Ubuntu 上的 SSL 证书

tag-icon tag-icon ubuntu ssl
Ubuntu 上的 SSL 证书

大家好,我在 ubuntu 服务器上托管了几个网站,不幸的是,我重启了服务器,证书就失效了

我的网站是 www.prometheas.it 和 www.offertegaseluce.it

让我们以普罗米修斯 (prometheas) 为例:

我的.htaccess:

RewriteEngine On
Options -Indexes
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/energia/?$ 
RewriteCond %{REQUEST_URI} !^/phpmyadmin/?$ 
RewriteRule ^([^/]+)/([^/]+)$ /?p=$1&var=$2
RewriteRule ^([^/]+)/$ /?p=$1

RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(www\.)?prometheas\.it$ 
RewriteRule ^(.*)$ https://www.prometheas.it/$1

如您所见,我不想将规则应用于目录 energia 和 phpmyadmin,并且我想将所有流量发送到https://www

重启后我更新了所有证书https://www.sslforfree.com

<VirtualHost *:443>
ServerAdmin [email protected]
ServerName prometheas.it
ServerAlias *.prometheas.it
DocumentRoot /var/www/prometheas
ErrorLog /var/www/prometheas-ssl-error_log
CustomLog /var/www/prometheas-access_log common
<Directory /var/www/prometheas/>
    Options FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
RewriteEngine on
SSLEngine on
SSLCertificateFile /var/www/prometheas/certificate/certificate.crt
SSLCertificateKeyFile /var/www/prometheas/certificate/private.key
SSLCertificateChainFile /var/www/prometheas/certificate/ca_bundle.crt
</VirtualHost>

端口已打开

root@blueserver:~# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
25                         ALLOW       Anywhere
993                        ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
993                        ALLOW       Anywhere (v6)
443/tcp                    ALLOW       Anywhere (v6)

root@blueserver:~# sudo lsof -i -P -n | grep LISTEN

sshd        486     root    3r  IPv4    6978      0t0  TCP *:22 (LISTEN)
sshd        486     root    4u  IPv6    6980      0t0  TCP *:22 (LISTEN)
vsftpd      521     root    3u  IPv4    7087      0t0  TCP *:21 (LISTEN)
glance-re   534   glance    4u  IPv4    8332      0t0  TCP *:9191 (LISTEN)
glance-ap   535   glance    4u  IPv4    8330      0t0  TCP *:9292 (LISTEN)
dovecot     680     root   15u  IPv4    7422      0t0  TCP *:4190 (LISTEN)
dovecot     680     root   16u  IPv6    7423      0t0  TCP *:4190 (LISTEN)
dovecot     680     root   20u  IPv4    7430      0t0  TCP *:110 (LISTEN)
dovecot     680     root   21u  IPv6    7431      0t0  TCP *:110 (LISTEN)
dovecot     680     root   22u  IPv4    7432      0t0  TCP *:995 (LISTEN)
dovecot     680     root   23u  IPv6    7433      0t0  TCP *:995 (LISTEN)
dovecot     680     root   27u  IPv4    7440      0t0  TCP *:143 (LISTEN)
dovecot     680     root   28u  IPv6    7441      0t0  TCP *:143 (LISTEN)
dovecot     680     root   29u  IPv4    7442      0t0  TCP *:993 (LISTEN)
dovecot     680     root   30u  IPv6    7443      0t0  TCP *:993 (LISTEN)
nrpe        812   nagios    4u  IPv4    7384      0t0  TCP *:5666 (LISTEN)
opendkim    882 opendkim    7u  IPv4    7591      0t0  TCP 127.0.0.1:8891 (LISTEN)
apache2     916     root    3u  IPv4 2038403      0t0  TCP *:80 (LISTEN)
apache2     916     root    4u  IPv4 2038405      0t0  TCP *:443 (LISTEN)
master     1012     root   12u  IPv4    7923      0t0  TCP *:25 (LISTEN)
master     1012     root   13u  IPv6    7924      0t0  TCP *:25 (LISTEN)
master     1012     root   17u  IPv4    7929      0t0  TCP *:465 (LISTEN)
master     1012     root   18u  IPv6    7930      0t0  TCP *:465 (LISTEN)
apache2    3073 www-data    3u  IPv4 2038403      0t0  TCP *:80 (LISTEN)
apache2    3073 www-data    4u  IPv4 2038405      0t0  TCP *:443 (LISTEN)
apache2    3074 www-data    3u  IPv4 2038403      0t0  TCP *:80 (LISTEN)
apache2    3074 www-data    4u  IPv4 2038405      0t0  TCP *:443 (LISTEN)
apache2    4445 www-data    3u  IPv4 2038403      0t0  TCP *:80 (LISTEN)
apache2    4445 www-data    4u  IPv4 2038405      0t0  TCP *:443 (LISTEN)
apache2    6760 www-data    3u  IPv4 2038403      0t0  TCP *:80 (LISTEN)
apache2    6760 www-data    4u  IPv4 2038405      0t0  TCP *:443 (LISTEN)
apache2    6865 www-data    3u  IPv4 2038403      0t0  TCP *:80 (LISTEN)
apache2    6865 www-data    4u  IPv4 2038405      0t0  TCP *:443 (LISTEN)
apache2    6874 www-data    3u  IPv4 2038403      0t0  TCP *:80 (LISTEN)
apache2    6874 www-data    4u  IPv4 2038405      0t0  TCP *:443 (LISTEN)
apache2    7327 www-data    3u  IPv4 2038403      0t0  TCP *:80 (LISTEN)
apache2    7327 www-data    4u  IPv4 2038405      0t0  TCP *:443 (LISTEN)
apache2    7625 www-data    3u  IPv4 2038403      0t0  TCP *:80 (LISTEN)
apache2    7625 www-data    4u  IPv4 2038405      0t0  TCP *:443 (LISTEN)
apache2    7730 www-data    3u  IPv4 2038403      0t0  TCP *:80 (LISTEN)
apache2    7730 www-data    4u  IPv4 2038405      0t0  TCP *:443 (LISTEN)
apache2    9270 www-data    3u  IPv4 2038403      0t0  TCP *:80 (LISTEN)
apache2    9270 www-data    4u  IPv4 2038405      0t0  TCP *:443 (LISTEN)
vsftpd    10285   nobody    5u  IPv4 2078108      0t0  TCP 10.12.8.5:50380 (LISTEN)
mysqld    29101    mysql   10u  IPv4  151184      0t0  TCP 127.0.0.1:3306 (LISTEN)

muduls 已启用

a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled

相关内容