我正在尝试将 SSL 证书添加到我的服务器,但是当我通过浏览器连接时,它会引发错误(Chrome 中为 ERR_SSL_PROTOCOL_ERROR)。
使用 testssh 确认了这一点(https://testssl.sh/)
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 not offered
TLS 1.3 not offered
在服务器上我可以看到 mod_ssl 和 openssl 已安装:
sudo yum list installed *ssl*
Loaded plugins: priorities, update-motd, upgrade-helper
Installed Packages
mod24_ssl.x86_64
openssl.x86_64
openssl-devel.x86_64
这是我的虚拟主机的 .conf 文件(*:80 除外):
<VirtualHost *:443>
ServerName freedomtospeakup.com
ServerAlias www.freedomtospeakup.com
DocumentRoot "/var/www/f2su"
DirectoryIndex index.php
ErrorLog /var/log/httpd/f2su-error_log
CustomLog /var/log/httpd/f2su-access_log combined
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRS
A+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLCertificateFile /etc/letsencrypt/live/freedomtospeakup.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/freedomtospeakup.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/freedomtospeakup.com/chain.pem
<Directory "/var/www/f2su">
AllowOverride All
Allow from All
</Directory>
</VirtualHost>
证书似乎没问题,这是我执行 sudo ./certbot-auto certificates 时得到的结果
Certificate Name: freedomtospeakup.com
Domains: freedomtospeakup.com www.freedomtospeakup.com
Expiry Date: 2019-10-27 12:53:18+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/freedomtospeakup.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/freedomtospeakup.com/privkey.pem
这是我迄今为止尝试过的:
- yum 更新(没有需要更新的软件包)
- 日期(正确)
- 重新启动服务器(无变化)
- 检查防火墙以确保 443 已打开(确实如此)
- 使用另一台正常运行的服务器检查了 ssl.conf(没有差异)
我还可以检查其他什么吗?