SSL 的问题:服务器证书是 CA 证书

tag-icon tag-icon apache-2.4 domain openssl local-area-network ubuntu-20.04
SSL 的问题:服务器证书是 CA 证书

我的局域网上有一个自托管的 lubuntu 服务器,它有一些对我的网络有用的服务(/var/www/html 中的 wordpress、owncloud 和 flask 应用程序)。问题是几天前我安装了一个自签名 ssl 证书,它运行正常,但现在我出现了以下错误:

[Tue Nov 24 17:06:00.072579 2020] [mpm_prefork:notice] [pid 8938] AH00169: caught SIGTERM, shutting down
[Tue Nov 24 17:06:00.334836 2020] [ssl:warn] [pid 9005] AH01906: miservidor.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 24 17:06:00.461929 2020] [ssl:warn] [pid 9019] AH01906: miservidor.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 24 17:06:00.507795 2020] [mpm_prefork:notice] [pid 9019] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1g mod_wsgi/4.6.8 Python/2.7 configured -- resuming normal operations
[Tue Nov 24 17:06:00.516896 2020] [core:notice] [pid 9019] AH00094: Command line: '/usr/sbin/apache2'

这些是我的配置文件:

/etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName www.miservidor.com
        Redirect / https://miservidor.com/

        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        <Directory /var/www/html/>
            AllowOverride All
            Require all granted
        </Directory>
</VirtualHost>

/etc/apache2/sites-available/default-ssl.conf

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerName miservidor.com
                DocumentRoot /var/www/html
                ServerAlias www.miservidor.com
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                SSLEngine on
                SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
                SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
                SSLUseStapling off
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
           <Directory /var/www>
                AllowOverride All
                Require all granted
           </Directory>

        </VirtualHost>
</IfModule>

自从它生效以来,我创建了多个证书,但都没有成功。我可以直接使用我的 IP 访问我的服务器,但不能使用域名。有什么想法吗?提前致谢。

[编辑]

运行命令后:

wget -o log.txt miservidor.com

输出为:

--2020-11-25 09:47:29--  http://miservidor.com/
Resolving miservidor.com (miservidor.com)... 82.98.135.44
Connecting to miservidor.com (miservidor.com)|82.98.135.44|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://hosting.tucuenta.es/cart.php?gid=1 [following]
--2020-11-25 09:47:30--  https://hosting.tucuenta.es/cart.php?gid=1
Resolving hosting.tucuenta.es (hosting.tucuenta.es)... 82.98.134.62
Connecting to hosting.tucuenta.es (hosting.tucuenta.es)|82.98.134.62|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: 'index.html.3'

     0K .......... .......... .......... ...                   1.60M=0.02s

2020-11-25 09:47:41 (1.60 MB/s) - 'index.html.3' saved [34578]

问题是,下载的页面不是我局域网上的服务器,而是互联网上的另一个页面。

[编辑] 如果我尝试使用以下命令访问,则会出现以下输出:

wget -o log.txt https://192.168.1.189


--2020-11-25 09:59:10--  https://192.168.1.189/
Connecting to 192.168.1.189:443... connected.
ERROR: The certificate of '192.168.1.189' is not trusted.
ERROR: The certificate of '192.168.1.189' doesn't have a known issuer.
The certificate's owner does not match hostname '192.168.1.189'

答案1

您的 DNS 服务器正在解析错误的主机名 IP 地址。

更正您的 DNS 条目。

相关内容