我的网络服务器已配置 Let's Encrypt(CentOS 6.10,Apache 2.2)。当我使用Qualsys 的 SSL 实验室,我收到以下警告:
连锁问题:顺序错误、额外证书
我的 Apache 配置文件如下所示:
SSLCertificateFile /etc/letsencrypt/live/my.domain/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.domain/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/my.domain/fullchain.pem
我怎样才能消除这个警告?
答案1
问题是您正在使用fullchain.pem
。由于您使用的是 Apache 2.2,为了避免重复证书,您只需使用chain.pem
,如下所示:
SSLCertificateFile /etc/letsencrypt/live/my.domain/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.domain/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/my.domain/chain.pem
使用 Apache 2.4 您还可以删除SSLCertificateChainFile
指令并将更改SSLCertificateFile
为链接fullchain.pem
,如下所示:
SSLCertificateFile /etc/letsencrypt/live/my.domain/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.domain/privkey.pem
参考:https://community.letsencrypt.org/t/incorrect-order-and-extra-certificate-error/8759