这个ssl.conf文件包含在运行Apache 2.4的Ubuntu 16.04 LTS服务器上的Apache2.conf中。
我用来自Letsencrypt的acme.sh颁发了证书,该证书完美无缺。
但是在我添加了VirtualHost Domain4之后,似乎Domain4在浏览到https://www.domain4.com时使用来自Domain1的证书,如在(对于Domain4无效)证书检查的消息中,它显示它是用于www的.domain1.com。
此配置文件中的所有其他ssl域/虚拟主机仍然正常工作。
我尝试过更改
<VirtualHost www.domainX.com:443>
到
<VirtualHost *:443>
对于所有虚拟主机,但这搞砸了所有虚拟主机都没有工作的东西,所以我恢复了这个版本。
我做错了什么?
这里我的ssl.conf(主机名是匿名的):
<IfModule mod_ssl.c>
Listen 443
NameVirtualHost *:443
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<VirtualHost www.domain1.com:443>
ServerName www.domain1.com
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
SSLEngine on
ServerAdmin webmaster@domain1.com
DocumentRoot /var/www/html/extra/www.domain1.com
SSLCertificateFile /root/.acme.sh/www.domain1.com/www.domain1.com.cer
SSLCertificateKeyFile /root/.acme.sh/www.domain1.com/www.domain1.com.key
SSLCertificateChainFile /root/.acme.sh/www.domain1.com/fullchain.cer
</VirtualHost>
<VirtualHost www.domain2.com:443>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
SSLEngine on
ServerName www.domain2.com
ErrorLog ${APACHE_LOG_DIR}/error-domain2.log
CustomLog ${APACHE_LOG_DIR}/domain2.log combined
ServerAdmin webmaster@domain1.com
# ErrorDocument 404 /404.php
DocumentRoot /var/www/html/extra/domain2.com
SSLCertificateFile /root/.acme.sh/www.domain2.com/www.domain2.com.cer
SSLCertificateKeyFile /root/.acme.sh/www.domain2.com/www.domain2.com.key
SSLCertificateChainFile /root/.acme.sh/www.domain2.com/fullchain.cer
</VirtualHost>
<VirtualHost www.domain3.com:443>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
SSLEngine on
ServerName www.domain3.com
ErrorLog ${APACHE_LOG_DIR}/domain3-error.log
CustomLog ${APACHE_LOG_DIR}/domain3.log combined
ServerAdmin info@domain3.com
ErrorDocument 404 /404.php
DocumentRoot /var/www/html/extra/www.domain3.com
SSLCertificateFile /root/.acme.sh/www.domain3.com/www.domain3.com.cer
SSLCertificateKeyFile /root/.acme.sh/www.domain3.com/www.domain3.com.key
SSLCertificateChainFile /root/.acme.sh/www.domain3.com/fullchain.cer
</VirtualHost>
<VirtualHost www.domain4.com:443>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
# SSLEngine on
ServerName www.domain4.com
ErrorLog ${APACHE_LOG_DIR}/domain4-error.log
CustomLog ${APACHE_LOG_DIR}/domain4.log combined
ServerAdmin info@domain4.com
ErrorDocument 404 /404.php
DocumentRoot /var/www/html/extra/www.domain4.com
SSLCertificateFile /root/.acme.sh/www.domain4.com/www.domain4.com.cer
SSLCertificateKeyFile /root/.acme.sh/www.domain4.com/www.domain4.com.key
SSLCertificateChainFile /root/.acme.sh/www.domain4.com/fullchain.cer
</VirtualHost>
<VirtualHost domain5.com:443>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
Include whitelist.conf
SSLEngine on
ServerName domain5.com
ErrorLog ${APACHE_LOG_DIR}/domain5.com.error.log
CustomLog ${APACHE_LOG_DIR}/domain5.com.access.log combined
ServerAdmin webmaster@domain1.com
DocumentRoot /var/www/html/extra/domain5.com
<Directory /var/www/html/extra/domain5.com>
ErrorDocument 404 /index.php
</Directory>
SSLCertificateFile /root/.acme.sh/domain5.com/domain5.com.cer
SSLCertificateKeyFile /root/.acme.sh/domain5.com/domain5.com.key
SSLCertificateChainFile /root/.acme.sh/domain5.com/fullchain.cer
</VirtualHost>
<VirtualHost domain6.com:443>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
Include whitelist.conf
SSLEngine on
ServerName domain6.com
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
# CustomLog /var/log/apache2/secure_access.log combined
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerAdmin webmaster@domain1.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
ErrorDocument 404 /extra/apache/404.php
ErrorDocument 403 /extra/apache/index.php
ErrorDocument 401 /extra/apache/401.html
</Directory>
SSLCertificateFile /etc/apache2/ssl/domain6.com/domain6.com.cer
SSLCertificateKeyFile /etc/apache2/ssl/domain6.com/domain6.com.key
SSLCertificateChainFile /root/.acme.sh/domain6.com/fullchain.cer
</VirtualHost>
</IfModule>
答案 0 :(得分:0)
我只是遇到了同样的问题。在我的情况下,我的虚拟主机是由一组相应的前端虚拟主机代理的后端虚拟主机。当我将浏览器直接指向后端虚拟主机时,我遇到了上述针对一个虚拟主机的问题。当我与前端虚拟主机通信时,相应的虚拟主机报告了SSL代理错误。
原因是后端主机中的所有服务器名均设置为公共/前端FQHN;有效的主机之所以起作用,是因为它恰好是按字母顺序排列的第一个主机,因此是默认的虚拟主机。当我将后端ServerNames更改为后端 FQHN时,一切都按我的意愿进行了工作。
摘要:检查所有服务器名称的上下文(前端/后端)是否正确。