【发布时间】:2019-06-21 01:00:47
【问题描述】:
我正在尝试在 AWS ec2 实例上配置 SSL 证书,我按照以下步骤操作:
- 使用 ubuntu 操作系统在 ec2 上创建实例。
- 通过我的域上的证书管理器颁发了证书 -> 例如:*.domains.com 和 domain.com
- 创建了一个经典负载均衡器来指向这些证书和 ec2 实例。
- 将 Route 53 中的 A 记录配置为负载均衡器的别名
- 在 apache2 上配置了我的虚拟主机
$sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache-selfsigned.key -out /etc/apache2/ssl/apache-selfsigned.crt
我获得了包含所有必要细节的自签名证书。
并像这样配置我的虚拟主机:
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin support@noeticitservices.com
ServerName ssltest.domains.com
ServerAlias ssltest.domains.com
DocumentRoot /var/www/html/****/public
ErrorLog /var/www/html/****/error.log
CustomLog /var/www/html/****/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache-selfsigned.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache-selfsigned.key
<Directory /var/www/html/****/public>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
Allow from all
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin support@noeticitservices.com
ServerName ssltest.domains.com
ServerAlias ssltest.domains.com
DocumentRoot /var/www/html/****/public
ErrorLog /var/www/html/****/error.log
CustomLog /var/www/html/****/access.log combined
<Directory /var/www/html/****/public>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
Allow from all
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
当我访问我的域时,它没有使用亚马逊颁发的证书。我怎样才能指出证书,我已经浏览了互联网上几乎所有可用的资源。我的 default-ssl.conf 也已启用 mod_ssl 也已启用。帮我解决这个问题。
【问题讨论】:
-
能否给我们实际的域名,让我们看看?
-
@ceejayoz ssltest.biltrax.com
-
我认为您没有正确地将其指向负载均衡器。
dig ssltest.biltrax.com返回单个 IP 地址(13.232.245.240); AWS 经典负载均衡器通常有多个。 -
13.232.245.240似乎也是您的 EC2 实例的 IP。ec2-13-232-245-240.ap-south-1.compute.amazonaws.com您遇到了 DNS 问题,而不是 SSL 问题。 -
@ceejayoz 你能检查一下这张图片吗:i.stack.imgur.com/NO78Z.png 是这里的问题吗?
标签: apache amazon-web-services ssl amazon-ec2