我为我的两个网站做了自签名 SSL 证书。w2.local 和 c2.local (按照以下步骤:https://medium.com/@tbusser/creating-a-browser-trusted-self-signed-ssl-certificate-2709ce43fd15)并在虚拟主机中配置它:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName w2.local
ServerAlias www.w2.local
DocumentRoot /var/www/w2
ErrorLog ${APACHE_LOG_DIR}/w2_error.log
CustomLog ${APACHE_LOG_DIR}/w2_access.log combined
<Directory "/var/www/w2">
Options Indexes FollowSymLinks MultiViews
Require all granted
AllowOverride All
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName w2.local
ServerAlias www.w2.local
DocumentRoot /var/www/w2
ErrorLog ${APACHE_LOG_DIR}/w2_ssl_error.log
CustomLog ${APACHE_LOG_DIR}/w2_ssl_access.log combined
<Directory "/var/www/w2">
Options Indexes FollowSymLinks MultiViews
Require all granted
AllowOverride All
</Directory>
#adding custom SSL cert
SSLEngine on
SSLCertificateFile /home/vagrant/cert/w2.local.crt
SSLCertificateKeyFile /home/vagrant/cert/w2.local.key
</VirtualHost>
当我尝试打开http://w2.local 时,连接工作正常,但 https 不起作用并显示:Firefox 中的 SSL_ERROR_RX_RECORD_TOO_LONG 和 Chrome 中的 ERR_SSL_PROTOCOL_ERROR。
我尝试启用 ssl 但它已经启用:
vagrant@vag:/$ sudo a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled
我重新启动了 apache 服务,没有错误/通知引用证书。
vagrant@vag:/$ systemctl status apache2.service
● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Mon 2020-05-18 10:02:33 CEST; 9s ago
Docs: man:systemd-sysv-generator(8)
Process: 3087 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 3111 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
Tasks: 56
Memory: 7.8M
CPU: 75ms
CGroup: /system.slice/apache2.service
├─3129 /usr/sbin/apache2 -k start
├─3132 /usr/sbin/fcgi-pm -k start
├─3133 /usr/sbin/apache2 -k start
└─3134 /usr/sbin/apache2 -k start
May 18 10:02:32 vag systemd[1]: Starting LSB: Apache2 web server...
May 18 10:02:32 vag apache2[3111]: * Starting Apache httpd web server apache2
May 18 10:02:32 vag apache2[3111]: AH00112: Warning: DocumentRoot [/var/www/myproject.com] does not exist
May 18 10:02:32 vag apache2[3111]: AH00112: Warning: DocumentRoot [/var/www/params/public/paramsApp/web] does not exist
May 18 10:02:32 vag apache2[3111]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name,
May 18 10:02:33 vag apache2[3111]: *
May 18 10:02:33 vag systemd[1]: Started LSB: Apache2 web server.
我尝试使用 curl 测试连接:
vagrant@vag:/$ hostname -I
10.0.2.15 192.168.33.15
vagrant@vag:/$ curl -V
curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets
vagrant@vag:/$ curl -v --cacert ./home/vagrant/cert/rootCA.pem --resolve w2.local:443:10.0.2.15 https://w2.local/
* Added w2.local:443:10.0.2.15 to DNS cache
* Hostname w2.local was found in DNS cache
* Trying 10.0.2.15...
* Connected to w2.local (10.0.2.15) port 443 (#0)
* found 1 certificates in ./home/vagrant/cert/rootCA.pem
* found 594 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: An unexpected TLS packet was received.
* Closing connection 0
curl: (35) gnutls_handshake() failed: An unexpected TLS packet was received.
vagrant@vag:/$ curl -v --cacert ./home/vagrant/cert/rootCA.pem --resolve w2.local:443:192.168.33.15 https://w2.local/
* Added w2.local:443:192.168.33.15 to DNS cache
* Hostname w2.local was found in DNS cache
* Trying 192.168.33.15...
* Connected to w2.local (192.168.33.15) port 443 (#0)
* found 1 certificates in ./home/vagrant/cert/rootCA.pem
* found 594 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: An unexpected TLS packet was received.
* Closing connection 0
curl: (35) gnutls_handshake() failed: An unexpected TLS packet was received.
我还应该检查什么来解决这个问题?