我成功使用Letsencrypt生成证书,并使用以下方法将它们上传到Heroku:
this-site ********$ heroku addons:create ssl:endpoint
Creating ssl-graceful-41756... done, ($20.00/month)
Adding ssl-graceful-41756 to this-site... done
Next add your certificate with `heroku certs:add CERT KEY`.
Use `heroku addons:docs ssl` to view documentation.
this-site ********$ sudo heroku certs:add /etc/letsencrypt/live/www.this-site.com/fullchain.pem /etc/letsencrypt/live/www.this-site.com/privkey.pem
Resolving trust chain... done
Adding SSL Endpoint to this-site... done
this-site now served by qwasf-34234.herokussl.com
Certificate details:
Common Name(s): www.this-site.com
Expires At: 2016-09-02 19:15 UTC
Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
Starts At: 2016-06-04 19:15 UTC
Subject: /CN=www.this-site.com
SSL certificate is verified by a root authority.
然而,当我访问qwasf-34234.herokussl.com时,它无效。它有一个页面说:Heroku |没有这样的应用;该主机名没有配置应用程序。 也许应用程序所有者已将其重命名,或者您错误输入了该网址。
我正在复制并粘贴heroku给我的确切新主机。转到https://qwasf-34234.herokussl.com会产生相同的页面。
我通过以下方式验证了证书:
this-site ********$ heroku certs
Endpoint Common Name(s) Expires Trusted
-------------------------- --------------------- -------------------- -------
qwasf-34234.herokussl.com www.this-site.com 2016-09-02 19:15 UTC True
更多检查:
this-site *******$ curl -kvI https://www.this-site.com
* Rebuilt URL to: https://www.michaelsutyak.com/
* Trying 23.21.142.230...
* Connected to www.this-site.com (23.21.142.230) port 443 (#0)
* TLS 1.2 connection using TLS_********************
* Server certificate: *.herokuapp.com
* Server certificate: DigiCert ******
* Server certificate: DigiCert *******
> HEAD / HTTP/1.1
> Host: www.this-site.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Server: Cowboy
Server: Cowboy
< Connection: keep-alive
Connection: keep-alive
< Vary: Accept-Encoding
Vary: Accept-Encoding
< Content-Type: text/html; charset=utf-8
Content-Type: text/html; charset=utf-8
< Date: Sat, 04 Jun 2016 20:57:00 GMT
Date: Sat, 04 Jun 2016 20:57:00 GMT
< Via: 1.1 vegur
Via: 1.1 vegur
<
* Connection #0 to host www.this-site.com left intact
这里发生了什么,这怎么办?我只想为我的网站https。
答案 0 :(得分:1)
您无法直接访问Heroku SSL端点。该端点表示您需要将域指向的主机名,如Heroku文章的DNS and domain configuration中所述。
如果要指向子域(例如www.this-site.com),请在DNS托管提供商中创建DNS记录CNAME,将www记录指向Heroku SSL端点:
www CNAME qwasf-34234.herokussl.com
如果要指向根域(this-site.com),则需要使用支持根域的CNAME类记录的提供,explained in this Heroku article为you can't use a CNAME for the root domain
确保您的域名仍未指向herokuapp.com主机名。
您可以通过向SSL端点发送cURL请求来测试我的断言,但是传递Host标头(如浏览器所做的那样)。
$ curl -i qwasf-34234.herokussl.com -H "Host: www.this-site.com"
答案 1 :(得分:0)
您无法访问Heroku为您提供的qwasf-34234.herokussl.com域名。相反,您应该将DNS更改为指向CNAME,而不是qwasf-34234.herokuapp.com。