我在数字海洋中有一个LAMP服务器,我安装了它Wordpress,直到2周前我的网站都没有问题,我从godaddy.com购买了ssl证书,并且我做了什么 https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority 本教程说。它没有用,在我做完这些事情之后,我再也无法访问我的网站了。因此,我尝试了其他一些方法,但没有一个起作用。
我的网站:http://gobokolektif.com/或https://gobokolektif.com/
我的“ 000-default.conf”看起来像这样:
<VirtualHost *:80>
ServerName gobokolektif.com
ServerAlias www.gobokolektif.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName gobokolektif.com
ServerAlias www.gobokolektif.com
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
ServerAdmin root@gobokolektif.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/gobokolektif.com.crt
SSLCertificateKeyFile /etc/ssl/gobokolektif.com.key
SSLCACertificateFile /etc/ssl/intermediate.crt
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
```
我的“ default-ssl.conf”看起来像这样:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin root@localhost
ServerName gobokolektif.com:443
DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
我的ports.conf看起来像这样:
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
我的“ apache2.conf”看起来像这样:
Mutex file:${APACHE_LOCK_DIR} default
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
#<Directory /srv/>
# Options Indexes FollowSymLinks
# AllowOverride None
# Require all granted
#</Directory>
AccessFileName .htaccess
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
ServerName localhost
我的ssl证书位于:/ etc / ssl /
当我尝试写“ -f /var/log/apache2/error.log”时会说:
[Thu Aug 16 12:41:02.962437 2018] [ssl:emerg] [pid 9602] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed
[Thu Aug 16 12:49:35.182760 2018] [ssl:emerg] [pid 9658] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed
[Thu Aug 16 12:50:05.754441 2018] [ssl:emerg] [pid 9692] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed
[Thu Aug 16 12:53:48.496877 2018] [ssl:emerg] [pid 9736] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed
[Thu Aug 16 13:18:07.360925 2018] [ssl:emerg] [pid 9944] AH02565: Certificate and private key gobokolektif.com:443:0 from /etc/ssl/gobokolektif.com.crt and /etc/ssl/gobokolektif.com.key do not match
AH00016: Configuration Failed
“服务apache2状态”此命令的输出为
apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: inactive (dead) since Thu 2018-08-16 11:13:56 UTC; 1h 4min ago
Docs: man:systemd-sysv-generator(8)
Process: 9056 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS
Process: 9037 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCE
Aug 16 11:13:55 gobokolektif systemd[1]: Stopped LSB: Apache2 web server.
Aug 16 11:13:55 gobokolektif systemd[1]: Starting LSB: Apache2 web server...
Aug 16 11:13:56 gobokolektif apache2[9037]: * Starting Apache httpd web server
Aug 16 11:13:56 gobokolektif apache2[9037]: Action 'start' failed.
Aug 16 11:13:56 gobokolektif apache2[9037]: The Apache error log may have more i
Aug 16 11:13:56 gobokolektif apache2[9037]: *
Aug 16 11:13:56 gobokolektif apache2[9056]: * Stopping Apache httpd web server
Aug 16 11:13:56 gobokolektif apache2[9056]: *
Aug 16 11:13:56 gobokolektif systemd[1]: Started LSB: Apache2 web server.
Aug 16 11:14:16 gobokolektif systemd[1]: apache2.service: Unit cannot be reloade
语法没有问题。我该怎么办?
我很累,我不知道如何解决这个问题,有人可以帮助我吗?
答案 0 :(得分:0)
您已在000-default.conf中安装了新的ssl证书,并且 还已在default-ssl.conf中安装了示例“ snake oil” ssl证书。
替换 SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key 与 SSLCertificateFile /etc/ssl/gobokolektif.com.crt SSLCertificateKeyFile /etc/ssl/gobokolektif.com.key SSLCACertificateFile /etc/ssl/intermediate.crt
然后从000-default.conf删除上面的块
并重新启动apache。
此外,您还可以从letsencrypt.org获取免费的ssl证书。没有理由您需要为此付费。