我正在尝试在具有多个虚拟主机的 CentOS 服务器上设置 Letsencrypt。它在 Ubuntu 上似乎运行正常,我意识到执行该工作的脚本仅适用于 CentOS 上的单个域,但我认为我可以手动进行一些调整。遗憾的是,我只能让第一个虚拟主机在 https 上运行,这似乎更像是 Apache 的问题而不是 Letsencrypt 的问题,因为如果我反转顺序,上面的那个会正常工作,而之前我会收到错误。
虚拟主机的 ssl.conf 如下所示:
NameVirtualHost *:443
Listen 443
<VirtualHost *:443>
DocumentRoot "/var/www/html/domain1.com/laravel/public"
ServerName domain1.com:443
ServerAlias www.domain1.com:443
ErrorLog logs/domain1_ssl_error_log
TransferLog logs/domain1_ssl_access_log
LogLevel warn
Header set Access-Control-Allow-Origin "*"
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/letsencrypt/live/domain1.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain1.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain1.com/chain.pem
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/var/www/html/domain2.com/laravel/public"
ServerName domain2.com:443
ServerAlias www.domain2.com:443
ErrorLog logs/domain1_ssl_error_log
TransferLog logs/domain1_ssl_access_log
LogLevel warn
Header set Access-Control-Allow-Origin "*"
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES
SSLCertificateFile /etc/letsencrypt/live/domain2.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain2.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain2.com/chain.pem
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
答案1
我已经使用 Let's Encrypt 一段时间了,并且写了一些操作方法启动并运行它(特别是在 CentOS 6 和 CentOS 7 上 - 但没有理由它们不能在其他平台上运行)。
我没有在每个域的配置中附加 :443 VirtualHost
。我在另一个问题最近 - 我现在将我的配置分成多个文件(每个域一个,而不是有大量的vhosts.conf
文件ssl.conf
)。
我的基本 httpd.conf 中没有任何 SSL 引用 - 确保您没有意外地在那里设置某些东西。
正如我在另一个答案中所写,我的每个域的配置如下所示:
<VirtualHost *:80>
ServerName domain.tld
Redirect permanent / https://domain.tld/
</VirtualHost>
<VirtualHost *:443>
SSLCertificateFile /etc/letsencrypt/live/domain.tld/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.tld/fullchain.pem
DocumentRoot /var/www/domain
ServerName domain.tld
ErrorLog logs/domain-error_log
CustomLog logs/domain-access_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ServerAdmin [email protected]
SSLEngine on
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
<Directory "/var/www/domain">
Options All +Indexes +FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
和我的ssl.conf
:
#SSL options for all sites
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
Mutex sysvsem default
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
SSLCompression off
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256