我正在尝试在具有多个虚拟主机的CentOS服务器上设置Letsencrypt。 在Ubuntu上它似乎可以正常工作,我意识到这个工作的脚本只适用于CentOS上的单个域,但我想我可以手动做一些调整。 可悲的是我只能得到虚拟主机首先在https上运行,这看起来更像是一个Apache问题,而不是一个Letsencrypt问题,因为如果我颠倒了顺序,顶层的工作之前,我会得到一个错误。
以下是虚拟主机的ssl.conf的样子:
NameVirtualHost *:443 Listen 443 <VirtualHost *:443> DocumentRoot "/var/www/html/domain1.com/laravel/public" ServerName domain1.com:443 ServerAlias www.domain1.com:443 ErrorLog logs/domain1_ssl_error_log TransferLog logs/domain1_ssl_access_log LogLevel warn Header set Access-Control-Allow-Origin "*" SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES SSLCertificateFile /etc/letsencrypt/live/domain1.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/domain1.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/domain1.com/chain.pem <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> <VirtualHost *:443> DocumentRoot "/var/www/html/domain2.com/laravel/public" ServerName domain2.com:443 ServerAlias www.domain2.com:443 ErrorLog logs/domain1_ssl_error_log TransferLog logs/domain1_ssl_access_log LogLevel warn Header set Access-Control-Allow-Origin "*" SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES SSLCertificateFile /etc/letsencrypt/live/domain2.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/domain2.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/domain2.com/chain.pem <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> 我已经使用Let's Encrypt了一段时间了,并且已经写了一些关于启动和运行的指导(特别是在CentOS 6和CentOS 7上 – 但是没有理由不应该在其他平台上工作)。
我没有追加:443在我的每域VirtualHostconfiguration。 我最近在另一个问题上做了什么 – 我现在将我的configuration分成多个文件(每个域一个,而不是大量的vhosts.conf & ssl.conf文件)。
我没有在我的基地httpd.conf中的任何SSL参考 – 确保你没有意外设置的东西。
正如我在其他答案写的,我的每个域的configuration如下所示:
<VirtualHost *:80> ServerName domain.tld Redirect permanent / https://domain.tld/ </VirtualHost> <VirtualHost *:443> SSLCertificateFile /etc/letsencrypt/live/domain.tld/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/domain.tld/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/domain.tld/fullchain.pem DocumentRoot /var/www/domain ServerName domain.tld ErrorLog logs/domain-error_log CustomLog logs/domain-access_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ServerAdmin [email protected] SSLEngine on <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 <Directory "/var/www/domain"> Options All +Indexes +FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> </VirtualHost>
和我的ssl.conf :
#SSL options for all sites Listen 443 SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 Mutex sysvsem default SSLRandomSeed startup file:/dev/urandom 1024 SSLRandomSeed connect builtin SSLCryptoDevice builtin SSLCompression off SSLHonorCipherOrder on SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256