我在 Apache 2.4 网络服务器上运行两个网站。它配置为 NameBaseVhost,并且都有自己的通配符 SSL 证书(*.site1.com 和 *.site2.com),由 Godaddy 颁发。一切正常。当我通过其子域 www.site1.com 和 www.site2.com 访问网站时,它运行正常。Apache 有一个重写规则将 http 重定向到 https,因此两个网站都可以完美重定向。
现在的问题是,当我将根域重定向到 www 时,对于 site2.com 会出现错误。
Error code: ssl_error_bad_cert_domain
site2.com uses an invalid security certificate.
The certificate is only valid for the following names:
*.site1.com, site1.com
site1.com 的 Httpd 配置
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R]
# Redirect root domain to www
RewriteCond %{HTTP_HOST} ^site1\.com$ [NC]
RewriteRule ^(.*)$ https://www.site1.com/$1 [R=301,L]
<VirtualHost *:443>
ServerName www.site1.com
DocumentRoot /var/www/html/site1/public/
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/site1/site1.crt
SSLCertificateKeyFile /etc/pki/tls/private/site1/site1.key
SSLCertificateChainFile /etc/pki/tls/certs/site1/gd_site1.crt
Header always set Strict-Transport-Security "max-age=31536000;
</VirtualHost>
site2.com 的 Httpd 配置
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R]
# Redirect root domain to www
RewriteCond %{HTTP_HOST} ^site2\.com$ [NC]
RewriteRule ^(.*)$ https://www.site2.com/$1 [R=301,L]
<VirtualHost *:443>
ServerName www.site2.com
DocumentRoot /var/www/html/site2/public/
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/site2/site2.crt
SSLCertificateKeyFile /etc/pki/tls/private/site2/site2.key
SSLCertificateChainFile /etc/pki/tls/certs/site2/gd_site2.crt
Header always set Strict-Transport-Security "max-age=31536000;
</VirtualHost>
如何解决这个问题?
答案1
<VirtualHost *:443>问题在于VHost 中的使用。请使用网站的特定 IP 地址,否则所有 SSL 流量都将通过第一个 VHost 条目路由。