhost.com-le-ssl.conf:

<IfModule mod_ssl.c> 
<VirtualHost XX.XX.XX.XX:443> 
     ServerName www.myhost.com 
     ServerAlias myhost.com 
#  Redirect/https://www.myhost.com 
     DocumentRoot /home/myhost/www/public/ 
     CustomLog /var/log/apache2/myhost.com-access.log combined 
     ErrorLog /var/log/apache2/myhost.com-error.log 
     LogLevel warn 
     <Directory "/home/myhost/www/public/"> 
       Require all granted 
       Options Indexes FollowSymLinks MultiViews 
       AllowOverride All 
       Order allow,deny 
       allow from all 
     </Directory> 
SSLCertificateFile /etc/letsencrypt/live/www.myhost.com-0001/fullchain.pem 
SSLCertificateKeyFile /etc/letsencrypt/live/www.myhost.com-0001/privkey.pem 
Include /etc/letsencrypt/options-ssl-apache.conf 
</VirtualHost> 
</IfModule>

当我试图去http:///www.myhost.com:443,它的工作原理。但随着https:///www.myhost.com我在Chrome的错误:

ERR_SSL_PROTOCOL_ERROR

我的服务器上,当我检查:

openssl s_client -crlf -debug -connect www.myhost.com:443 -status -servername www.myhost.com

我得到这个:

... 
124222757861008:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:782: 
--- 
no peer certificate available 
--- 
No client certificate CA names sent 
--- 
SSL handshake has read 7 bytes and written 323 bytes 
--- 
New, (NONE), Cipher is (NONE) 
Secure Renegotiation IS NOT supported 
Compression: NONE 
Expansion: NONE 
SSL-Session: 
    Protocol : TLSv1.2 
    Cipher : 0000 
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg : None 
    PSK identity: None 
    PSK identity hint: None 
    SRP username: None 
    Start Time: 1494247901 
    Timeout : 300 (sec) 
    Verify return code: 0 (ok)

最后,当我Apache错误日志,我可以看到:

[Sun May 07 20:06:53.419500 2017] [core:debug] [pid 18433] protocol.c(1275): [client xx.xx.xx.xx:52254] AH00566: request failed: malformed request line

简而言之,启用了SSL,端口是正确的,当我通过主机:端口调用Apache时,Apache可以通过。 但是,此端口无法调用我的证书并通过https打开我的主机。这就像SSL被禁用...!

你能给我一些方法来解决这个问题吗? 谢谢大家!

来源

2017-05-08 Cédric

回答

0

我有和你一样的问题,这就是我解决问题的方法。 [在Site does not exist error for a2ensite详情]但文艺青年最爱的是:

  1. 虚拟主机配置文件必须以.conf
  2. 结束,你必须把它放在网站可用的目录,然后
  3. 你有运行a2ensite以启用该网站。

来源

2017-05-26 19:39:20 PeterToTheThird

+0

我试过这个......没有成功:/ 我现在重新安装了我的Debian及其作品。我不知道发生了什么...... 感谢您的回复! –

相关问题

 相关问题