时间戳

首页 > 解决方案 > 尝试安装 ssl 证书后,我可以访问我的网站

apache - 尝试安装 ssl 证书后,我可以访问我的网站

问题描述

我在数字海洋中有一台 LAMP 服务器,我安装了 Wordpress,直到 2 周前我的网站都没有问题,我从 godaddy.com 购买了 ssl 证书,我做了任何 https://www.digitalocean.com/community/本教程说的tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority 。它没有工作,在我做了这些事情之后,我再也无法访问我的网站了。所以我尝试了一些其他的东西,但它们都不起作用。

我的网站: http: //gobokolektif.com/https://gobokolektif.com/

我的“000-default.conf”看起来像这样:

<VirtualHost *:80>
        ServerName gobokolektif.com
        ServerAlias www.gobokolektif.com


      DocumentRoot /var/www/html
      ErrorLog ${APACHE_LOG_DIR}/error.log
      CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory /var/www/html>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
                Require all granted
    </Directory>

</VirtualHost>

<VirtualHost *:443>
        ServerName gobokolektif.com
        ServerAlias www.gobokolektif.com


    <Directory /var/www/html>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
                Require all granted
    </Directory>


        ServerAdmin root@gobokolektif.com
        DocumentRoot /var/www/html
        SSLEngine on
        SSLCertificateFile /etc/ssl/gobokolektif.com.crt
        SSLCertificateKeyFile /etc/ssl/gobokolektif.com.key
        SSLCACertificateFile  /etc/ssl/intermediate.crt


        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
```

我的“default-ssl.conf”看起来像这样:

 <IfModule mod_ssl.c>
        <VirtualHost _default_:443>
            ServerAdmin root@localhost
                    ServerName gobokolektif.com:443

            DocumentRoot /var/www/html
            <Directory /var/www/html>
                    Options Indexes FollowSymLinks MultiViews
                    AllowOverride All
                    Order allow,deny
                    allow from all
                            Require all granted
                 </Directory>


            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

                    SSLEngine on
                    SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
            SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key


            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                    SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                    SSLOptions +StdEnvVars
            </Directory>


        </VirtualHost>
    </IfModule>

    # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

我的 ports.conf 看起来像这样: 

Listen 80



<IfModule ssl_module>

Listen 443
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

我的“apache2.conf”看起来像这样:

Mutex file:${APACHE_LOCK_DIR} default

PidFile ${APACHE_PID_FILE}

Timeout 300

KeepAlive On

MaxKeepAliveRequests 100

KeepAliveTimeout 5


User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

HostnameLookups Off


ErrorLog ${APACHE_LOG_DIR}/error.log


LogLevel warn


IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf


Include ports.conf


<Directory />
    Options FollowSymLinks
    AllowOverride None
    Require all denied
</Directory>

<Directory /usr/share>
    AllowOverride None
    Require all granted
</Directory>

<Directory /var/www>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

#<Directory /srv/>
#   Options Indexes FollowSymLinks
#   AllowOverride None
#   Require all granted
#</Directory>


AccessFileName .htaccess


<FilesMatch "^\.ht">
    Require all denied
</FilesMatch>



LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent




IncludeOptional conf-enabled/*.conf


IncludeOptional sites-enabled/*.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
ServerName localhost

我的 ssl 证书位于:/etc/ssl/

当我尝试为发生的事情写“-f /var/log/apache2/error.log”时,它说:

    [Thu Aug 16 12:41:02.962437 2018] [ssl:emerg] [pid 9602] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed
[Thu Aug 16 12:49:35.182760 2018] [ssl:emerg] [pid 9658] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed
[Thu Aug 16 12:50:05.754441 2018] [ssl:emerg] [pid 9692] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed
[Thu Aug 16 12:53:48.496877 2018] [ssl:emerg] [pid 9736] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed
[Thu Aug 16 13:18:07.360925 2018] [ssl:emerg] [pid 9944] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed

“service apache2 status”这个命令的输出是

apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: inactive (dead) since Thu 2018-08-16 11:13:56 UTC; 1h 4min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 9056 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS
  Process: 9037 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCE

Aug 16 11:13:55 gobokolektif systemd[1]: Stopped LSB: Apache2 web server.
Aug 16 11:13:55 gobokolektif systemd[1]: Starting LSB: Apache2 web server...
Aug 16 11:13:56 gobokolektif apache2[9037]:  * Starting Apache httpd web server
Aug 16 11:13:56 gobokolektif apache2[9037]: Action 'start' failed.
Aug 16 11:13:56 gobokolektif apache2[9037]: The Apache error log may have more i
Aug 16 11:13:56 gobokolektif apache2[9037]:  *
Aug 16 11:13:56 gobokolektif apache2[9056]:  * Stopping Apache httpd web server
Aug 16 11:13:56 gobokolektif apache2[9056]:  *
Aug 16 11:13:56 gobokolektif systemd[1]: Started LSB: Apache2 web server.
Aug 16 11:14:16 gobokolektif systemd[1]: apache2.service: Unit cannot be reloade

语法没有问题。我能做些什么 ?

我筋疲力尽,我不知道如何解决这个烂摊子,有人可以帮助我吗?

标签: apacheserverssl-certificatedigital-oceanlamp

解决方案

您已经在 000-default.conf 中安装了新的 ssl 证书,并且还在default-ssl.conf 中安装了示例“蛇油”ssl 证书。

将 SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key 替换为 SSLCertificateFile /etc/ssl/gobokolektif.com.crt SSLCertificateKeyFile /etc/ssl/gobokolektif .com.key SSLCACertificateFile /etc/ssl/intermediate.crt

然后从 000-default.conf 中删除上面的块

并重新启动apache。

此外,您可以从letsencrypt.org 获得免费的ssl 证书。您没有理由需要为此付费。

推荐阅读