安装 LetsEncrypt SSL 后服务器无响应

Question

我正在将我的网站推送到 Ubuntu 18.04 上的 AWS Lightsail 实例，自从我安装了 LetsEncrypt（之前一切都很好）后，我无法访问它。

基本上，我没有收到任何回复，尽管看起来一切都很好，至少对我来说是这样。 我的网站名为 kolibri.ba，我为www.kolibri.ba和 kolibri.ba 安装了 2 个 SSL。 我尝试了不同的 UFW 设置，将其完全关闭等等。

我的虚拟主机 (kolibri.conf)

<VirtualHost *:80>
        ServerName kolibri.ba
        ServerAlias www.kolibri.ba

        ServerAdmin kontakt@kolibri.ba
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error_mysite.log
        CustomLog ${APACHE_LOG_DIR}/error_access_mysite.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =kolibri.ba [OR]
RewriteCond %{SERVER_NAME} =www.kolibri.ba
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

在 /etc/apache2 中到处搜索“kolibri”看起来像这样

ack "kolibri" /etc/apache2
/etc/apache2/kolibri.conf
4:  ServerAdmin kontakt@kolibri.ba  
5:  ServerName  kolibri.ba    
6:  ServerAlias www.kolibri.ba
16:  ErrorLog /var/log/apache2/error-kolibri.ba.log
17:  CustomLog /var/log/apache2/access-kolibri.ba.log combined

/etc/apache2/sites-available/kolibri.conf
2:        ServerName kolibri.ba
3:        ServerAlias www.kolibri.ba
5:        ServerAdmin kontakt@kolibri.ba
12:RewriteCond %{SERVER_NAME} =kolibri.ba [OR]
13:RewriteCond %{SERVER_NAME} =www.kolibri.ba

/etc/apache2/sites-available/kolibri-2-le-ssl.conf
3:    ServerAdmin kontakt@kolibri.ba
4:    ServerName kolibri.ba
5:    ServerAlias www.kolibri.ba
11:#SSLCertificateFile /etc/letsencrypt/live/www.kolibri.ba/fullchain.pem
12:#SSLCertificateKeyFile /etc/letsencrypt/live/www.kolibri.ba/privkey.pem

/etc/apache2/sites-available/kolibri-le-ssl.conf
3:        ServerName www.kolibri.ba
4:        ServerAlias kolibri.ba
6:        ServerAdmin kontakt@kolibri.ba
14:SSLCertificateFile /etc/letsencrypt/live/kolibri.ba/fullchain.pem
15:SSLCertificateKeyFile /etc/letsencrypt/live/kolibri.ba/privkey.pem
20:        ServerName kolibri.ba
21:        ServerAlias www.kolibri.ba
23:        ServerAdmin kontakt@kolibri.ba
33:# RewriteCond %{SERVER_NAME} =kolibri.ba [OR]
34:# RewriteCond %{SERVER_NAME} =www.kolibri.ba```

I added these lines to my wp-config.php as well

定义（'WP_HOME'，'https://kolibri.ba'）; define( 'WP_SITEURL', 'https://kolibri.ba' ); 定义（'FORCE_SSL_ADMIN'，真）```

防火墙设置如下所示

 sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
Apache Full                ALLOW       Anywhere                  
30000:31000/tcp            ALLOW       Anywhere                  
20:21/tcp                  ALLOW       Anywhere                  
OpenSSH                    ALLOW       Anywhere                  
Apache                     ALLOW       Anywhere                  
20/tcp                     ALLOW       Anywhere                  
21/tcp                     ALLOW       Anywhere                  
40000:50000/tcp            ALLOW       Anywhere                  
990/tcp                    ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
Apache Full (v6)           ALLOW       Anywhere (v6)             
30000:31000/tcp (v6)       ALLOW       Anywhere (v6)             
20:21/tcp (v6)             ALLOW       Anywhere (v6)             
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache (v6)                ALLOW       Anywhere (v6)             
20/tcp (v6)                ALLOW       Anywhere (v6)             
21/tcp (v6)                ALLOW       Anywhere (v6)             
40000:50000/tcp (v6)       ALLOW       Anywhere (v6)             
990/tcp (v6)               ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)  

如果我在我的域本地执行 nmap 443 和 80 端口，它会给出这个

PORT    STATE    SERVICE
80/tcp  open     http
443/tcp filtered https

不确定是 443 filtered state 导致了这个问题还是什么？

最后，我将我的 apache 健康统计数据放在这里：

ubuntu@ip-172-26-0-121:~$ sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: active (running) since Wed 2022-04-20 20:56:26 CEST; 11min ago
  Process: 5339 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 5300 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
  Process: 5344 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 5358 (apache2)
    Tasks: 9 (limit: 2362)
   CGroup: /system.slice/apache2.service
           ├─5358 /usr/sbin/apache2 -k start
           ├─5363 /usr/sbin/apache2 -k start
           ├─5364 /usr/sbin/apache2 -k start
           ├─5365 /usr/sbin/apache2 -k start
           ├─5366 /usr/sbin/apache2 -k start
           ├─5367 /usr/sbin/apache2 -k start
           ├─5382 /usr/sbin/apache2 -k start
           ├─5385 /usr/sbin/apache2 -k start
           └─5386 /usr/sbin/apache2 -k start

Apr 20 20:56:26 ip-172-26-0-121 systemd[1]: Stopped The Apache HTTP Server.
Apr 20 20:56:26 ip-172-26-0-121 systemd[1]: Starting The Apache HTTP Server...
Apr 20 20:56:26 ip-172-26-0-121 systemd[1]: Started The Apache HTTP Server.

我花了 2 天时间对此进行调试，如果正确导入 WordPress 不是那么痛苦的话，到目前为止我会杀死我的实例 15 次。 请帮忙，非常感谢！

Answer 1

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/certificate/apache-certificate.crt
        SSLCertificateKeyFile /etc/apache2/certificate/apache.key
</VirtualHost>

正确配置东西，这应该可以工作，你不需要所有的虚拟主机，只需要一个。 完成后重新启动服务，但如果 SSL 错误，它将失败。