帶有虛擬主機和 TLS 證書的 apache2.4：提供了錯誤虛擬主機的證書

我使用 apache2.4 操作託管多個虛擬主機的伺服器。

新託管的域 ( https://www.yachtenwelt.de) 正在正確使用相應的 TLS 證書。此外，我必須確保使用者通過任何給定的組合被重定向到這個域，所以我必須涵蓋：

1. http://yachtenwelt.de
2. http://www.yachtenwelt.de
3. https://yachtenwelt.de

來自非 https 版本 1 和 2 的重定向有效。但是當我使用 #3 時，我收到一個證書警告，指出 TLS 證書中存在名稱不匹配，原因是瀏覽器顯示了我的伺服器上執行的另一個虛擬主機的 TLS 證書（https://www.4-happy-paws.de）。您可以通過https://www.ssllabs.com/ssltest/analyze.html?d=yachtenwelt.de&hideResults=on進行檢查

奇怪的是，如果我仍然繼續，我的瀏覽器 (Chrome) 之後會說 TLS 證書是為兩個域 Yachtenwelt.de 以及www.yachtenwelt.de頒發的正確證書。

遊艇世界的 vhost 配置文件：

<VirtualHost *:80>
ServerName yachtenwelt.de
ServerAlias www.yachtenwelt.de
Redirect / https://www.yachtenwelt.de/
</VirtualHost>

<VirtualHost *:443>
ServerName yachtenwelt.de
Redirect / https://www.yachtenwelt.de/
</VirtualHost>

<VirtualHost *:443>
ServerName www.yachtenwelt.de
DocumentRoot /var/www/vhosts/yachtenwelt.de/html
<Directory "/var/www/vhosts/yachtenwelt.de/html">
   Options +FollowSymLinks
   AllowOverride All
</Directory>
ServerAdmin webmaster@hopf-its.de
ErrorLog /var/www/vhosts/yachtenwelt.de/log/apache2/error.log
LogLevel emerg
TransferLog /var/www/vhosts/yachtenwelt.de/log/apache2/access.log
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/yachtenwelt.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yachtenwelt.de/privkey.pem
</VirtualHost>

4-happy-paws 的 vhost 配置文件：

<VirtualHost *:80>
ServerName www.4-happy-paws.de
ServerAlias 4-happy-paws.de
Redirect / https://www.4-happy-paws.de/
</VirtualHost>

<VirtualHost *:443>
DocumentRoot /var/www/vhosts/4-happy-paws.de/html
ServerName www.4-happy-paws.de
ServerAlias 4-happy-paws.de
Alias /.well-known/acme-challenge/ /var/www/vhosts/4-happy-paws.de/html/.well-known/acme-challenge/
<Directory "/var/www/vhosts/4-happy-paws.de/html">
   Options +FollowSymLinks
   AllowOverride All
</Directory>
<Directory "/var/www/vhosts/4-happy-paws.de/html/.well-known/acme-challenge/">
   Options +FollowSymLinks
   AllowOverride All
</Directory>
ServerAdmin webmaster@hopf-its.de
ErrorLog /var/www/vhosts/4-happy-paws.de/log/apache2/error.log
LogLevel emerg
TransferLog /var/www/vhosts/4-happy-paws.de/log/apache2/access.log
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.4-happy-paws.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.4-happy-paws.de/privkey.pem
</VirtualHost>

apache2ctl -S： 我裁剪了輸出，刪除了我託管的其他域

VirtualHost configuration:
*:443                  is a NameVirtualHost
        default server www.4-happy-paws.de (/etc/apache2/sites-enabled/4-happy-paws.de.conf:7)
        port 443 namevhost www.4-happy-paws.de (/etc/apache2/sites-enabled/4-happy-paws.de.conf:7)
                alias 4-happy-paws.de
        port 443 namevhost yachtenwelt.de (/etc/apache2/sites-enabled/yachtenwelt.de.conf:7)
        port 443 namevhost www.yachtenwelt.de (/etc/apache2/sites-enabled/yachtenwelt.de.conf:12)
*:80                   is a NameVirtualHost
        default server www.4-happy-paws.de (/etc/apache2/sites-enabled/4-happy-paws.de.conf:1)
        port 80 namevhost www.4-happy-paws.de (/etc/apache2/sites-enabled/4-happy-paws.de.conf:1)
                alias 4-happy-paws.de
        port 80 namevhost yachtenwelt.de (/etc/apache2/sites-enabled/yachtenwelt.de.conf:1)
                alias www.yachtenwelt.de
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

apache2ctl -t：

Syntax OK

不幸的是，如果沒有有效的證書，您將無法重定向客戶端。由於 TLS 握手發生在重定向之前。

由於您似乎在使用 Letsencrypt，因此最好的解決方案是獲取具有兩個名稱的證書。如果您使用的是certbot ，則可以-d多次添加 Domain 標誌。

certbot -d yachtenwelt.de -d www.yachtenwelt.de [...]

之後確保在兩個VirtualHost 指令中都包含證書。

<VirtualHost *:443>
ServerName yachtenwelt.de
Redirect / https://www.yachtenwelt.de/
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/yachtenwelt.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yachtenwelt.de/privkey.pem
</VirtualHost>

引用自：https://serverfault.com/questions/1037259