我正在尝试让 Telegram Webhook 与我的本地机器一起工作,但它没有发出请求。我认为这是因为证书问题
以下是 geocerts.com/ssl-checker 的内容:
这是我的 Apache 配置:
<IfModule ssl_module>
<VirtualHost *:%httpsport%>
DocumentRoot "%hostdir%"
ServerName "%host%"
ServerAlias "%host%" %aliases%
ScriptAlias /cgi-bin/ "%hostdir%/cgi-bin/"
SSLEngine on
#Header always set Strict-Transport-Security "max-age=94608000"
SSLCACertificateFile "%sprogdir%/userdata/config/cert_files/xxx/xxx-rootCA.crt"
SSLCertificateChainFile "%sprogdir%/userdata/config/cert_files/xxx/xxx-bundle.crt"
SSLCertificateFile "%sprogdir%/userdata/config/cert_files/xxx/xxx-server.crt"
SSLCertificateKeyFile "%sprogdir%/userdata/config/cert_files/xxx/xxx-server.key"
SetEnvIf User-Agent ".*MSIE [1-5].*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
SetEnvIf User-Agent ".*MSIE [6-9].*" \
ssl-unclean-shutdown
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "%hostdir%/cgi-bin/">
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
我使用以下脚本生成了这些证书:
: Version 1.0
: Author unknown (improved by Kama - wp-kama.ru)
@echo off
: parameters
set DOM=xxx.info
set DOM_KEY=xxx
set APACHE_VER=Apache-PHP-7.2-x64
: create .txt config file
set config_txt=generate-temp-config.txt
(
echo nsComment = "Open Server Panel Generated Certificate"
echo basicConstraints = CA:false
echo subjectKeyIdentifier = hash
echo authorityKeyIdentifier = keyid,issuer
echo keyUsage = nonRepudiation, digitalSignature, keyEncipherment
echo.
echo subjectAltName = @alt_names
echo [alt_names]
echo DNS.1 = %DOM%
echo DNS.2 = www.%DOM%
) > %config_txt%
mkdir %DOM_KEY%
set OSAPACHE_DIR=%~dp0..\..\..\modules\http\%APACHE_VER%
set OPENSSL_CONF=%OSAPACHE_DIR%\conf\openssl.cnf
"%OSAPACHE_DIR%\bin\openssl" req -x509 -sha256 -newkey rsa:2048 -nodes -days 5475 -keyout %DOM_KEY%\%DOM_KEY%-rootCA.key -out %DOM_KEY%\%DOM_KEY%-rootCA.crt -subj /CN=OSPanel-%DOM_KEY%/
"%OSAPACHE_DIR%\bin\openssl" req -newkey rsa:2048 -nodes -days 5475 -keyout %DOM_KEY%/%DOM_KEY%-server.key -out %DOM_KEY%\%DOM_KEY%-server.csr -subj /CN=%DOM_KEY%/
"%OSAPACHE_DIR%\bin\openssl" x509 -req -sha256 -days 5475 -in %DOM_KEY%\%DOM_KEY%-server.csr -extfile %config_txt% -CA %DOM_KEY%\%DOM_KEY%-rootCA.crt -CAkey %DOM_KEY%\%DOM_KEY%-rootCA.key -CAcreateserial -out %DOM_KEY%\%DOM_KEY%-server.crt
"%OSAPACHE_DIR%\bin\openssl" dhparam -out %DOM_KEY%\%DOM_KEY%-dhparam.pem 2048
del %DOM_KEY%\%DOM_KEY%-server.csr
del %DOM_KEY%\%DOM_KEY%-dhparam.pem
del %DOM_KEY%\%DOM_KEY%-rootCA.srl
del %config_txt%
pause
我不太熟悉证书,而且目前也没有太多时间,所以我需要帮助。
答案1
您自己生成证书,当然没有其他人会信任它们;这就是证书的全部意义所在。
您应该从公共认证机构获取证书(或使用免费解决方案,如 Let's Encrypt)。