Apache-2.4

SSL 的問題:伺服器證書是 CA 證書

  • November 25, 2020

我的區域網路上有一個自託管的 lubuntu 伺服器,它有一些對我的網路有用的服務(/var/www/html 中的 wordpress、owncloud 和燒瓶應用程序)。問題是幾天前我安裝了一個執行良好的自簽名 ssl 證書,但現在出現以下錯誤:

[Tue Nov 24 17:06:00.072579 2020] [mpm_prefork:notice] [pid 8938] AH00169: caught SIGTERM, shutting down
[Tue Nov 24 17:06:00.334836 2020] [ssl:warn] [pid 9005] AH01906: miservidor.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 24 17:06:00.461929 2020] [ssl:warn] [pid 9019] AH01906: miservidor.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 24 17:06:00.507795 2020] [mpm_prefork:notice] [pid 9019] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1g mod_wsgi/4.6.8 Python/2.7 configured -- resuming normal operations
[Tue Nov 24 17:06:00.516896 2020] [core:notice] [pid 9019] AH00094: Command line: '/usr/sbin/apache2'

這些是我的配置文件:

/etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
       ServerAdmin webmaster@localhost
       ServerName www.miservidor.com
       Redirect / https://miservidor.com/

       DocumentRoot /var/www/html

       ErrorLog ${APACHE_LOG_DIR}/error.log
       CustomLog ${APACHE_LOG_DIR}/access.log combined
       <Directory /var/www/html/>
           AllowOverride All
           Require all granted
       </Directory>
</VirtualHost>

/etc/apache2/sites-available/default-ssl.conf

<IfModule mod_ssl.c>
       <VirtualHost _default_:443>
               ServerName miservidor.com
               DocumentRoot /var/www/html
               ServerAlias www.miservidor.com
               ErrorLog ${APACHE_LOG_DIR}/error.log
               CustomLog ${APACHE_LOG_DIR}/access.log combined
               SSLEngine on
               SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
               SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
               SSLUseStapling off
               <FilesMatch "\.(cgi|shtml|phtml|php)$">
                               SSLOptions +StdEnvVars
               </FilesMatch>
               <Directory /usr/lib/cgi-bin>
                               SSLOptions +StdEnvVars
               </Directory>
          <Directory /var/www>
               AllowOverride All
               Require all granted
          </Directory>

       </VirtualHost>
</IfModule>

自從它工作的那一天起,我已經創建了幾個證書,但都取得了成功。我可以直接使用我的 IP 但不能使用域訪問我的伺服器而不會出現問題。有任何想法嗎?提前致謝。

$$ EDIT $$

執行命令後:

wget -o log.txt miservidor.com

輸出是:

--2020-11-25 09:47:29--  http://miservidor.com/
Resolving miservidor.com (miservidor.com)... 82.98.135.44
Connecting to miservidor.com (miservidor.com)|82.98.135.44|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://hosting.tucuenta.es/cart.php?gid=1 [following]
--2020-11-25 09:47:30--  https://hosting.tucuenta.es/cart.php?gid=1
Resolving hosting.tucuenta.es (hosting.tucuenta.es)... 82.98.134.62
Connecting to hosting.tucuenta.es (hosting.tucuenta.es)|82.98.134.62|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: 'index.html.3'

    0K .......... .......... .......... ...                   1.60M=0.02s

2020-11-25 09:47:41 (1.60 MB/s) - 'index.html.3' saved [34578]

問題是下載它的頁面不是我區域網路上的伺服器,而是網際網路上的另一個頁面。

$$ EDIT $$ 如果我嘗試使用以下方式訪問,這是輸出:

wget -o log.txt https://192.168.1.189


--2020-11-25 09:59:10--  https://192.168.1.189/
Connecting to 192.168.1.189:443... connected.
ERROR: The certificate of '192.168.1.189' is not trusted.
ERROR: The certificate of '192.168.1.189' doesn't have a known issuer.
The certificate's owner does not match hostname '192.168.1.189'

您的 DNS 伺服器正在為您的主機名解析錯誤的 IP 地址。

更正您的 DNS 條目。

引用自:https://serverfault.com/questions/1043844