使用来自 Cloudflare 的 .pem 和 .key 设置 Ubuntu Apache2 SSL [英] Set up Ubuntu Apache2 SSL using .pem and .key from Cloudflare
问题描述
我正在使用 Cloudflare 在使用 Apache2 的 Ubuntu 20 上设置安全连接.我使用他们的 Origin Server 向导生成以下文件:
I am using Cloudflare to set up a secure connection on Ubuntu 20 using Apache2. I used their Origin Server wizard to generate the following files:
example.com.pem(原产地证书)
example.com.key 文件(私钥)
我给了他们 Cloudflare 建议的扩展.
I gave them the extensions suggested by Cloudflare.
我运行了这个:
sudo a2enmod ssl
sudo systemctl restart apache2
这是我的设置:
<VirtualHost *:443>
....
SSLEngine on
SSLCertificateFile /path/example.com.pem
SSLCertificateKeyFile /path/example.com.key
非安全站点工作正常(我还没有将其指向安全站点),但是当我尝试访问安全站点时仍然收到错误 525(SSL 握手失败).(我在运行 sudo a2enmod ssl 命令之前遇到网站关闭错误)
The non-secure site works fine (I haven't pointed it to the secure yet), but I still get error 525 (SSL handshake failed) when I try to access the secure site. (I got a website down error before running the sudo a2enmod ssl command)
我试着看看它是否设置好:
I tried to see if it was set up ok:
apachectl configtest
它只是说语法OK"
(我删除了我尝试过的错误内容 - 我现在知道这是错误的 - 以简化问题.)
( I removed the wrong stuff I tried - which I now know is wrong - to simplify the question.)
推荐答案
使用 Max Ivanov 的评论回答,这有效:
With Max Ivanov's comment answer, this worked:
生成文件
使用 Cloudflare 的 Origin Server 向导生成以下文件:
Use Cloudflare's Origin Server wizard to generate the following files:
example.com.pem(原产地证书)
example.com.pem (Origin Certificate)
example.com.key 文件(私钥)
example.com.key file (Private key)
我给了他们 Cloudflare 建议的扩展.
I gave them the extensions suggested by Cloudflare.
复制到 Ubuntu
将文件复制到 Ubuntu.一个好地方是/etc/ssl
Copy the files to Ubuntu. A good spot is /etc/ssl
添加 .conf 文件的路径
这些文件在/etc/apache2/sites-available
These files are in /etc/apache2/sites-available
您可以使用默认文件或为您的站点创建自己的特定文件.我有 example.com.conf 和 example.com-ssl.conf
You can use the default files or create your own specific for your site. I have example.com.conf and example.com-ssl.conf
将复制的两个文件的路径添加到安全版本(example.com-ssl.conf)
Add the path to the two copied files to the secure version (example.com-ssl.conf)
<VirtualHost *:443>
....
SSLEngine on
SSLCertificateFile /path/example.com.pem
SSLCertificateKeyFile /path/example.com.key
告诉 Ubuntu 使用它
如果您创建了自己的 conf 文件,那么您需要将它们添加到 sites-available 中,您可以这样做:
If you created your own conf files, then you'll need to add them to sites-available, which you do like this:
sudo a2ensite example.com.conf
sudo a2ensite example.com-ssl.conf
您可能还需要删除默认设置,具体取决于您的用例.某处有一个命令......
You may also need to remove the default ones, depending on your use case. There's a command somewhere for that...
你还需要运行
sudo a2enmod ssl
sudo systemctl restart apache2
将 Cloudflare 设置为严格
在仪表板中,将 ssl 设置为严格.
In the dashboard, set the ssl to strict.
这篇关于使用来自 Cloudflare 的 .pem 和 .key 设置 Ubuntu Apache2 SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!