我已经使用certbot为我的域创build了一个让我们encryption的证书。 我已经确保包含www和一些(需要的)子域名,所以证书应该对非www和www有效:
domain.com www.domain.com sub1.domain.com ... 但事实并非如此,如果我尝试访问https://domain.com,它会抛出一个SSL错误。
在证书查看器(通过www访问时),我可以看到通用名称(CA)domain.com。 证书主题备用名称包含非www和www …
所以我不明白为什么会出现这个错误:
domain.com uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: SEC_ERROR_UNKNOWN_ISSUER
我确实生成了自签名证书,但是对于默认的虚拟主机块(httpd-ssl.conf中的那个),其他块正在使用我们的encryption证书。
我也确保删除了Firefox的caching。
我做了一个例外,现在每次写https://domain.com时都会redirect到https://www.domain.com 。
我使用Apache 2.4.23,我的vhostsconfiguration如下:
<VirtualHosts *:80> Servername domain.com Redirect permanent / https://www.domain.com/ </VirtualHosts> <VirtualHost *:443> ServerName domain.com:443 Redirect permanent / https://www.domain.com:443/ </VirtualHost> <VirtualHost *:PORT> # 80 and 443 ServerAdmin [email protected] DocumentRoot "/srv/http/domain.com/www" ServerName www.domain.com:443 Protocols h2 h2c <Directory "/srv/http/domain.com/www"> Require all granted <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^index\.php$ - [L] RewriteRule . index.php [L] </IfModule> </Directory> <IfModule dir_module> DirectoryIndex index.php </IfModule> SSLEngine on SSLCertificateFile "/etc/letsencrypt/live/domain.com/fullchain.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/domain.com/privkey.pem" Header always set Strict-Transport-Security "max-age=15768000" ErrorLog "/var/log/httpd/domain.com-ssl_error_log" CustomLog "/var/log/httpd/domain.com-ssl_access_log" common LogLevel debug </VirtualHost>
您没有为向example.com发送的请求提供Let's Encrypt证书。
<VirtualHost *:443> ServerName domain.com:443 Redirect permanent / https://www.domain.com:443/ </VirtualHost>
所有相关的SSL指令都丢失了。
SSLEngine on SSLCertificateFile "/etc/letsencrypt/live/domain.com/fullchain.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/domain.com/privkey.pem" Header always set Strict-Transport-Security "max-age=15768000"