Apache-2.4

遷移伺服器後的 SSL_ERROR_RX_RECORD_TOO_LONG

  • May 26, 2018

我在 OVH VPS(debian、apache、SSL)上有一個功能齊全的網站。我試圖將其遷移到 scaleway VPS。我更改了 DNS 條目,複製了 apache 配置文件和證書文件,但它不起作用。然後我嘗試使用letsencrypt生成新證書,但是當我嘗試通過https連接我的網站時仍然得到SSL_ERROR_RX_RECORD_TOO_LONG。

這是我的 apache 配置文件:

Listen 80
Listen 443 https

<VirtualHost mydomain.fr:80>
       ServerName mydomain.fr
       DocumentRoot /var/www/html
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost mydomain.fr:443>
       ServerName mydomain.fr
       DocumentRoot /var/www/html

       SSLCertificateFile /etc/letsencrypt/live/mydomain.fr/fullchain.pem
       SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.fr/privkey.pem
       Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>
</IfModule>

令我驚訝的是 certbot 腳本返回成功,但 ssllabs.com 站點診斷出問題。

certbot certonly -d mydomain.fr

給我

Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for mydomain.fr
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/001_csr-certbot.pem

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
  /etc/letsencrypt/live/mydomain.fr/fullchain.pem. Your cert
  will expire on 2017-11-29. To obtain a new or tweaked version of
  this certificate in the future, simply run certbot again. To
  non-interactively renew *all* of your certificates, run "certbot
  renew"
- If you like Certbot, please consider supporting our work by:

  Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
  Donating to EFF:                    https://eff.org/donate-le

嘗試將您的虛擬主機更改為

<VirtualHost _default_:443>
       ServerName mydomain.fr
       DocumentRoot /var/www/html
</VirtualHost>

預設標記或*****可能會因未知原因而起作用。

引用自:https://serverfault.com/questions/871244