我是一名新手 Apache 管理员,请耐心等待!
我在单个 IP 上有一个 Apache 服务器,在 http 上托管多个虚拟主机。我现在正在尝试安装证书以启用 HTTPS,但没有成功。
该conf
文件如下所示:
Listen 443
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so
NameVirtualHost www.mark3technologies.com:443
<VirtualHost www.mark3technologies.com:443>
DocumentRoot "<path>/mark3technologies"
ServerName www.mark3technologies.com
ServerAlias mark3technologies.com
ServerAdmin [email protected]
SSLEngine on
SSLCertificateFile "<path>/mark3technologies.com.crt"
SSLCertificateKeyFile "<path>/mark3technologies.com.key"
SSLCaCertificateFile "<path>/AlphaSSL_SHA-256R1IntCert.crt"
<Directory "<path>/mark3technologies">
Options -Indexes +FollowSymLinks
Require all granted
</Directory>
LogLevel debug
</VirtualHost>
SSLSessionCache shmcb:/etc/httpd/ssl_scache(512000)
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCompression off
<VirtualHost *:80>
DocumentRoot "<path>/mark3technologies"
ServerName www.mark3technologies.com
ServerAlias mark3technologies.com
ServerAdmin [email protected]
<Directory "<path>/mark3technologies">
Options -Indexes +FollowSymLinks
Require all granted
</Directory>
LogLevel warn
</VirtualHost>
apachectl -S
看起来也合理......
AH00548: NameVirtualHost has no effect and will be removed in the next release <path>/vserver.conf:44
VirtualHost configuration:
54.247.123.104:443 www.mark3technologies.com (<path>/vserver.conf:45)
*:80 is a NameVirtualHost
default server cdmh.co.uk (<path>/vserver.conf:12)
port 80 namevhost cdmh.co.uk (<path>/vserver.conf:12)
alias cdmh.co.uk
alias craighenderson.co.uk
wild alias *.cdmh.co.uk
wild alias *.craighenderson.co.uk
port 80 namevhost runmotivator.com (<path>/vserver.conf:28)
alias runmotivator.com
wild alias *.runmotivator.com
port 80 namevhost www.mark3technologies.com (<path>/vserver.conf:71)
alias mark3technologies.com
port 80 namevhost www.sonningcommonmagazine.com (<path>/vserver.conf:86)
alias sonningcommonmagazine.org
wild alias *.sonningcommonmagazine.org
wild alias *.sonningcommonmagazine.com
读起来error.log
好像运行正常。
AH01914: Configuring server www.mark3technologies.com:443 for SSL protocol
ssl_engine_init.c(1665): AH: Init: (www.mark3technologies.com:443) mod_md support is unavailable.
ssl_engine_init.c(1949): AH02209: CA certificate: CN=AlphaSSL CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE
ssl_engine_init.c(492): AH01893: Configuring TLS extension handling
ssl_util_ssl.c(470): AH02412: [www.mark3technologies.com:443] Cert matches for name 'www.mark3technologies.com' [subject: CN=www.mark3technologies.com,OU=Domain Control Validated / issuer: CN=AlphaSSL CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE / serial: 016DD49AA34CB94BA2610089 / notbefore: Oct 28 14:01:28 2019 GMT / notafter: Oct 28 14:01:28 2020 GMT]
AH02568: Certificate and private key www.mark3technologies.com:443:0 configured from /home/ubuntu/www/sites/mark3technologies.com.crt and /home/ubuntu/www/sites/mark3technologies.com.key
AH01914: Configuring server www.mark3technologies.com:443 for SSL protocol
ssl_engine_init.c(1665): AH: Init: (www.mark3technologies.com:443) mod_md support is unavailable.
ssl_engine_init.c(1949): AH02209: CA certificate: CN=AlphaSSL CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE
ssl_engine_init.c(492): AH01893: Configuring TLS extension handling
ssl_util_ssl.c(470): AH02412: [www.mark3technologies.com:443] Cert matches for name 'www.mark3technologies.com' [subject: CN=www.mark3technologies.com,OU=Domain Control Validated / issuer: CN=AlphaSSL CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE / serial: 016DD49AA34CB94BA2610089 / notbefore: Oct 28 14:01:28 2019 GMT / notafter: Oct 28 14:01:28 2020 GMT]
AH02568: Certificate and private key www.mark3technologies.com:443:0 configured from /home/ubuntu/www/sites/mark3technologies.com.crt and /home/ubuntu/www/sites/mark3technologies.com.key
AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1a configured -- resuming normal operations
AH00094: Command line: '/usr/sbin/apache2'
当我通过 HTTP 浏览网站时一切正常,但使用 HTTPS 时服务器没有响应,而且我根本没有收到任何错误。
防火墙:
$ sudo ufw status
WARN: Duplicate profile 'Apache', using last found
WARN: Duplicate profile 'Apache Secure', using last found
WARN: Duplicate profile 'Apache Full', using last found
Status: active
To Action From
-- ------ ----
443/tcp ALLOW Anywhere
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
看起来我已经非常接近了;请问最后要克服的障碍是什么?