使用Cloudflare中的.pem和.key设置Ubuntu Apache2 SSL [英] Set up Ubuntu Apache2 SSL using .pem and .key from Cloudflare
问题描述
我正在使用Cloudflare使用Apache2在Ubuntu 20上建立安全连接.我使用了他们的Origin Server向导来生成以下文件:
I am using Cloudflare to set up a secure connection on Ubuntu 20 using Apache2. I used their Origin Server wizard to generate the following files:
example.com.pem (原始证书)
example.com.key 文件(私钥)
我给了他们Cloudflare建议的扩展名.
I gave them the extensions suggested by Cloudflare.
我跑了这个
sudo a2enmod ssl
sudo systemctl restart apache2
这是我的设置:
<VirtualHost *:443>
....
SSLEngine on
SSLCertificateFile /path/example.com.pem
SSLCertificateKeyFile /path/example.com.key
非安全站点工作正常(我尚未将其指向安全站点),但是当我尝试访问安全站点时,仍然出现错误525(SSL握手失败).(我在运行sudo a2enmod ssl命令之前遇到了网站关闭错误)
The non-secure site works fine (I haven't pointed it to the secure yet), but I still get error 525 (SSL handshake failed) when I try to access the secure site. (I got a website down error before running the sudo a2enmod ssl command)
我试图查看是否设置正确:
I tried to see if it was set up ok:
apachectl configtest
它只是说语法正确"
(为了简化问题,我删除了我尝试过的错误内容-我现在知道这是错误的.)
( I removed the wrong stuff I tried - which I now know is wrong - to simplify the question.)
推荐答案
有了Max Ivanov的评论,就可以了:
With Max Ivanov's comment answer, this worked:
生成文件
使用Cloudflare的Origin Server向导生成以下文件:
Use Cloudflare's Origin Server wizard to generate the following files:
example.com.pem(原始证书)
example.com.pem (Origin Certificate)
example.com.key文件(私钥)
example.com.key file (Private key)
我给了他们Cloudflare建议的扩展名.
I gave them the extensions suggested by Cloudflare.
复制到Ubuntu
将文件复制到Ubuntu.一个好地方是/etc/ssl
Copy the files to Ubuntu. A good spot is /etc/ssl
添加.conf文件的路径
这些文件位于/etc/apache2/sites-available
These files are in /etc/apache2/sites-available
您可以使用默认文件或为您的站点创建自己的特定文件.我有example.com.conf和example.com-ssl.conf
You can use the default files or create your own specific for your site. I have example.com.conf and example.com-ssl.conf
将两个复制文件的路径添加到安全版本(example.com-ssl.conf)
Add the path to the two copied files to the secure version (example.com-ssl.conf)
<VirtualHost *:443>
....
SSLEngine on
SSLCertificateFile /path/example.com.pem
SSLCertificateKeyFile /path/example.com.key
告诉Ubuntu使用它
如果您创建了自己的conf文件,则需要将其添加到可用的站点中,您可以这样做:
If you created your own conf files, then you'll need to add them to sites-available, which you do like this:
sudo a2ensite example.com.conf
sudo a2ensite example.com-ssl.conf
根据使用情况,您可能还需要删除默认值.某处有一个命令...
You may also need to remove the default ones, depending on your use case. There's a command somewhere for that...
您还需要运行
sudo a2enmod ssl
sudo systemctl restart apache2
将Cloudflare设置为严格"
在信息中心中,将ssl设置为严格".
In the dashboard, set the ssl to strict.
这篇关于使用Cloudflare中的.pem和.key设置Ubuntu Apache2 SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!