【发布时间】:2021-04-02 21:43:16
【问题描述】:
我想将今天生成的 ssl 证书放在网站上,但它不起作用。安全页面未加载,但不安全页面有效。这是我的conf:
<VirtualHost *:80>
ServerName example.com
ServerAdmin example@gmail.com
ServerAlias www.example.com
DocumentRoot /var/www/example
<Directory /var/www/example>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/example-error.log
CustomLog /var/log/example-access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAdmin example@gmail.com
ServerAlias www.example.com
DocumentRoot /var/www/example
<Directory /var/www/example>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /root/certs/example.crt
SSLCertificateKeyFile /root/XXX.key
SSLCertificateChainFile /root/certs/example.crt
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel debug
</VirtualHost>
奇怪的是我在 ssl_error_log 中没有错误:
[Fri Apr 02 22:33:55.266922 2021] [ssl:info] [pid 12429] AH02200: Loading certificate & private key of SSL-aware server 'example.com:443'
[Fri Apr 02 22:33:55.267378 2021] [ssl:debug] [pid 12429] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required
[Fri Apr 02 22:33:55.267430 2021] [ssl:info] [pid 12429] AH01914: Configuring server example.com:443 for SSL protocol
[Fri Apr 02 22:33:55.267738 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(886): AH01904: Configuring server certificate chain (1 CA certificate)
[Fri Apr 02 22:33:55.267751 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(406): AH01893: Configuring TLS extension handling
[Fri Apr 02 22:33:55.267762 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(933): AH02232: Configuring RSA server certificate
[Fri Apr 02 22:33:55.267939 2021] [ssl:debug] [pid 12429] ssl_util_ssl.c(508): AH02412: [example.com:443] Cert matches for name 'example.com' [subject: CN=example.com / issuer: CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US / serial: example / notbefore: Apr 2 00:00:00 2021 GMT / notafter: May 3 23:59:59 2022 GMT]
[Fri Apr 02 22:33:55.267957 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(988): AH02236: Configuring RSA server private key
[Fri Apr 02 22:33:55.310426 2021] [ssl:info] [pid 12429] AH02200: Loading certificate & private key of SSL-aware server 'example.com:443'
[Fri Apr 02 22:33:55.310726 2021] [ssl:debug] [pid 12429] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required
[Fri Apr 02 22:33:55.310770 2021] [ssl:info] [pid 12429] AH01914: Configuring server example.com:443 for SSL protocol
[Fri Apr 02 22:33:55.310983 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(886): AH01904: Configuring server certificate chain (1 CA certificate)
[Fri Apr 02 22:33:55.310994 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(406): AH01893: Configuring TLS extension handling
[Fri Apr 02 22:33:55.311002 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(933): AH02232: Configuring RSA server certificate
[Fri Apr 02 22:33:55.311108 2021] [ssl:debug] [pid 12429] ssl_util_ssl.c(508): AH02412: [example.com:443] Cert matches for name 'example.com' [subject: CN=example.com / issuer: CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US / serial: XXX / notbefore: Apr 2 00:00:00 2021 GMT / notafter: May 3 23:59:59 2022 GMT]
[Fri Apr 02 22:33:55.311117 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(988): AH02236: Configuring RSA server private key
[root@vps httpd]# curl https: //xxx.com
curl: (7) Failed connect to xxx.com:443; Connection refused
端口打开是防火墙。
有什么想法吗?
【问题讨论】:
-
您是否使用 a2ensite 启用了该站点?是否安装了 mod_ssl?你的配置中有 Listen 443 吗?
-
呃。是的 。听443被遗忘了。非常感谢