我尝试为自定义域添加自定义证书,并且还尝试启用自动认证。在这两种情况下,运行heroku certs:info时证书都可以正常显示(此处为自动配置):
Certificate details:
Common Name(s): myapp.mydomain.nl
Expires At: 2019-06-06 11:07 UTC
Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
Starts At: 2019-03-08 11:07 UTC
Subject: /CN=myapp.mydomain.nl
SSL certificate is verified by a root authority.
但是在两种情况下,显示的证书都不会在浏览器或curl -vI中显示。后者为自动证书提供以下输出:
* Rebuilt URL to: https://myapp.mydomain.nl/
* Trying 52.48.187.238...
* Connected to myapp.mydomain.nl (52.48.187.238) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 604 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* SSL: certificate subject name (*.herokuapp.com) does not match target host name 'myapp.mydomain.nl'
* Closing connection 0
curl: (51) SSL: certificate subject name (*.herokuapp.com) does not match target host name 'myapp.mydomain.nl'
当我在证书中清楚地看到我的自定义域时,为什么仍然看到CN的* .herokuapp.com?