让我们在 debian 9 ISPConfig Apache 中加密更新是可以的,但是 https 失败,因为证书已过期
Lets encrypt renew in debian 9 ISPConfig Apache is ok but https fail because cert is EXPIRED
在更新了 ISPConfig 的 debian 9 服务器中,php 7.3 并允许加密。所有证书的续订都可以。但是当我尝试使用 https 进入站点时,其中一个失败了。浏览器显示证书已过期。
我做
/opt/certbot/certbot-auto
我得到
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com-0001/privkey.pem
Your cert will expire on 2020-03-10. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again with the "certonly" option. To non-interactively renew *all*
of your certificates, run "certbot-auto renew"
然后
service apache2 restart
ssllabs.com 表示证书已过期,浏览器不接受 https 连接。
然后我尝试撤销证书以创建新证书,但随后 apacche 服务器失败并收到此消息:
Error while running apache2ctl configtest.
Action 'configtest' failed.
Apache 错误日志可能包含更多信息。
[Wed Dec 11 22:47:54.922290 2019] [alias:warn] [pid 25196] AH00671: The Alias directive in /etc/apache2/conf-enabled/squirrelmail.conf at line 49 will probably never match because it overlaps an earlier Alias.
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73
AH00526: Syntax error on line 157 of /etc/apache2/sites-enabled/100-mallata.com.vhost:
SSLCertificateFile: file '/var/www/clients/client3/web3/ssl/example.com-le.crt' does not exist or is empty
从错误日志中您可以看到您的配置指向了错误的证书:
SSLCertificateFile: file '/var/www/clients/client3/web3/ssl/example.com-le.crt' does not exist or is empty
所以你应该编辑/etc/apache2/sites-enabled/100-mallata.com.vhost并编辑它指向真正的完整链文件/etc/letsencrypt/live/example.com-0001/fullchain.pem和私钥/etc/letsencrypt/live/example.com-0001/privkey.pem
类似于:
SSLCertificateFile /etc/letsencrypt/live/example.com-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com-0001/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com-0001/fullchain.pem
在更新了 ISPConfig 的 debian 9 服务器中,php 7.3 并允许加密。所有证书的续订都可以。但是当我尝试使用 https 进入站点时,其中一个失败了。浏览器显示证书已过期。
我做
/opt/certbot/certbot-auto
我得到
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com-0001/privkey.pem
Your cert will expire on 2020-03-10. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again with the "certonly" option. To non-interactively renew *all*
of your certificates, run "certbot-auto renew"
然后
service apache2 restart
ssllabs.com 表示证书已过期,浏览器不接受 https 连接。
然后我尝试撤销证书以创建新证书,但随后 apacche 服务器失败并收到此消息:
Error while running apache2ctl configtest.
Action 'configtest' failed.
Apache 错误日志可能包含更多信息。
[Wed Dec 11 22:47:54.922290 2019] [alias:warn] [pid 25196] AH00671: The Alias directive in /etc/apache2/conf-enabled/squirrelmail.conf at line 49 will probably never match because it overlaps an earlier Alias.
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73
AH00526: Syntax error on line 157 of /etc/apache2/sites-enabled/100-mallata.com.vhost:
SSLCertificateFile: file '/var/www/clients/client3/web3/ssl/example.com-le.crt' does not exist or is empty
从错误日志中您可以看到您的配置指向了错误的证书:
SSLCertificateFile: file '/var/www/clients/client3/web3/ssl/example.com-le.crt' does not exist or is empty
所以你应该编辑/etc/apache2/sites-enabled/100-mallata.com.vhost并编辑它指向真正的完整链文件/etc/letsencrypt/live/example.com-0001/fullchain.pem和私钥/etc/letsencrypt/live/example.com-0001/privkey.pem
类似于:
SSLCertificateFile /etc/letsencrypt/live/example.com-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com-0001/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com-0001/fullchain.pem