1. 首頁
  2. 問答
  3. 在Debian上啓用SSL

在Debian上啓用SSL

2017-05-08 90 views
0

我想在我的Debian/Apache上啓用SLL & Letsencrypt(通過Certbot)。在Debian上啓用SSL

在ports.conf,兩個端口80 & 443正在聽:

Listen 80 

<IfModule ssl_module> 
     Listen 443 
</IfModule> 

<IfModule mod_gnutls.c> 
     Listen 443 
</IfModule>

啓用SSL:

> a2enmod ssl 
Considering dependency setenvif for ssl: 
Module setenvif already enabled 
Considering dependency mime for ssl: 
Module mime already enabled 
Considering dependency socache_shmcb for ssl: 
Module socache_shmcb already enabled 
Module ssl already enabled

而且我VirtualHosts配置如下: 我-host.conf中

<VirtualHost XX.XX.XX.XX:80> 
     ServerName www.myhost.com 
     ServerAlias myhost.com 
     Redirect/https://www.myhost.com 
     DocumentRoot /home/myhost/www/public/ 
     CustomLog /var/log/apache2/myhost.com-access.log combined 
     ErrorLog /var/log/apache2/lmyhost.com-error.log 
     LogLevel warn 
     <Directory "/home/myhost/www/public/"> 
       Require all granted 
       Options Indexes FollowSymLinks MultiViews 
       AllowOverride All 
       Order allow,deny 
       allow from all 
     </Directory> 
</VirtualHost>

myhost.com-le-ssl.conf:

<IfModule mod_ssl.c> 
<VirtualHost XX.XX.XX.XX:443> 
     ServerName www.myhost.com 
     ServerAlias myhost.com 
#  Redirect/https://www.myhost.com 
     DocumentRoot /home/myhost/www/public/ 
     CustomLog /var/log/apache2/myhost.com-access.log combined 
     ErrorLog /var/log/apache2/myhost.com-error.log 
     LogLevel warn 
     <Directory "/home/myhost/www/public/"> 
       Require all granted 
       Options Indexes FollowSymLinks MultiViews 
       AllowOverride All 
       Order allow,deny 
       allow from all 
     </Directory> 
SSLCertificateFile /etc/letsencrypt/live/www.myhost.com-0001/fullchain.pem 
SSLCertificateKeyFile /etc/letsencrypt/live/www.myhost.com-0001/privkey.pem 
Include /etc/letsencrypt/options-ssl-apache.conf 
</VirtualHost> 
</IfModule>

當我試圖去http:///www.myhost.com:443,它的工作原理。但隨着https:///www.myhost.com我在Chrome的錯誤:

ERR_SSL_PROTOCOL_ERROR

我的服務器上,當我檢查:

openssl s_client -crlf -debug -connect www.myhost.com:443 -status -servername www.myhost.com

我得到這個:

... 
124222757861008:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:782: 
--- 
no peer certificate available 
--- 
No client certificate CA names sent 
--- 
SSL handshake has read 7 bytes and written 323 bytes 
--- 
New, (NONE), Cipher is (NONE) 
Secure Renegotiation IS NOT supported 
Compression: NONE 
Expansion: NONE 
SSL-Session: 
    Protocol : TLSv1.2 
    Cipher : 0000 
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg : None 
    PSK identity: None 
    PSK identity hint: None 
    SRP username: None 
    Start Time: 1494247901 
    Timeout : 300 (sec) 
    Verify return code: 0 (ok)

最後,當我Apache錯誤日誌,我可以看到:

[Sun May 07 20:06:53.419500 2017] [core:debug] [pid 18433] protocol.c(1275): [client xx.xx.xx.xx:52254] AH00566: request failed: malformed request line

簡而言之,啓用了SSL,端口是正確的,當我通過主機:端口調用Apache時,Apache可以通過。 但是,此端口無法調用我的證書並通過https打開我的主機。這就像SSL被禁用...!

你能給我一些方法來解決這個問題嗎? 謝謝大家!

來源

2017-05-08 Cédric

回答

0

我有和你一樣的問題,這就是我解決問題的方法。 [在Site does not exist error for a2ensite詳情]但文藝青年最愛的是:

  1. 虛擬主機配置文件必須以.conf
  2. 結束,你必須把它放在網站可用的目錄,然後
  3. 你有運行a2ensite以啓用該網站。

來源

2017-05-26 19:39:20 PeterToTheThird

+0

我試過這個......沒有成功:/ 我現在重新安裝了我的Debian及其作品。我不知道發生了什麼...... 感謝您的回覆! –

相關問題

 相關問題