大家好,我在 ubuntu 服务器上托管了几个网站,不幸的是,我重启了服务器,证书就失效了
我的网站是 www.prometheas.it 和 www.offertegaseluce.it
让我们以普罗米修斯 (prometheas) 为例:
我的.htaccess:
RewriteEngine On
Options -Indexes
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/energia/?$
RewriteCond %{REQUEST_URI} !^/phpmyadmin/?$
RewriteRule ^([^/]+)/([^/]+)$ /?p=$1&var=$2
RewriteRule ^([^/]+)/$ /?p=$1
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?prometheas\.it$
RewriteRule ^(.*)$ https://www.prometheas.it/$1
如您所见,我不想将规则应用于目录 energia 和 phpmyadmin,并且我想将所有流量发送到https://www。
重启后我更新了所有证书https://www.sslforfree.com
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName prometheas.it
ServerAlias *.prometheas.it
DocumentRoot /var/www/prometheas
ErrorLog /var/www/prometheas-ssl-error_log
CustomLog /var/www/prometheas-access_log common
<Directory /var/www/prometheas/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
RewriteEngine on
SSLEngine on
SSLCertificateFile /var/www/prometheas/certificate/certificate.crt
SSLCertificateKeyFile /var/www/prometheas/certificate/private.key
SSLCertificateChainFile /var/www/prometheas/certificate/ca_bundle.crt
</VirtualHost>
端口已打开
root@blueserver:~# sudo ufw status
Status: active
To Action From
-- ------ ----
25 ALLOW Anywhere
993 ALLOW Anywhere
443/tcp ALLOW Anywhere
993 ALLOW Anywhere (v6)
443/tcp ALLOW Anywhere (v6)
root@blueserver:~# sudo lsof -i -P -n | grep LISTEN
sshd 486 root 3r IPv4 6978 0t0 TCP *:22 (LISTEN)
sshd 486 root 4u IPv6 6980 0t0 TCP *:22 (LISTEN)
vsftpd 521 root 3u IPv4 7087 0t0 TCP *:21 (LISTEN)
glance-re 534 glance 4u IPv4 8332 0t0 TCP *:9191 (LISTEN)
glance-ap 535 glance 4u IPv4 8330 0t0 TCP *:9292 (LISTEN)
dovecot 680 root 15u IPv4 7422 0t0 TCP *:4190 (LISTEN)
dovecot 680 root 16u IPv6 7423 0t0 TCP *:4190 (LISTEN)
dovecot 680 root 20u IPv4 7430 0t0 TCP *:110 (LISTEN)
dovecot 680 root 21u IPv6 7431 0t0 TCP *:110 (LISTEN)
dovecot 680 root 22u IPv4 7432 0t0 TCP *:995 (LISTEN)
dovecot 680 root 23u IPv6 7433 0t0 TCP *:995 (LISTEN)
dovecot 680 root 27u IPv4 7440 0t0 TCP *:143 (LISTEN)
dovecot 680 root 28u IPv6 7441 0t0 TCP *:143 (LISTEN)
dovecot 680 root 29u IPv4 7442 0t0 TCP *:993 (LISTEN)
dovecot 680 root 30u IPv6 7443 0t0 TCP *:993 (LISTEN)
nrpe 812 nagios 4u IPv4 7384 0t0 TCP *:5666 (LISTEN)
opendkim 882 opendkim 7u IPv4 7591 0t0 TCP 127.0.0.1:8891 (LISTEN)
apache2 916 root 3u IPv4 2038403 0t0 TCP *:80 (LISTEN)
apache2 916 root 4u IPv4 2038405 0t0 TCP *:443 (LISTEN)
master 1012 root 12u IPv4 7923 0t0 TCP *:25 (LISTEN)
master 1012 root 13u IPv6 7924 0t0 TCP *:25 (LISTEN)
master 1012 root 17u IPv4 7929 0t0 TCP *:465 (LISTEN)
master 1012 root 18u IPv6 7930 0t0 TCP *:465 (LISTEN)
apache2 3073 www-data 3u IPv4 2038403 0t0 TCP *:80 (LISTEN)
apache2 3073 www-data 4u IPv4 2038405 0t0 TCP *:443 (LISTEN)
apache2 3074 www-data 3u IPv4 2038403 0t0 TCP *:80 (LISTEN)
apache2 3074 www-data 4u IPv4 2038405 0t0 TCP *:443 (LISTEN)
apache2 4445 www-data 3u IPv4 2038403 0t0 TCP *:80 (LISTEN)
apache2 4445 www-data 4u IPv4 2038405 0t0 TCP *:443 (LISTEN)
apache2 6760 www-data 3u IPv4 2038403 0t0 TCP *:80 (LISTEN)
apache2 6760 www-data 4u IPv4 2038405 0t0 TCP *:443 (LISTEN)
apache2 6865 www-data 3u IPv4 2038403 0t0 TCP *:80 (LISTEN)
apache2 6865 www-data 4u IPv4 2038405 0t0 TCP *:443 (LISTEN)
apache2 6874 www-data 3u IPv4 2038403 0t0 TCP *:80 (LISTEN)
apache2 6874 www-data 4u IPv4 2038405 0t0 TCP *:443 (LISTEN)
apache2 7327 www-data 3u IPv4 2038403 0t0 TCP *:80 (LISTEN)
apache2 7327 www-data 4u IPv4 2038405 0t0 TCP *:443 (LISTEN)
apache2 7625 www-data 3u IPv4 2038403 0t0 TCP *:80 (LISTEN)
apache2 7625 www-data 4u IPv4 2038405 0t0 TCP *:443 (LISTEN)
apache2 7730 www-data 3u IPv4 2038403 0t0 TCP *:80 (LISTEN)
apache2 7730 www-data 4u IPv4 2038405 0t0 TCP *:443 (LISTEN)
apache2 9270 www-data 3u IPv4 2038403 0t0 TCP *:80 (LISTEN)
apache2 9270 www-data 4u IPv4 2038405 0t0 TCP *:443 (LISTEN)
vsftpd 10285 nobody 5u IPv4 2078108 0t0 TCP 10.12.8.5:50380 (LISTEN)
mysqld 29101 mysql 10u IPv4 151184 0t0 TCP 127.0.0.1:3306 (LISTEN)
muduls 已启用
a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled