【发布时间】:2020-05-31 00:03:52
【问题描述】:
经过两天的尝试,我对向我的第二个域添加证书完全不知所措。这是我的情况:
什么有效:
我有一个动态站点(domain1 / site1)托管在运行 Ubuntu 的 Digital Ocean 液滴上。它使用 Apache 提供服务,并使用 Flask 微框架。一切正常,我能够使用 certbot 成功安装 Let's Encrypt 证书。
我已将第二个动态站点 (domain2 / site2) 添加到同一个 droplet,在两个域/站点之间共享单个 IP。我可以通过以下答案来完成这项工作:hosting multiple Flask apps for unique domains。现在我可以:
(1) 像往常一样通过 HTTPS 通过 domain1 访问 site1
(2) 通过 domain2 通过 HTTP 访问 site2。
什么不能:
当我尝试将新的 Let's Encrypt 证书添加到 site2/domain2 时,问题就出现了。 tutorial at Digital Ocean 和 certbot documentation 建议我需要做的就是使用新域再次运行 certbot。创建了一个新证书,但最好的情况是,站点 1 成为“潜在的安全风险”,站点 2 仍然不安全。
在我尝试安装第二个证书之前,以下是 /etc/apache2/sites-available/ 文件的内容。
000-default.conf
<VirtualHost *:80>
<Directory /var/www/FlaskApp>
Options +ExecCGI
DirectoryIndex index.py
</Directory>
AddHandler cgi-script .py
ServerAdmin webmaster@localhost
DocumentRoot /var/www/FlaskApp
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
FlaskApp.conf
<VirtualHost *:80>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin@mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =audiologysource.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:80>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail@email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.wsgi
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
FlaskApp-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin@mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/audiologysource.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/audiologysource.com/privkey.pem
</VirtualHost>
</IfModule>
我的 /var/www 目录是这样组织的:
\var\www
|
└─── FlaskApp
| | flaskapp.wsgi
| |
| └─── FlaskApp
| | __init__.py
| |
| └─── static
| └─── templates
| | home.html
| |
| └─── venv
|
└─── PersonalSiteApp #same as FlaskApp
| flaskapp.wsgi
|
└─── FlaskApp
| __init__.py
|
└─── static
└─── templates
| home.html
|
└─── venv
这是我运行 certbot 并重新加载 Apache 后的相同文件:
sudo certbot --apache -d travismmoore.com -d www.travismmoore.com
000-default.conf:不变
FlaskApp.conf
<VirtualHost *:80>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin@mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =audiologysource.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanen$
</VirtualHost>
<VirtualHost *:80>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail@email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.w$
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =www.audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =travismmoore.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanen$
</VirtualHost>
FlaskApp-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin@mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias travismmoore.com
SSLCertificateFile /etc/letsencrypt/live/travismmoore.com/fullchain.p$
SSLCertificateKeyFile /etc/letsencrypt/live/travismmoore.com/privkey.$
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail@email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.w$
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail@email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.w$
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/travismmoore.com/fullchain.p$
SSLCertificateKeyFile /etc/letsencrypt/live/travismmoore.com/privkey.$
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
非常感谢任何帮助!
【问题讨论】:
标签: python-3.x apache flask ssl-certificate