apache - 如何绑定具有crt文件的SSL证书
问题描述
我正在我的网站中安装 SSL 证书,我尝试了以下步骤,但仍然没有网站无法在 https 中运行并且仍在 http 中运行
我已经在下面绑定了我的 crt 文件
<VirtualHost _default_:443>
DocumentRoot /var/www/http
ServerName my_domain.com
SSLEngine on
SSLCertificateFile /path/to/coolexample.crt
SSLCertificateKeyFile /path/to/privatekey.key
SSLCertificateChainFile /path/to/intermediate.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
键入此命令后apache2ctl configtest
,它显示语法 OK
但是在输入最后一条命令后apache2ctl restart
它显示以下错误消息
httpd 没有运行,正在尝试启动
(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
没有可用的监听套接字,正在关闭
AH00015: 无法打开日志
操作“重新启动”失败。
Apache 错误日志可能包含更多信息。
解决方案
要激活 SSL 加密,您需要一个额外的 VirtualHost 端口 443。这通常是在Apache/conf/extra/httpd-ssl.conf
其中完成的,这取决于平台。
在这样的文件中,您需要一个类似的条目(Windows 示例):
<VirtualHost *:443>
DocumentRoot "C:/webserver/html/my_html"
ServerName www.example.com
Protocols h2 http/1.1
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:SEED-SHA:DHE-RSA-SEED-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression off
SSLCertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/portal.digipen.de-crt.pem"
SSLCertificateKeyFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/portal.digipen.de-key.pem"
SSLCACertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/ca-portal.digipen.de-crt.pem"
<IfModule headers_module>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
Header always set x-frame-options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
</IfModule>
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SSLProxyEngine on
EnableSendfile off
EnableMMAP off
</VirtualHost>
推荐阅读
- ios - iOS App Group Directory 不允许写入
- list - 双向链表交换解释
- c# - 将从 IOption 解析的设置注入 .NET Core 中的其他类
- javascript - Python Bokeh 和 Javascript 中的多个过滤器
- mysql - 创建一个 MYSQL 存储过程以在不同的数据库中创建表
- javascript - 如何在 JQuery Datepicker 中禁用以前的日期
- spring - @NotBlank 和/或 @NotEmpty 是否像 @NotNull 在 Spring JPA 中那样映射到数据库中的非空值?
- c - 在原子中的放松和获取/释放内存排序之间进行选择
- android - 用于 Windows 设置的颤振
- reactjs - 如何清除此对象可能为空错误?