Apache2 на сервере Ubuntu SSL-сертификат перезаписывается

Мой веб-сервер eternialogic.comУ меня есть бесплатный 90-дневный лицензионный ключ instantssl.com.

Всякий раз, когда я иду eternialogic.com, это говорит о том, что сертификат "самоподписан" для ubuntu,

Журнал ошибок:

[Wed Oct 14 17:14:57.863602 2015] [ssl:warn] [pid 31565] AH01909: RSA certificate configured for eternialogic.com:443 does NOT include an ID which matches the server name
[Wed Oct 14 17:14:57.864075 2015] [ssl:warn] [pid 31565] AH01909: RSA certificate configured for eternialogic.com:443 does NOT include an ID which matches the server name
[Wed Oct 14 17:14:57.864182 2015] [ssl:warn] [pid 31565] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Oct 14 17:14:57.908892 2015] [ssl:warn] [pid 31567] AH01909: RSA certificate configured for eternialogic.com:443 does NOT include an ID which matches the server name
[Wed Oct 14 17:14:57.909307 2015] [ssl:warn] [pid 31567] AH01909: RSA certificate configured for eternialogic.com:443 does NOT include an ID which matches the server name
[Wed Oct 14 17:14:57.909416 2015] [ssl:warn] [pid 31567] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Oct 14 17:14:57.914767 2015] [mpm_prefork:notice] [pid 31567] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.13 OpenSSL/1.0.1f mod_wsgi/3.4 Python/2.7.6 configured -- resuming normal operations
[Wed Oct 14 17:14:57.914806 2015] [core:notice] [pid 31567] AH00094: Command line: '/usr/sbin/apache2'

по умолчанию-ssl.conf:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin eternialogic@gmail.com
        ServerName eternialogic.com

        DocumentRoot /var/www/

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        SSLCertificateFile  /etc/apache2/ssl/eternialogic_com.crt
        SSLCertificateKeyFile /etc/apache2/ssl/ssl.private.key
        SSLCertificateChainFile /etc/apache2/ssl/eternialogic_com.ca-bundle
        #SSLCertificateFile /etc/apache2/ssl/eternialogic_com.ca-bundle

        #   Server Certificate Chain:
        #   Point SSLCertificateChainFile at a file containing the
        #   concatenation of PEM encoded CA certificates which form the
        #   certificate chain for the server certificate. Alternatively
        #   the referenced file can be the same as SSLCertificateFile
        #   when the CA certificates are directly appended to the server
        #   certificate for convinience.


        DocumentRoot /var/www/
        <Directory />
            Options FollowSymLinks
            AllowOverride None
        </Directory>
        <Directory /var/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride None
            Order allow,deny
            allow from all
        </Directory>

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined

        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
            Options Indexes MultiViews FollowSymLinks
            AllowOverride None
            Order deny,allow
            Deny from all
            Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>
    </VirtualHost>
</IfModule> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

ports.conf:

Listen 83

<IfModule ssl_module>
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Источник

1 ответ

Let's Encrypt - лучший ssl-провайдер, предлагающий бесплатные ssl-сертификаты. Let's Encrypt также предлагает функцию автоматического обновления, поэтому очень просто не только устанавливать, но и обновлять каждые 3 месяца автоматически.

Инструкция по установке Let's Encrypt SSL

  • Открытый терминал SSH
  • Установить зависимости сервера sudo apt-get update
  • Установить Git `sudo apt-get установить git
  • Установить Let's Encrypt sudo git clone https://github.com/certbot/certbot /opt/letsencrypt
  • Перейти в каталог cd /opt/letsencrypt
  • Установить на домен ./certbot-auto –apache -d example.com -d www.example.com

Это оно!! Также вы можете автоматизировать задачу продления, создав задание cron. Вот источник для этого Установите SSL в Ubuntu и Automate Renewal`

Источник
Другие вопросы по тегам