我有一个 Let's Encrypt 为网站 (*.storyfortwo.com) 颁发的通配符证书。
当我去 http://storyfortwo.com或者http://www.storyfortwo.com(无 SSL)它们都被重定向到https://www.storyfortwo.com并且可以正确加载。
在https://www.storyfortwo.com(与 WWW) 一切也都很好。
当我去https://storyfortwo.com(没有 WWW),它会给我 ERR_CERT_COMMON_NAME_INVALID 错误。
我使用带有 VirtualHost 文件的 Apache2 (2.4.29):
<VirtualHost *:80>
ServerName storyfortwo.com
ServerAlias www.storyfortwo.com
DocumentRoot /var/www/storyfortwo.com/www
# Redirect Requests to SSL
Redirect permanent / https://www.storyfortwo.com/
</VirtualHost>
和
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName storyfortwo.com
ServerAlias www.storyfortwo.com
DocumentRoot /var/www/storyfortwo.com/www
ErrorLog ${APACHE_LOG_DIR}/storyfortwo.com.error.log
CustomLog ${APACHE_LOG_DIR}/storyfortwo.com.access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/storyfortwo.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/storyfortwo.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/storyfortwo.com/chain.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /var/www/storyfortwo.com/www>
SSLOptions +StdEnvVars
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
</IfModule>
我究竟做错了什么?
答案1
*.example.com不匹配example.com。您需要一个以裸域作为 CN(通配符常用)或 SAN(主题备用名称)的证书。
答案2
您是否已将域名storyfortwo.com添加到证书中?没有它就与证书中的storyfortwo.com通配符不匹配。*.storyfortwo.com