让加密子域不安全
Lets Encrypt subdomain not secure
我的域(domain.com 和 www.domain.com)有一个 LetsEncrypt SSL 证书。现在,我想将 workflow.domain.com 添加到证书中。我尝试通过以下命令使用 certbot 的扩展选项:
certbot -d domain.com -d www.domain.com -d workflow.domain.com --expand
Certbot 返回了成功响应。但是,浏览器仍然显示不安全...
所以,我已经吊销了我的证书以开始清理。
我 运行 带有 certbot --apache 的 certbot。它正确显示了我的 3 个选项,所以我选择了所有 3 个以包含在证书中。
certbot returns 没有错误,尽管浏览器在 workflow.domain.com?
上一直显示我不安全
certbot certificates的输出如下图:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Found the following certs:
Certificate Name: domain.com
Domains: domain.com workflow.domain.com www.domain.com
Expiry Date: 2019-12-20 15:05:24+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/domain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/domain.com/privkey.pem
-------------------------------------------------------------------------------
请注意,其他 2 个域(domain.com 和 www.domain.com)显示为安全域
子域的虚拟主机配置如下所示:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName workflow.domain.com
serverAdmin info@domain.com
DocumentRoot /var/www/Domain/Workflow
<Directory /var/www/Domain/Workflow>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
AddType application/x-font-ttf ttc ttf
AddType application/x-font-otf otf
AddType application/font-woff woff
AddType application/font-woff2 woff2
AddType application/vnd.ms-fontobject eot
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =domain.com [OR]
# RewriteCond %{SERVER_NAME} =www.domain.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
</VirtualHost>
</IfModule>
原来是缺少重定向到 https 的问题。重写代码在子域上有注释。您可以将这些行添加到虚拟主机配置中:
RewriteCond %{SERVER_NAME} = workflow.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
请考虑编辑问题,使其反映实际问题。
我只需要将此标志添加到我的 docker-compose.yml 文件中的 certbot 服务:(--expand -d someone.me,www .someone.me,bo.someone.me)
command: certonly --webroot --webroot-path=/var/www/html --email someone.someone@gmail.com --agree-tos --no-eff-email --force-renewal --expand -d someone.me,www.someone.me,bo.someone.me
我的域(domain.com 和 www.domain.com)有一个 LetsEncrypt SSL 证书。现在,我想将 workflow.domain.com 添加到证书中。我尝试通过以下命令使用 certbot 的扩展选项:
certbot -d domain.com -d www.domain.com -d workflow.domain.com --expand
Certbot 返回了成功响应。但是,浏览器仍然显示不安全...
所以,我已经吊销了我的证书以开始清理。
我 运行 带有 certbot --apache 的 certbot。它正确显示了我的 3 个选项,所以我选择了所有 3 个以包含在证书中。
certbot returns 没有错误,尽管浏览器在 workflow.domain.com?
certbot certificates的输出如下图:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Found the following certs:
Certificate Name: domain.com
Domains: domain.com workflow.domain.com www.domain.com
Expiry Date: 2019-12-20 15:05:24+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/domain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/domain.com/privkey.pem
-------------------------------------------------------------------------------
请注意,其他 2 个域(domain.com 和 www.domain.com)显示为安全域
子域的虚拟主机配置如下所示:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName workflow.domain.com
serverAdmin info@domain.com
DocumentRoot /var/www/Domain/Workflow
<Directory /var/www/Domain/Workflow>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
AddType application/x-font-ttf ttc ttf
AddType application/x-font-otf otf
AddType application/font-woff woff
AddType application/font-woff2 woff2
AddType application/vnd.ms-fontobject eot
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =domain.com [OR]
# RewriteCond %{SERVER_NAME} =www.domain.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
</VirtualHost>
</IfModule>
原来是缺少重定向到 https 的问题。重写代码在子域上有注释。您可以将这些行添加到虚拟主机配置中:
RewriteCond %{SERVER_NAME} = workflow.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
请考虑编辑问题,使其反映实际问题。
我只需要将此标志添加到我的 docker-compose.yml 文件中的 certbot 服务:(--expand -d someone.me,www .someone.me,bo.someone.me)
command: certonly --webroot --webroot-path=/var/www/html --email someone.someone@gmail.com --agree-tos --no-eff-email --force-renewal --expand -d someone.me,www.someone.me,bo.someone.me