apache - 为我的虚拟主机设置 SSL

Question

我在我的服务器上创建了一个虚拟主机，我想为它设置 HTTPS。 我已经复制了另一个虚拟主机文件，但我得到了

"Your connection is not secure"

该文件在其他站点 (site1) 上运行良好。我是否也应该为第二个网站 (mywebsite.com) 创建不同的证书？如果是，那我该怎么做。 这是我的 /etc/apache2/sites-available/www.mywebsite.com.conf

<VirtualHost *:80>

        ServerAdmin webmaster@localhost
        ServerName www.dev.clevvermail.com
        DocumentRoot /var/www/vhosts/ww.mywebsite.com-dev/current           
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        Redirect 301 / https://www.mywebsite.com/
</VirtualHost>

<IfModule mod_ssl.c>
        <VirtualHost *:443>
                ServerAdmin webmaster@localhost
                DocumentRoot /var/www/vhosts/mywebsite.com-dev/current
                ServerName www.dev.clevvermail.com
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                SSLEngine on
                SSLCertificateFile      /etc/letsencrypt/live/www2.site1.com-0001/cert.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/www2.site1.com-0001/privkey.pem

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /var/www/vhosts/mywebsite.com-dev/ >
                Options Indexes FollowSymLinks
                AllowOverride All
         </Directory>
         <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
         </Directory>
            SSLCertificateChainFile /etc/letsencrypt/live/www2.site1.com-0001/chain.pem
</VirtualHost>
</IfModule>

Answer 1

您只需为您的 VirtualHost mywebsite.com 使用不同的 SSL 证书 我看到您正在使用 Letsencrypt，因此您可以创建一个新证书，如下所示(您说该证书适用于 site1，所以 Letsencrypt 安装正常):

cd /opt/letsencrypt

您可以查看谁在使用 443 端口:

sudo netstat -t -l -n -p | grep 443

大多数时候它会是 Apache，所以停止它:

sudo service apache2 stop

创建证书

sudo -H ./letsencrypt-auto certonly --standalone -d www.mywebsite.com

你会得到:

IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/www.mywebsite.com/fullchain.pem. Your cert will expire on 2017-07-17. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew all of your certificates, run "letsencrypt-auto renew"

然后设置到.conf文件中重启apache2

...
SSLCertificateFile      /etc/letsencrypt/live/www.mywebsite.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mywebsite.com/privkey.pem
...

不要忘记启动 Apache:

sudo service apache2 start