Ubuntu 服务器上的 Apache2 SSL 证书被覆盖

tag-icon tag-icon server apache2 ssl openssl
Ubuntu 服务器上的 Apache2 SSL 证书被覆盖

我的网络服务器是eternialogic.com instantssl.com,我有一个免费的 90 天许可证密钥。

每当我转到时eternialogic.com,它都会说该证书是“自签名的” ubuntu

错误日志:

[Wed Oct 14 17:14:57.863602 2015] [ssl:warn] [pid 31565] AH01909: RSA certificate configured for eternialogic.com:443 does NOT include an ID which matches the server name
[Wed Oct 14 17:14:57.864075 2015] [ssl:warn] [pid 31565] AH01909: RSA certificate configured for eternialogic.com:443 does NOT include an ID which matches the server name
[Wed Oct 14 17:14:57.864182 2015] [ssl:warn] [pid 31565] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Oct 14 17:14:57.908892 2015] [ssl:warn] [pid 31567] AH01909: RSA certificate configured for eternialogic.com:443 does NOT include an ID which matches the server name
[Wed Oct 14 17:14:57.909307 2015] [ssl:warn] [pid 31567] AH01909: RSA certificate configured for eternialogic.com:443 does NOT include an ID which matches the server name
[Wed Oct 14 17:14:57.909416 2015] [ssl:warn] [pid 31567] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Oct 14 17:14:57.914767 2015] [mpm_prefork:notice] [pid 31567] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.13 OpenSSL/1.0.1f mod_wsgi/3.4 Python/2.7.6 configured -- resuming normal operations
[Wed Oct 14 17:14:57.914806 2015] [core:notice] [pid 31567] AH00094: Command line: '/usr/sbin/apache2'

默认-ssl.conf:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName eternialogic.com

        DocumentRoot /var/www/

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile  /etc/apache2/ssl/eternialogic_com.crt
        SSLCertificateKeyFile /etc/apache2/ssl/ssl.private.key
        SSLCertificateChainFile /etc/apache2/ssl/eternialogic_com.ca-bundle
        #SSLCertificateFile /etc/apache2/ssl/eternialogic_com.ca-bundle

        #   Server Certificate Chain:
        #   Point SSLCertificateChainFile at a file containing the
        #   concatenation of PEM encoded CA certificates which form the
        #   certificate chain for the server certificate. Alternatively
        #   the referenced file can be the same as SSLCertificateFile
        #   when the CA certificates are directly appended to the server
        #   certificate for convinience.


        DocumentRoot /var/www/
        <Directory />
            Options FollowSymLinks
            AllowOverride None
        </Directory>
        <Directory /var/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride None
            Order allow,deny
            allow from all
        </Directory>

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined

        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
            Options Indexes MultiViews FollowSymLinks
            AllowOverride None
            Order deny,allow
            Deny from all
            Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>
    </VirtualHost>
</IfModule> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

端口.conf:

Listen 83

<IfModule ssl_module>
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

答案1

Let's Encrypt 是最好的 SSL 提供商,提供免费的 SSL 证书,并且 Let's Encrypt 还提供自动续订功能,因此不仅可以很容易地安装,还可以每 3 个月自动续订一次。

安装 Let's Encrypt SSL 的说明

  • 打开 SSH 终端
  • 安装服务器依赖项sudo apt-get update
  • 安装 Git `sudo apt-get install git
  • 安装 Let's Encryptsudo git clone https://github.com/certbot/certbot /opt/letsencrypt
  • 转至目录cd /opt/letsencrypt
  • 在域上安装./certbot-auto –apache -d example.com -d www.example.com

就是这样!您还可以通过创建 cron 作业来自动执行更新任务。以下是该任务的来源 在 Ubuntu 中安装 SSL 并自动续订`

相关内容