我在/ etc / apache2 / ssl / domain / like中创build了一个.csr和.key文件
openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr 像GoDaddy说的,然后用apache指令链接到这些文件:
<VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/apache2/ssl/domain/domain.com.csr SSLCertificateKeyFile /etc/apache2/ssl/domain/domain.com.key DocumentRoot /clients/domain.com/www/ ScriptAlias /cgi-bin/ /clients/domain.com/cgi/ ServerAlias domain.com www.domain.com *.domain.com ServerName www.domain.com ErrorLog /clients/domain.com/logs/error_log LogFormat "%h %l %u %t \"%r\" %>s %b" common CustomLog "|/usr/bin/cronolog /clients/domain.com/logs/%Y/%m/%d/access_log" combined AddType application/x-httpd-php .html <Directory /> Options -Indexes FollowSymLinks MultiViews AllowOverride All Order deny,allow Allow from all </Directory>
当我这样做
apachectl configtest
它表示语法OK,但启动失败:
[error] Init: Unable to read server certificate from file /etc/apache2/ssl/domain/domain.csr [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
这似乎暗示了一个无效的openssl cert命令或apache2指令不匹配,我猜,但我似乎无法find任何明显的。 我在另一个虚拟域上运行另一个SSL GoDaddy证书,我错过了一些明显的东西? 我的csr看起来像:
-----BEGIN CERTIFICATE REQUEST----- MIICiTCCAXECAQAwRDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMREwDwYDVQQH EwhTYW5EaWVnbzEVMBMGA1UEChMMRmxpeXByb2R1Y3RzMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA0ZxcveaAefauZvSMiEAJZjhAKRqgym++IeIHEZ2D PZ5vgp8vB4/UXUBtXQoEKrviCqJDkgzXUAviR3RLpbEMtS3RQdNjBnsVAe7GuAJ9 ... R5Bi9PaKwVOchbnKICZHWSiaDqIv3TOfT+KBcMDsnUzJbdhteUnIfk5VLdgJEuyS IZiPnEHSh8aVhtfKzrnWYcY9ce3PEQZKfyF+o1lf7vEw80PTUfTD0PysOp20MmJK 5TaF8Zu0waKyilEhWyo7uKX8AsX/mjkl1QljPyHb+uGa7wIDAQABoAAwDQYJKoZI hvcNAQEFBQADggEBAIVHReg+ -----END CERTIFICATE REQUEST-----
您正在混合证书请求和证书。
您需要将您的CSR提交给authentication机构(CA)。
他们会把你的CSR(和你的钱)变成一个合适的CER。
(如果您想跳过“金钱”步骤,您可能需要查看https://letsencrypt.org 。)
旁注:OpenSSL错误信息通常很糟糕。