我有以下情况:
在我的 www 服务器 ( Apache2, ) 上,我拥有颁发的Debian armhfHTTPS 证书。从浏览器 ( , ) 访问服务器时一切正常,但当我尝试或时,HTTPS 证书未被接受。letsencrypt.orgcertbotFirefoxChromiumgitwget
但是我只能在部分电脑上观察到这种情况,我尝试过这种方法,但在其他电脑上没有。5
台电脑的输出:
电脑 0 和 4(不工作):
0.b:~> wget https://rnk.bicyclesonthemoon.info
--2023-05-12 00:12:47-- https://rnk.bicyclesonthemoon.info/
Resolving rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)... 192.168.1.4
Connecting to rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)|192.168.1.4|:443... connected.
ERROR: The certificate of ‘rnk.bicyclesonthemoon.info’ is not trusted.
ERROR: The certificate of ‘rnk.bicyclesonthemoon.info’ has expired.
4.b:~> wget https://rnk.bicyclesonthemoon.info
--2023-05-12 02:14:32-- https://rnk.bicyclesonthemoon.info/
Resolving rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)... 192.168.1.4
Connecting to rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)|192.168.1.4|:443... connected.
ERROR: The certificate of ‘rnk.bicyclesonthemoon.info’ is not trusted.
ERROR: The certificate of ‘rnk.bicyclesonthemoon.info’ has expired.
计算机 1、2 和 6(工作)
1a.b:/botm/tmp> wget https://rnk.bicyclesonthemoon.info
--2023-05-12 00:06:07-- https://rnk.bicyclesonthemoon.info/
Resolving rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)... 127.0.0.1
Connecting to rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)|127.0.0.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 226 [text/html]
Saving to: ‘index.html’
index.html 100%[===================>] 226 --.-KB/s in 0s
2023-05-12 00:06:07 (732 KB/s) - ‘index.html’ saved [226/226]
2.b:~> wget https://rnk.bicyclesonthemoon.info
--2023-05-12 02:17:10-- https://rnk.bicyclesonthemoon.info/
Resolving rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)... 192.168.1.4
Connecting to rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)|192.168.1.4|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 226 [text/html]
Saving to: ‘index.html’
index.html 100%[===================>] 226 --.-KB/s in 0.005s
2023-05-12 02:17:10 (46.6 KB/s) - ‘index.html’ saved [226/226]
6.b:~> wget https://rnk.bicyclesonthemoon.info
--2023-05-12 02:18:01-- https://rnk.bicyclesonthemoon.info/
Resolving rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)... 192.168.1.4
Connecting to rnk.bicyclesonthemoon.info (rnk.bicyclesonthemoon.info)|192.168.1.4|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 226 [text/html]
Saving to: ‘index.html’
index.html 100%[===================>] 226 --.-KB/s in 0s
2023-05-12 02:18:01 (15.7 MB/s) - ‘index.html’ saved [226/226]
有趣的是,计算机 2 和 4 具有相同的操作系统(Debian 10,但 2 是 32 位,4 是 64 位),相同的版本wget(1.21.2)并且位于同一个本地网络中,并且其中一台(2)仍然接受证书,而在另一台(4)上则不接受
以下是相关apache配置:
在/etc/apache2/sites-available/botm.conf:
# Manage BOTM sites externally:
IncludeOptional /botm/etc/www/sites/*.conf
在/botm/etc/www/sites/rnk.bicyclesonthemoon.info-ssl.conf:
<VirtualHost *:443>
ServerName rnk.bicyclesonthemoon.info
Include /botm/etc/www/conf/ssl-certbot-botm.conf
Include /botm/etc/www/conf/rnk.conf
</VirtualHost>
在/botm/etc/www/conf/ssl-certbot-botm.conf:
SSLEngine On
SSLCertificateKeyFile /botm/etc/certbot/live/botm/privkey.pem
SSLCertificateFile /botm/etc/certbot/live/botm/cert.pem
SSLCertificateChainFile /botm/etc/certbot/live/botm/chain.pem
最初,我没有SSLCertificateChainFile添加,并被告知这是原因。但添加这个并没有帮助。
我也看到过我应该使用它fullchain.pem来代替,但这也没有任何帮助。
此时我很困惑,我不知道如何继续,如何调试,解决。