Apache 2.4 ssl.conf的虚拟主机之一加载了错误的证书
[英]Apache 2.4 ssl.conf one of the vhosts loads wrong certificate
问题描述
This ssl.conf file is included in Apache2.conf on a Ubuntu 16.04 LTS server, running Apache 2.4. 
该ssl.conf文件包含在运行Apache 2.4的Ubuntu 16.04 LTS服务器上的Apache2.conf中。
I made certificates with acme.sh from Letsencrypt which work flawlessly. 我使用Letsencrypt的acme.sh制作了可以完美运行的证书。
But after I added VirtualHost Domain4, it appeared that Domain4 uses the certificate from Domain1 as in the message of the (invalid for Domain4) certificate check when browsing to https://www.domain4.com , it shows up that it is meant for www.domain1.com. 但是在添加VirtualHost Domain4之后,似乎浏览到https://www.domain4.com时,Domain4使用了Domain1的证书,如(对Domain4无效)证书检查的消息中所示,它表明这是为了www.domain1.com。
All other ssl domains/ virtual hosts in this config file remain working normally. 此配置文件中的所有其他SSL域/虚拟主机均保持正常工作。
I tried changing 我尝试改变
<VirtualHost www.domainX.com:443>
to 至
<VirtualHost *:443>
for all virtual hosts, but that screwed up everything an none of the virtual hosts were working, so I reverted to this version. 对于所有虚拟主机,但这搞砸了所有虚拟主机,所有虚拟主机都无法正常工作,因此我恢复了此版本。
What am I doing wrong ? 我究竟做错了什么 ?
Here my ssl.conf (hostnames anonymized): 这是我的ssl.conf(匿名的主机名):
<IfModule mod_ssl.c>
Listen 443
NameVirtualHost *:443
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<VirtualHost www.domain1.com:443>
ServerName www.domain1.com
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
SSLEngine on
ServerAdmin webmaster@domain1.com
DocumentRoot /var/www/html/extra/www.domain1.com
SSLCertificateFile /root/.acme.sh/www.domain1.com/www.domain1.com.cer
SSLCertificateKeyFile /root/.acme.sh/www.domain1.com/www.domain1.com.key
SSLCertificateChainFile /root/.acme.sh/www.domain1.com/fullchain.cer
</VirtualHost>
<VirtualHost www.domain2.com:443>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
SSLEngine on
ServerName www.domain2.com
ErrorLog ${APACHE_LOG_DIR}/error-domain2.log
CustomLog ${APACHE_LOG_DIR}/domain2.log combined
ServerAdmin webmaster@domain1.com
# ErrorDocument 404 /404.php
DocumentRoot /var/www/html/extra/domain2.com
SSLCertificateFile /root/.acme.sh/www.domain2.com/www.domain2.com.cer
SSLCertificateKeyFile /root/.acme.sh/www.domain2.com/www.domain2.com.key
SSLCertificateChainFile /root/.acme.sh/www.domain2.com/fullchain.cer
</VirtualHost>
<VirtualHost www.domain3.com:443>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
SSLEngine on
ServerName www.domain3.com
ErrorLog ${APACHE_LOG_DIR}/domain3-error.log
CustomLog ${APACHE_LOG_DIR}/domain3.log combined
ServerAdmin info@domain3.com
ErrorDocument 404 /404.php
DocumentRoot /var/www/html/extra/www.domain3.com
SSLCertificateFile /root/.acme.sh/www.domain3.com/www.domain3.com.cer
SSLCertificateKeyFile /root/.acme.sh/www.domain3.com/www.domain3.com.key
SSLCertificateChainFile /root/.acme.sh/www.domain3.com/fullchain.cer
</VirtualHost>
<VirtualHost www.domain4.com:443>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
# SSLEngine on
ServerName www.domain4.com
ErrorLog ${APACHE_LOG_DIR}/domain4-error.log
CustomLog ${APACHE_LOG_DIR}/domain4.log combined
ServerAdmin info@domain4.com
ErrorDocument 404 /404.php
DocumentRoot /var/www/html/extra/www.domain4.com
SSLCertificateFile /root/.acme.sh/www.domain4.com/www.domain4.com.cer
SSLCertificateKeyFile /root/.acme.sh/www.domain4.com/www.domain4.com.key
SSLCertificateChainFile /root/.acme.sh/www.domain4.com/fullchain.cer
</VirtualHost>
<VirtualHost domain5.com:443>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
Include whitelist.conf
SSLEngine on
ServerName domain5.com
ErrorLog ${APACHE_LOG_DIR}/domain5.com.error.log
CustomLog ${APACHE_LOG_DIR}/domain5.com.access.log combined
ServerAdmin webmaster@domain1.com
DocumentRoot /var/www/html/extra/domain5.com
<Directory /var/www/html/extra/domain5.com>
ErrorDocument 404 /index.php
</Directory>
SSLCertificateFile /root/.acme.sh/domain5.com/domain5.com.cer
SSLCertificateKeyFile /root/.acme.sh/domain5.com/domain5.com.key
SSLCertificateChainFile /root/.acme.sh/domain5.com/fullchain.cer
</VirtualHost>
<VirtualHost domain6.com:443>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
Include whitelist.conf
SSLEngine on
ServerName domain6.com
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
# CustomLog /var/log/apache2/secure_access.log combined
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerAdmin webmaster@domain1.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
ErrorDocument 404 /extra/apache/404.php
ErrorDocument 403 /extra/apache/index.php
ErrorDocument 401 /extra/apache/401.html
</Directory>
SSLCertificateFile /etc/apache2/ssl/domain6.com/domain6.com.cer
SSLCertificateKeyFile /etc/apache2/ssl/domain6.com/domain6.com.key
SSLCertificateChainFile /root/.acme.sh/domain6.com/fullchain.cer
</VirtualHost>
</IfModule>
1 个解决方案
解决方案1
0 2018-07-22 15:32:33
I just had the same issue. 我只是有同样的问题。 In my case my vhosts were backend vhosts proxied to by a corresponding set of frontend vhosts. 在我的情况下,我的虚拟主机是由一组相应的前端虚拟主机代理的后端虚拟主机。 When I pointed my browser directly to the backend vhosts then I got the issue described above for one vhost. 当我将浏览器直接指向后端虚拟主机时,我遇到了上述针对一个虚拟主机的问题。 When I talked to the frontend vhosts then the correspoding vhost reported SSL proxy errors. 当我与前端虚拟主机通信时,相应的虚拟主机报告了SSL代理错误。
The cause was that all the ServerNames in the backend hosts were set to the public/frontend FQHNs; 原因是后端主机中的所有 ServerName都设置为public / frontend FQHN。 the one that was working was only working because it happened to be alphabetically the first and was therefore the default vhost. 有效的主机之所以起作用,是因为它恰好是按字母顺序排列的第一个主机,因此是默认的虚拟主机。 When I changed the backend ServerNames to be the backend FQHNs then it all worked as I wanted. 当我改变了后端servernames节点是后端 FQHNs那么它的所有工作,因为我想要的。
Summary: check that all your ServerNames are correct for their context (frontend/backend). 摘要:检查所有服务器名称对于它们的上下文(前端/后端)是否正确。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.