通配符 SSL 在指向不同服务器的子域上不起作用
[英]Wild card SSL not working on subdomain pointed to different server
问题描述
This could be possibly a duplicate question, but I've tried every solution I found and nothing worked.
这可能是一个重复的问题,但我已经尝试了我找到的所有解决方案,但没有任何效果。 On main domain, I've successfully installed SSL and it is working fine.在主域上,我已经成功安装了 SSL 并且工作正常。 I need to install the same wild card SSL on other two instances which are using for subdomain .我需要在用于 subdomain的其他两个实例上安装相同的通配符 SSL 。
The overall structure I've setup so far is as follows -到目前为止我设置的整体结构如下 -
- Cloudflare is using for CDN where I've created A record for all 3 instances. Cloudflare 用于 CDN,我为所有 3 个实例创建了 A 记录。 One for main domain and other 2 for subdomains.一个用于主域,另一个用于子域。
- Created 3 instances (Ubuntu 18.04 + Apache) on AWS EC2在 AWS EC2 上创建 3 个实例(Ubuntu 18.04 + Apache)
When I am hitting subdomain in browser, it is showing lock sign but with Error 521: Web server is down当我在浏览器中点击子域时,它显示锁定标志但出现Error 521: Web server is down
but When I am trying it with default Public DNS, it is showing my page without any error.但是当我使用默认的公共 DNS 尝试它时,它显示我的页面没有任何错误。
Please suggest what is missing here.请提出这里缺少的内容。 Thanks much!!非常感谢!!
2 个解决方案
解决方案1
0 2020-07-31 06:40:09
The 521 error from CloudFlare indicates that it is unable to speak to your host on that port. CloudFlare 的 521 错误表明它无法在该端口上与您的主机通信。
Error 521 occurs when the origin web server refuses connections from Cloudflare.
The two most common causes of 521 errors are:
- Offlined origin web server application
- Blocked Cloudflare requests
Please check the following:请检查以下内容:
- The EC2 security group is allowing inbound access on both port 80/443 (this cannot be locked down to your IP address). EC2 安全组允许在两个端口 80/443 上进行入站访问(这不能锁定到您的 IP 地址)。
- If a NACL is in place (which is not the default one) ensure that both the communication ports (80/443) and the ephemeral ports are open.如果 NACL 已就位(这不是默认的),请确保通信端口 (80/443) 和临时端口均已打开。
- Ensure that the servers are listening on both port 80/443.确保服务器正在侦听两个端口 80/443。
It is important to identify whether CloudFlare it attempting to connect to HTTP or HTTPS, it can support both of these models based on the configuration.重要的是要确定 CloudFlare 是否尝试连接到 HTTP 或 HTTPS,它可以根据配置支持这两种型号。
If you're still stuck after these points you can attempt to validate the requests going to your server usingVPC Flow Logs .如果您在这些点之后仍然卡住,您可以尝试使用VPC Flow Logs验证发送到您的服务器的请求。
解决方案2
0 已采纳 2020-08-02 11:26:36
Finally, this answer gave me a hint How to install third-party SSL Certificate with AWS EC2 Instance (Ubuntu AMI)?最后,这个答案给了我一个提示How to install third-party SSL Certificate with AWS EC2 Instance (Ubuntu AMI)? Will it cost one-time or monthly basis? 它会花费一次性还是每月?
And I resolved this error as follow -我解决了这个错误如下 -
1. Downloaded the certificate files from primary server 1.从主服务器下载证书文件
2. Uploaded the same certificate files to the secondary server where the subdomain is pointed 2.将相同的证书文件上传到子域指向的从服务器
3. then edit /etc/apache2/sites-available/default-ssl.conf file on secondary server, search for "SSLCertificate" and change the following lines 3. 然后在辅助服务器上编辑 /etc/apache2/sites-available/default-ssl.conf 文件,搜索“SSLCertificate”并更改以下行
4. Enable the SSL configuration, and restart the webserver. 4.启用SSL配置,重启webserver。
ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/
apachectl configtest
apachectl graceful
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.