使用来自 Cloudflare 的 .pem 和 .key 设置 Ubuntu Apache2 SSL [英] Set up Ubuntu Apache2 SSL using .pem and .key from Cloudflare

问题描述

我正在使用 Cloudflare 在使用 Apache2 的 Ubuntu 20 上设置安全连接.我使用他们的 Origin Server 向导生成以下文件:

I am using Cloudflare to set up a secure connection on Ubuntu 20 using Apache2. I used their Origin Server wizard to generate the following files:

example.com.pem(原产地证书)

example.com.key 文件(私钥)

我给了他们 Cloudflare 建议的扩展.

I gave them the extensions suggested by Cloudflare.

我运行了这个:

 sudo a2enmod ssl
 sudo systemctl restart apache2

这是我的设置:

<VirtualHost *:443>
    ....
    SSLEngine on
    SSLCertificateFile /path/example.com.pem
    SSLCertificateKeyFile /path/example.com.key

非安全站点工作正常(我还没有将其指向安全站点)，但是当我尝试访问安全站点时仍然收到错误 525(SSL 握手失败).(我在运行 sudo a2enmod ssl 命令之前遇到网站关闭错误)

The non-secure site works fine (I haven't pointed it to the secure yet), but I still get error 525 (SSL handshake failed) when I try to access the secure site. (I got a website down error before running the sudo a2enmod ssl command)

我试着看看它是否设置好:

I tried to see if it was set up ok:

apachectl configtest

它只是说语法OK"

(我删除了我尝试过的错误内容 - 我现在知道这是错误的 - 以简化问题.)

( I removed the wrong stuff I tried - which I now know is wrong - to simplify the question.)

推荐答案

使用 Max Ivanov 的评论回答，这有效:

With Max Ivanov's comment answer, this worked:

生成文件

使用 Cloudflare 的 Origin Server 向导生成以下文件:

Use Cloudflare's Origin Server wizard to generate the following files:

example.com.pem(原产地证书)

example.com.pem (Origin Certificate)

example.com.key 文件(私钥)

example.com.key file (Private key)

我给了他们 Cloudflare 建议的扩展.

I gave them the extensions suggested by Cloudflare.

复制到 Ubuntu

将文件复制到 Ubuntu.一个好地方是/etc/ssl

Copy the files to Ubuntu. A good spot is /etc/ssl

添加 .conf 文件的路径

这些文件在/etc/apache2/sites-available

These files are in /etc/apache2/sites-available

您可以使用默认文件或为您的站点创建自己的特定文件.我有 example.com.conf 和 example.com-ssl.conf

You can use the default files or create your own specific for your site. I have example.com.conf and example.com-ssl.conf

将复制的两个文件的路径添加到安全版本(example.com-ssl.conf)

Add the path to the two copied files to the secure version (example.com-ssl.conf)

<VirtualHost *:443>
   ....
   SSLEngine on
   SSLCertificateFile /path/example.com.pem
   SSLCertificateKeyFile /path/example.com.key

告诉 Ubuntu 使用它

如果您创建了自己的 conf 文件，那么您需要将它们添加到 sites-available 中，您可以这样做:

If you created your own conf files, then you'll need to add them to sites-available, which you do like this:

sudo a2ensite example.com.conf
sudo a2ensite example.com-ssl.conf

您可能还需要删除默认设置，具体取决于您的用例.某处有一个命令......

You may also need to remove the default ones, depending on your use case. There's a command somewhere for that...

你还需要运行

sudo a2enmod ssl
sudo systemctl restart apache2

将 Cloudflare 设置为严格

在仪表板中，将 ssl 设置为严格.

In the dashboard, set the ssl to strict.

这篇关于使用来自 Cloudflare 的 .pem 和 .key 设置 Ubuntu Apache2 SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！