使用Cloudflare中的.pem和.key设置Ubuntu Apache2 SSL [英] Set up Ubuntu Apache2 SSL using .pem and .key from Cloudflare

问题描述

我正在使用Cloudflare使用Apache2在Ubuntu 20上建立安全连接.我使用了他们的Origin Server向导来生成以下文件:

I am using Cloudflare to set up a secure connection on Ubuntu 20 using Apache2. I used their Origin Server wizard to generate the following files:

example.com.pem (原始证书)

example.com.key 文件(私钥)

我给了他们Cloudflare建议的扩展名.

I gave them the extensions suggested by Cloudflare.

我跑了这个

 sudo a2enmod ssl
 sudo systemctl restart apache2

这是我的设置:

<VirtualHost *:443>
    ....
    SSLEngine on
    SSLCertificateFile /path/example.com.pem
    SSLCertificateKeyFile /path/example.com.key

非安全站点工作正常(我尚未将其指向安全站点)，但是当我尝试访问安全站点时，仍然出现错误525(SSL握手失败).(我在运行sudo a2enmod ssl命令之前遇到了网站关闭错误)

The non-secure site works fine (I haven't pointed it to the secure yet), but I still get error 525 (SSL handshake failed) when I try to access the secure site. (I got a website down error before running the sudo a2enmod ssl command)

我试图查看是否设置正确:

I tried to see if it was set up ok:

apachectl configtest

它只是说语法正确"

(为了简化问题，我删除了我尝试过的错误内容-我现在知道这是错误的.)

( I removed the wrong stuff I tried - which I now know is wrong - to simplify the question.)

推荐答案

有了Max Ivanov的评论，就可以了:

With Max Ivanov's comment answer, this worked:

生成文件

使用Cloudflare的Origin Server向导生成以下文件:

Use Cloudflare's Origin Server wizard to generate the following files:

example.com.pem(原始证书)

example.com.pem (Origin Certificate)

example.com.key文件(私钥)

example.com.key file (Private key)

我给了他们Cloudflare建议的扩展名.

I gave them the extensions suggested by Cloudflare.

复制到Ubuntu

将文件复制到Ubuntu.一个好地方是/etc/ssl

Copy the files to Ubuntu. A good spot is /etc/ssl

添加.conf文件的路径

这些文件位于/etc/apache2/sites-available

These files are in /etc/apache2/sites-available

您可以使用默认文件或为您的站点创建自己的特定文件.我有example.com.conf和example.com-ssl.conf

You can use the default files or create your own specific for your site. I have example.com.conf and example.com-ssl.conf

将两个复制文件的路径添加到安全版本(example.com-ssl.conf)

Add the path to the two copied files to the secure version (example.com-ssl.conf)

<VirtualHost *:443>
   ....
   SSLEngine on
   SSLCertificateFile /path/example.com.pem
   SSLCertificateKeyFile /path/example.com.key

告诉Ubuntu使用它

如果您创建了自己的conf文件，则需要将其添加到可用的站点中，您可以这样做:

If you created your own conf files, then you'll need to add them to sites-available, which you do like this:

sudo a2ensite example.com.conf
sudo a2ensite example.com-ssl.conf

根据使用情况，您可能还需要删除默认值.某处有一个命令...

You may also need to remove the default ones, depending on your use case. There's a command somewhere for that...

您还需要运行

sudo a2enmod ssl
sudo systemctl restart apache2

将Cloudflare设置为严格"

在信息中心中，将ssl设置为严格".

In the dashboard, set the ssl to strict.

这篇关于使用Cloudflare中的.pem和.key设置Ubuntu Apache2 SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！