我按照以下步骤在网站上安装 SSL 证书;https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7。但是,由于证书是自签名的,因此该网站仍然不受信任。我不知道我做错了什么。
centos7 阿帕奇
运行 sudo certbot --apache -d Climatedata.ibs.re.kr -d www.climatedata.ibs.re.kr 后的输出
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for climatedata.ibs.re.kr
http-01 challenge for www.climatedata.ibs.re.kr
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/httpd/sites-available/climatedata.ibs.re.kr-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/sites-available/climatedata.ibs.re.kr-le-ssl.conf
Enabling site /etc/httpd/sites-available/climatedata.ibs.re.kr-le-ssl.conf by adding Include to root configuration
Deploying Certificate to VirtualHost /etc/httpd/sites-available/climatedata.ibs.re.kr-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enhancement redirect was already set.
Enhancement redirect was already set.
-------------------------------------------------------------------------------
Congratulations! You have successfully enabled https://climatedata.ibs.re.kr and
https://www.climatedata.ibs.re.kr
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=climatedata.ibs.re.kr
https://www.ssllabs.com/ssltest/analyze.html?d=www.climatedata.ibs.re.kr
-------------------------------------------------------------------------------
我对此还很陌生,请告诉我应该提供哪些日志(如果有),我会将它们添加到这个帖子中。
答案1
certbot 似乎无法为 Climatedata.ibs.re.kr 写入 SSL 证书配置。此虚拟主机仍在提供自签名证书。另一个虚拟主机 www.climatedata.ibs.re.kr 似乎正在提供 Let's Encrypt 证书。
也许那些错误“增强重定向已设置。”与此有关。
无论如何,我只会自己修复 Apache 配置。
我并不特别相信 certbot 能够正确地进行配置编辑;很容易出现一些令它感到困惑的情况。