我正在尝试在我的(沼泽)apache服务器上安装letsencrypt ssl证书。在Windows Server 2012 x64计算机上运行。
这些是我执行的确切步骤:
步骤1。 openssl genrsa -out privatekeyfilename.key 2048 openssl req-新-key privatekeyfilename.key -sha256 -config myconf.cnf -out csrfilename.csr
步骤2。使用csrfilename.csr在https://www.sslforfree.com/上生成了letencrypt证书
步骤3:
重命名为privatekeyfilename.key> my-domain.key并放置在:C:\ wamp \ bin \ apache \ apache2.4.9 \ conf \ certificate \
Letsencrypt证书放置在同一文件夹中,并命名为:my-domain.crt
Letsencrypt CA Bundle放在同一文件夹中,名为:my-domain.ca-bundle
第4步:
调整了httpd-ssl配置:
C:\ wamp \ bin \ apache \ apache2.4.9 \ conf \ extra \ httpd-ssl.conf,
C:\ wamp \ bin \ apache \ apache2.4.9 \ conf \ original \ extra \ httpd-ssl.conf
将这些行添加到配置中,并注释掉旧的行:
SSLCertificateFile c:/wamp/bin/apache/apache2.4.9/conf/certificate/my-domain.crt SSLCertificateKeyFile c:/wamp/bin/apache/apache2.4.9/conf/certificate/my-domain.key SSLCertificateChainFile c:/wamp/bin/apache/apache2.4.9/conf/certificate/my-domain.ca-bundle
(myconf.cnf)
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = NL
ST = Noord-holland
L = Amsterdam
O = JDJ
OU = IT
CN = *.my-domain.com
[v3_req]
keyUsage = critical, digitalSignature, keyAgreement
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = my-domain.com
DNS.2 = *.my-domain.com
我希望ssl证书能够正常工作,但是它给出了错误消息:
https://i.imgur.com/syuuVoy.png
https://i.imgur.com/2jA2aTB.png
有谁知道出什么问题了吗?谢谢。
编辑:由于apache 2.4.8 SSLCertificateChainFile已过时。
我将my-domain.ca-bundle的内容添加到my-domain.crt中,并在conf文件中将SSLCertificateChainFile注释掉。还是一样的错误。
还显示ssl_error.log:
[Fri Aug 16 11:21:06.642778 2019] [ssl:warn] [pid 5256:tid 364] AH01909: my-domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri Aug 16 11:21:06.814657 2019] [ssl:warn] [pid 5256:tid 364] AH01909: my-domain.com:443:0 server certificate does NOT include an ID which matches the server name
答案 0 :(得分:0)
在443上运行了另一个程序。这引起了错误。 从路由器设置中删除了该内容,并使用了ssl。