apache - 尝试安装 ssl 证书后,我可以访问我的网站
问题描述
我在数字海洋中有一台 LAMP 服务器,我安装了 Wordpress,直到 2 周前我的网站都没有问题,我从 godaddy.com 购买了 ssl 证书,我做了任何 https://www.digitalocean.com/community/本教程说的tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority 。它没有工作,在我做了这些事情之后,我再也无法访问我的网站了。所以我尝试了一些其他的东西,但它们都不起作用。
我的网站: http: //gobokolektif.com/ 或 https://gobokolektif.com/
我的“000-default.conf”看起来像这样:
<VirtualHost *:80>
ServerName gobokolektif.com
ServerAlias www.gobokolektif.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName gobokolektif.com
ServerAlias www.gobokolektif.com
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
ServerAdmin root@gobokolektif.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/gobokolektif.com.crt
SSLCertificateKeyFile /etc/ssl/gobokolektif.com.key
SSLCACertificateFile /etc/ssl/intermediate.crt
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
```
我的“default-ssl.conf”看起来像这样:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin root@localhost
ServerName gobokolektif.com:443
DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
我的 ports.conf 看起来像这样:
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
我的“apache2.conf”看起来像这样:
Mutex file:${APACHE_LOCK_DIR} default
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>
AccessFileName .htaccess
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
ServerName localhost
我的 ssl 证书位于:/etc/ssl/
当我尝试为发生的事情写“-f /var/log/apache2/error.log”时,它说:
[Thu Aug 16 12:41:02.962437 2018] [ssl:emerg] [pid 9602] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed
[Thu Aug 16 12:49:35.182760 2018] [ssl:emerg] [pid 9658] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed
[Thu Aug 16 12:50:05.754441 2018] [ssl:emerg] [pid 9692] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed
[Thu Aug 16 12:53:48.496877 2018] [ssl:emerg] [pid 9736] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed
[Thu Aug 16 13:18:07.360925 2018] [ssl:emerg] [pid 9944] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed
“service apache2 status”这个命令的输出是
apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: inactive (dead) since Thu 2018-08-16 11:13:56 UTC; 1h 4min ago
Docs: man:systemd-sysv-generator(8)
Process: 9056 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS
Process: 9037 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCE
Aug 16 11:13:55 gobokolektif systemd[1]: Stopped LSB: Apache2 web server.
Aug 16 11:13:55 gobokolektif systemd[1]: Starting LSB: Apache2 web server...
Aug 16 11:13:56 gobokolektif apache2[9037]: * Starting Apache httpd web server
Aug 16 11:13:56 gobokolektif apache2[9037]: Action 'start' failed.
Aug 16 11:13:56 gobokolektif apache2[9037]: The Apache error log may have more i
Aug 16 11:13:56 gobokolektif apache2[9037]: *
Aug 16 11:13:56 gobokolektif apache2[9056]: * Stopping Apache httpd web server
Aug 16 11:13:56 gobokolektif apache2[9056]: *
Aug 16 11:13:56 gobokolektif systemd[1]: Started LSB: Apache2 web server.
Aug 16 11:14:16 gobokolektif systemd[1]: apache2.service: Unit cannot be reloade
语法没有问题。我能做些什么 ?
我筋疲力尽,我不知道如何解决这个烂摊子,有人可以帮助我吗?
解决方案
您已经在 000-default.conf 中安装了新的 ssl 证书,并且还在default-ssl.conf 中安装了示例“蛇油”ssl 证书。
将 SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key 替换为 SSLCertificateFile /etc/ssl/gobokolektif.com.crt SSLCertificateKeyFile /etc/ssl/gobokolektif .com.key SSLCACertificateFile /etc/ssl/intermediate.crt
然后从 000-default.conf 中删除上面的块
并重新启动apache。
此外,您可以从letsencrypt.org 获得免费的ssl 证书。您没有理由需要为此付费。
推荐阅读
- matlab - 在 Matlab 中插入不同时间的矩阵
- ansible - 如何在 INI 文件中使用加密变量 (ansible_ssh_pass)?
- reactjs - 如何从步数计算一个人的步伐?
- javascript - Button 创建的上传图片预览代码不会预览图片。Javascript/HTML
- python - 对大型 TIFF 堆栈 ndarray 上的 numpy/scipy 样条进行优化?
- javascript - Javascript - 在一个函数函数执行后一段时间内禁用所有嵌套函数
- xml - 无法加载 WixUIExtension.dll
- jira - Jira - 项目或时间
- javascript - 如何在 JS 的画布中更好地移动没有 clearRect() 的框?
- javascript - 为什么创建一个新的繁琐的连接会使我的程序无法完成?