在使用ISPConfig更新的debian 9服务器中,php 7.3进行加密。可以续签所有证书。但是当我尝试使用https进入站点时,其中之一失败了。浏览器说证书已过期。
我制作
/opt/certbot/certbot-auto
我得到
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com-0001/privkey.pem
Your cert will expire on 2020-03-10. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again with the "certonly" option. To non-interactively renew *all*
of your certificates, run "certbot-auto renew"
然后
service apache2 restart
ssllabs.com说证书已过期,浏览器不接受https连接。
然后我尝试撤消证书以创建新证书,但随后apacche服务器失败并得到此消息:
Error while running apache2ctl configtest.
Action 'configtest' failed.
Apache错误日志可能包含更多信息。
[Wed Dec 11 22:47:54.922290 2019] [alias:warn] [pid 25196] AH00671: The Alias directive in /etc/apache2/conf-enabled/squirrelmail.conf at line 49 will probably never match because it overlaps an earlier Alias.
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/sites-enabled/000-ispconfig.conf:73
AH00526: Syntax error on line 157 of /etc/apache2/sites-enabled/100-mallata.com.vhost:
SSLCertificateFile: file '/var/www/clients/client3/web3/ssl/example.com-le.crt' does not exist or is empty
从错误日志中,您可以看到您的配置指向错误的证书:
SSLCertificateFile: file '/var/www/clients/client3/web3/ssl/example.com-le.crt' does not exist or is empty
因此,您应该编辑/etc/apache2/sites-enabled/100-mallata.com.vhost并将其编辑为指向实际的完整链文件/etc/letsencrypt/live/example.com-0001/fullchain.pem和私钥/etc/letsencrypt/live/example.com-0001/privkey.pem
类似:
SSLCertificateFile /etc/letsencrypt/live/example.com-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com-0001/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com-0001/fullchain.pem