具有动态apache虚拟主机的非通配符证书 [英] Non-wildcard certificates with dynamic apache vhosts

问题描述

我正在尝试根据用来连接到服务器的URL动态读取SSL证书的位置.我尝试了几种不同的方法，但是似乎都没有用.目前，我具有以下配置

I'm trying to dynamically read the location of the SSL certificates depending on which url was used to connect to my server. I have attempted a few different ways but none seem to work. Currently I have the config as noted below

UseCanonicalName Off

listen 443

<VirtualHost *:443>
  ServerName example
  ServerAlias *

  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/%0/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/%0/privkey.pem

  VirtualDocumentRoot /var/www/vhosts/%-2/%-3+/public
</VirtualHost>

这里的问题是，当我启动apache时，我收到一条错误消息，提示它找不到ssl证书的文件位置，指出"/etc/letsencrypt/live/%0/cert.pem"

The problem here is that when I start apache I get an error saying it can't find the file location for the ssl certificate stating '/etc/letsencrypt/live/%0/cert.pem'

因此看来％0并未被网址替换.

So it seems the %0 is not being replaced by the url.

当我仅手动替换网址中的％0时，则表示该网址具有有效的SSL

When I replace only %0 by the url manually then said url has working SSL

推荐答案

来自文档:

变量％0引用了请求的服务器名称，如Host:标头中所示.

The variable %0 references the requested servername, as indicated in the Host: header.

Host标头是HTTP请求的一部分.仅在成功进行TLS握手后，HTTP请求才可用.该握手需要证书.因此，%0不能用于指定证书的路径.

The Host header is part of the HTTP request. The HTTP request is only available after the successful TLS handshake. The certificate is needed for this handshake. Thus, %0 can not be used to specify the path to the certificate.

我怀疑其他任何变量是否可以用于此目的，因为证书是在启动时加载的，因此文件名必须在启动时已经可用.

I doubt that any other variables will be possible for this purpose since the certificates are loaded at startup and thus the file names have to be available already at start.

这篇关于具有动态apache虚拟主机的非通配符证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！