Ssl
非WWW 在萬用字元證書上獲得ERR_CERT_COMMON_NAME_INVALID
我有一個來自 Let’s Encrypt 的網站 (*.storyfortwo.com) 萬用字元證書。
當我訪問 http://storyfortwo.com>或<http://www.storyfortwo.com(無 SSL)時,它們都被重定向到https://www.storyfortwo.com並且載入正確。
在https://www.storyfortwo.com(帶有 WWW)上,一切都很好。
當我轉到https://storyfortwo.com(沒有 WWW)時,它給了我 ERR_CERT_COMMON_NAME_INVALID 錯誤。
我將 Apache2 (2.4.29) 與 VirtualHost 文件一起使用:
<VirtualHost *:80> ServerName storyfortwo.com ServerAlias www.storyfortwo.com DocumentRoot /var/www/storyfortwo.com/www # Redirect Requests to SSL Redirect permanent / https://www.storyfortwo.com/ </VirtualHost>
和
<IfModule mod_ssl.c> <VirtualHost *:443> ServerName storyfortwo.com ServerAlias www.storyfortwo.com DocumentRoot /var/www/storyfortwo.com/www ErrorLog ${APACHE_LOG_DIR}/storyfortwo.com.error.log CustomLog ${APACHE_LOG_DIR}/storyfortwo.com.access.log combined SSLEngine on SSLCertificateFile /etc/letsencrypt/live/storyfortwo.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/storyfortwo.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/storyfortwo.com/chain.pem <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /var/www/storyfortwo.com/www> SSLOptions +StdEnvVars AllowOverride All Require all granted </Directory> </VirtualHost> </IfModule>
我究竟做錯了什麼?
*.example.com
不匹配example.com
。您需要將裸域作為 CN(萬用字元常見)或作為 SAN(主題備用名稱)的證書。
您是否已將域
storyfortwo.com
添加到證書中?沒有它與證書storyfortwo.com
中的萬用字元不匹配。*.storyfortwo.com