为什么我的 SSL 证书是自签名的?

tag-icon tag-icon apache-2.4 ssl-certificate centos7 lets-encrypt
为什么我的 SSL 证书是自签名的?

我按照以下步骤在网站上安装 SSL 证书;https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7。但是,由于证书是自签名的,因此该网站仍然不受信任。我不知道我做错了什么。

centos7 阿帕奇

运行 sudo certbot --apache -d Climatedata.ibs.re.kr -d www.climatedata.ibs.re.kr 后的输出

    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator apache, Installer apache
    Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for climatedata.ibs.re.kr
    http-01 challenge for www.climatedata.ibs.re.kr
    Waiting for verification...
    Cleaning up challenges
    Created an SSL vhost at /etc/httpd/sites-available/climatedata.ibs.re.kr-le-ssl.conf
    Deploying Certificate to VirtualHost /etc/httpd/sites-available/climatedata.ibs.re.kr-le-ssl.conf
    Enabling site /etc/httpd/sites-available/climatedata.ibs.re.kr-le-ssl.conf by adding Include to root configuration
    Deploying Certificate to VirtualHost /etc/httpd/sites-available/climatedata.ibs.re.kr-le-ssl.conf

    Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
    -------------------------------------------------------------------------------
    1: No redirect - Make no further changes to the webserver configuration.
    2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
    new sites, or if you're confident your site works on HTTPS. You can undo this
    change by editing your web server's configuration.
    -------------------------------------------------------------------------------
    Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
    Enhancement redirect was already set.
    Enhancement redirect was already set.

   -------------------------------------------------------------------------------
    Congratulations! You have successfully enabled https://climatedata.ibs.re.kr and 
    https://www.climatedata.ibs.re.kr

    You should test your configuration at:
    https://www.ssllabs.com/ssltest/analyze.html?d=climatedata.ibs.re.kr
    https://www.ssllabs.com/ssltest/analyze.html?d=www.climatedata.ibs.re.kr
    -------------------------------------------------------------------------------

我对此还很陌生,请告诉我应该提供哪些日志(如果有),我会将它们添加到这个帖子中。

答案1

certbot 似乎无法为 Climatedata.ibs.re.kr 写入 SSL 证书配置。此虚拟主机仍在提供自签名证书。另一个虚拟主机 www.climatedata.ibs.re.kr 似乎正在提供 Let's Encrypt 证书。

也许那些错误“增强重定向已设置。”与此有关。

无论如何,我只会自己修复 Apache 配置。

我并不特别相信 certbot 能够正确地进行配置编辑;很容易出现一些令它感到困惑的情况。

相关内容