Apache2开放SSL证书显示在AWS Load Balancer上

Question

我正在尝试在AWS ec2实例上配置SSL证书，请按照以下步骤操作：

1. 使用ubuntu OS在ec2上创建了实例。
2. 通过我的域上的证书管理器颁发证书->例如：* .domains.com和domains.com
3. 创建了经典负载均衡器以指向这些证书和ec2实例。
4. 在Route 53中将A记录配置为负载均衡器的别名
5. 在apache2上配置了我的虚拟主机

$sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache-selfsigned.key -out /etc/apache2/ssl/apache-selfsigned.crt

我获得了带有所有必要详细信息的自签名证书。

并配置我的虚拟主机，如下所示：

<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin support@noeticitservices.com
        ServerName ssltest.domains.com
        ServerAlias ssltest.domains.com
        DocumentRoot /var/www/html/****/public
        ErrorLog /var/www/html/****/error.log
        CustomLog /var/www/html/****/access.log combined

        SSLEngine on

        SSLCertificateFile /etc/apache2/ssl/apache-selfsigned.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache-selfsigned.key

        <Directory /var/www/html/****/public>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                Allow from all
                Require all granted
        </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
         # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>


<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin support@noeticitservices.com
        ServerName ssltest.domains.com
        ServerAlias ssltest.domains.com
        DocumentRoot /var/www/html/****/public
        ErrorLog /var/www/html/****/error.log
        CustomLog /var/www/html/****/access.log combined

        <Directory /var/www/html/****/public>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                Allow from all
                Require all granted
        </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

当我访问我的域时，它没有使用Amazon颁发的证书。 我如何指出证书，我已经遍历了Internet上几乎所有可用的资源。 我的default-ssl.conf也已启用mod_ssl也已启用。 帮我解决这个问题。

Answer 1

在Route 53中将A记录配置为负载均衡器的别名

好的，这是我认为您搞砸了的地方。 dig ns biltrax.com为您的域提供了以下域名服务器：

• ns34.domaincontrol.com
• ns33.domaincontrol.com

我相信这些是GoDaddy的。 无论它们是什么，它们都不是 Route53的名称服务器。 因此，您在Route53中拥有的记录无效-它们会被忽略，因为您域的DNS完全由其他服务处理。

如果您要由Route53负责该域，则必须将该域指向您的注册商处的Route53名称服务器。