Ssl

非WWW 在萬用字元證書上獲得ERR_CERT_COMMON_NAME_INVALID

  • October 9, 2018

我有一個來自 Let’s Encrypt 的網站 (*.storyfortwo.com) 萬用字元證書。

當我訪問 http://storyfortwo.com>或<http://www.storyfortwo.com(無 SSL)時,它們都被重定向到https://www.storyfortwo.com並且載入正確。

https://www.storyfortwo.com(帶有 WWW)上,一切都很好。

當我轉到https://storyfortwo.com(沒有 WWW)時,它給了我 ERR_CERT_COMMON_NAME_INVALID 錯誤。

我將 Apache2 (2.4.29) 與 VirtualHost 文件一起使用:

&lt;VirtualHost *:80&gt;
   ServerName storyfortwo.com
   ServerAlias www.storyfortwo.com
   DocumentRoot /var/www/storyfortwo.com/www

   # Redirect Requests to SSL
   Redirect permanent / https://www.storyfortwo.com/
&lt;/VirtualHost&gt;

&lt;IfModule mod_ssl.c&gt;
   &lt;VirtualHost *:443&gt;
       ServerName storyfortwo.com
       ServerAlias www.storyfortwo.com
       DocumentRoot /var/www/storyfortwo.com/www    

       ErrorLog ${APACHE_LOG_DIR}/storyfortwo.com.error.log
       CustomLog ${APACHE_LOG_DIR}/storyfortwo.com.access.log combined

       SSLEngine on
       SSLCertificateFile /etc/letsencrypt/live/storyfortwo.com/cert.pem
       SSLCertificateKeyFile /etc/letsencrypt/live/storyfortwo.com/privkey.pem
       SSLCertificateChainFile /etc/letsencrypt/live/storyfortwo.com/chain.pem

       &lt;FilesMatch "\.(cgi|shtml|phtml|php)$"&gt;
           SSLOptions +StdEnvVars
       &lt;/FilesMatch&gt;

       &lt;Directory /var/www/storyfortwo.com/www&gt;
           SSLOptions +StdEnvVars
           AllowOverride All
           Require all granted
       &lt;/Directory&gt;

   &lt;/VirtualHost&gt;
&lt;/IfModule&gt;

我究竟做錯了什麼?

*.example.com不匹配example.com。您需要將裸域作為 CN(萬用字元常見)或作為 SAN(主題備用名稱)的證書。

您是否已將域storyfortwo.com添加到證書中?沒有它與證書storyfortwo.com中的萬用字元不匹配。*.storyfortwo.com

引用自:https://serverfault.com/questions/934686