Apache-2.4
SSL 的問題:伺服器證書是 CA 證書
我的區域網路上有一個自託管的 lubuntu 伺服器,它有一些對我的網路有用的服務(/var/www/html 中的 wordpress、owncloud 和燒瓶應用程序)。問題是幾天前我安裝了一個執行良好的自簽名 ssl 證書,但現在出現以下錯誤:
[Tue Nov 24 17:06:00.072579 2020] [mpm_prefork:notice] [pid 8938] AH00169: caught SIGTERM, shutting down [Tue Nov 24 17:06:00.334836 2020] [ssl:warn] [pid 9005] AH01906: miservidor.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Nov 24 17:06:00.461929 2020] [ssl:warn] [pid 9019] AH01906: miservidor.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Nov 24 17:06:00.507795 2020] [mpm_prefork:notice] [pid 9019] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1g mod_wsgi/4.6.8 Python/2.7 configured -- resuming normal operations [Tue Nov 24 17:06:00.516896 2020] [core:notice] [pid 9019] AH00094: Command line: '/usr/sbin/apache2'
這些是我的配置文件:
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName www.miservidor.com Redirect / https://miservidor.com/ DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined <Directory /var/www/html/> AllowOverride All Require all granted </Directory> </VirtualHost>
/etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerName miservidor.com DocumentRoot /var/www/html ServerAlias www.miservidor.com ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key SSLUseStapling off <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> <Directory /var/www> AllowOverride All Require all granted </Directory> </VirtualHost> </IfModule>
自從它工作的那一天起,我已經創建了幾個證書,但都取得了成功。我可以直接使用我的 IP 但不能使用域訪問我的伺服器而不會出現問題。有任何想法嗎?提前致謝。
$$ EDIT $$
執行命令後:
wget -o log.txt miservidor.com
輸出是:
--2020-11-25 09:47:29-- http://miservidor.com/ Resolving miservidor.com (miservidor.com)... 82.98.135.44 Connecting to miservidor.com (miservidor.com)|82.98.135.44|:80... connected. HTTP request sent, awaiting response... 302 Found Location: https://hosting.tucuenta.es/cart.php?gid=1 [following] --2020-11-25 09:47:30-- https://hosting.tucuenta.es/cart.php?gid=1 Resolving hosting.tucuenta.es (hosting.tucuenta.es)... 82.98.134.62 Connecting to hosting.tucuenta.es (hosting.tucuenta.es)|82.98.134.62|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: 'index.html.3' 0K .......... .......... .......... ... 1.60M=0.02s 2020-11-25 09:47:41 (1.60 MB/s) - 'index.html.3' saved [34578]
問題是下載它的頁面不是我區域網路上的伺服器,而是網際網路上的另一個頁面。
$$ EDIT $$ 如果我嘗試使用以下方式訪問,這是輸出:
wget -o log.txt https://192.168.1.189 --2020-11-25 09:59:10-- https://192.168.1.189/ Connecting to 192.168.1.189:443... connected. ERROR: The certificate of '192.168.1.189' is not trusted. ERROR: The certificate of '192.168.1.189' doesn't have a known issuer. The certificate's owner does not match hostname '192.168.1.189'
您的 DNS 伺服器正在為您的主機名解析錯誤的 IP 地址。
更正您的 DNS 條目。