我有一台运行Debian 8.1的服务器,其中包含Apache 2.4.10和OpenSSL 1.0.1k。 我有一个域example.com,其中包含一些子域,如www.example.com,cloud.example.com和db.example.com,这些子域都是服务器(A-Records)。 所有这些子域都有自己的VirtualHosts,并拥有自己的SSL证书。此外,如果您使用其他域或IP发送HTTPS请求,您将获得包含自签名证书的页面。 一切都运行良好,直到我重新启动我的服务器。 现在,当我请求example.com(没有子域名前缀)时,我得到了自签名的crt。子域工作得非常好。我有以下vHost-Configs:
(因为我只想要HTTPS,我对所有HTTP连接都有重写规则)
000-default.conf
<VirtualHost *:80>
ServerAdmin admin@example.com
RewriteEngine On
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@example.com
DocumentRoot /var/www
<Directory /var/www>
AllowOverride All
Require all granted
</Directory>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
ErrorLog ${APACHE_LOG_DIR}/error.ssl.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.ssl.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/default/ca.crt
SSLCertificateKeyFile /etc/ssl/certs/default/ca.key
</VirtualHost>
</IfModule>
www.example.com.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@example.com
ServerName www.example.com
ServerAlias example.com
DocumentRoot /var/www/example
<Directory /var/www/example>
AllowOverride All
Require all granted
</Directory>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
ErrorLog ${APACHE_LOG_DIR}/error.ssl.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.ssl.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/www.example.com/ca.crt
SSLCertificateKeyFile /etc/ssl/certs/www.example.com/ca.key
SSLCertificateChainFile /etc/ssl/certs/www.example.com/sub.class1.server.ca.pem
SSLCACertificateFile /etc/ssl/certs/www.example.com/ca.pem
</VirtualHost>
</IfModule>
cloud.example.com.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@example.com
ServerName cloud.example.com
DocumentRoot /var/www/example
<Directory /var/www/example>
AllowOverride All
Require all granted
</Directory>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
ErrorLog ${APACHE_LOG_DIR}/error.ssl.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.ssl.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/www.example.com/ca.crt
SSLCertificateKeyFile /etc/ssl/certs/www.example.com/ca.key
SSLCertificateChainFile /etc/ssl/certs/www.example.com/sub.class1.server.ca.pem
SSLCACertificateFile /etc/ssl/certs/www.example.com/ca.pem
</VirtualHost>
</IfModule>
我真的希望有人可以帮助我!
答案 0 :(得分:0)
主机名是示例(如域名,但没有.com)所以我将主机名更改为一些随机输入,重启后一切正常。当我更改主机名时,即使重启后它也能继续工作。
答案 1 :(得分:0)
对我来说,改变VirtualHosts的顺序有助于解决问题,将故障的VirtualHost置于conf文件的顶部。