Let's Encrypt 证书的问题:https://www.website.com 无法使用重定向到 https://website.com [英] Issue with Let's Encrypt certificate : https://www.website.com not working with redirection to https://website.com

问题描述

我为网站(此处称为 website.com)生成的证书存在问题.

我可以在浏览器中输入 http://www.website.com 并成功重定向到 https://website.com 如我所愿(生成证书让我们加密).我已经用 Apache2 重写规则完成了这个重定向.当我键入 http://website.com 时，重定向到 https://website.com 也可以正常工作.

现在，当我直接在浏览器 https://wwww.website.com 中输入时，我遇到了一个问题:我收到以下错误:

为了生成让我们加密的证书，我执行了以下命令:

./certbot-auto certonly --no-bootstrap --no-self-upgrade --renew-by-default -a Standalone -d website.com --rsa-key-size 4096

我想为 website.com 和 www.website.com 生成一个证书:上面的命令是 cerbot-auto对此是否正确?

似乎在我从 Debian 7 迁移到 Debian 10 之前，我在浏览器的证书信息窗口中有一个 *.website.com 名称，但我不确定.

如何输入 https://www.website.com 并正确重定向到 https://website.com 没有出现上图所示的错误?

更新 1

单个证书是否足以执行所有重定向，我的意思是在我的情况下只有一个证书 website.com ?我以前的操作系统就是这种情况，我认为我只有一个 uniq 证书(用于 website.com).

我想要以下重定向:

http://website.com ----->https://website.comhttp://www.website.com ----->https://website.comhttps://www.website.com ----->https://website.com

除了包含目录 podcast 的 URL，我希望在该目录中保持 HTTP 模式.

所以，来自 Ref: Apache 重定向 www到非 www 和 HTTP 到 HTTPS，我做到了:

RewriteCond %{HTTPS} 关闭 [OR]RewriteCond %{HTTP_HOST} ^www.[NC]RewriteCond %{REQUEST_URI} !^/播客 [NC]RewriteRule ^ https://website.com%{REQUEST_URI} [L,NE,R=301]

这些重写规则似乎正确吗?

不幸的是，如果我直接输入 https://www.website.com，我不会被重定向到 https://website.com 和警告窗口图出现上图，不知道怎么办.

更新 2

1) Let's Encrypt 提供生成通配符"证书的可能性吗?我的意思是当我们查看证书时，格式为 *.website.com在浏览器中.

2) 此外，有谁知道如何使用 apache2 重写规则允许重定向的规则 https://www.website.com 到 https://website.com.p>

为了获得更多信息，我开始赏金了.在赏金结束时，我会讨论如何从 https://www.website.com<进行重定向/a> 到 https://website.com (这些 URL 在相同的 href 标签下被屏蔽为赏金，但它们是不同).

更新 3

感谢您的回答.我认为我的问题与通配符证书无关，因为我只想从 https://www.website.com 到 https://website.com (不要考虑上面的 UPDATE 2strong>.当然，一个简单的重写规则就足够了.在我当前的操作系统(Debian 10)之前，我运行良好的所有配置文件，我现在再次尝试使用.特别是，我只使用了一个使用选项生成的证书"-d website.com"(我没有使用第二个域www.website.com").

我将尝试修改这些重写规则以获得此重定向，而不必生成 www.website.com 证书文件.

解决方案

您可以尝试对原始 certbot-auto 命令运行此小更新，以使您的证书包含额外的 www.website.com 域名(我相信这就是约翰·汉利在评论你原来的问题时所说的)请注意，根据一个来源(下面的letsencrypt社区链接)，如果您已经设置了URL重写规则，则可能必须删除它们，然后才能进行认证过程.(如果你运行命令并得到一个错误，这可能就是原因)

./certbot-auto certonly --no-bootstrap --no-self-upgrade --renew-by-default -a 独立 -d website.com -d www.website.com --rsa-钥匙尺寸 4096

可能有用的参考资料:

certbot 的命令参数参考(手册页)https://certbot.eff.org/docs/man/certbot.html?highlight=bootstrap

让我们对添加新域的社区讨论进行加密https://community.letsencrypt.org/t/add-a-domain-using-certbot-auto/33660

letsencrypt 用于更新现有证书的文档https://certbot.eff.org/docs/using.html#re-creating-and-updating-existing-certificates请注意，根据手册页，--renew-by-default 意味着--expand，在这些示例中使用(--expand 只是让您不必回答是否有意更新现有证书)

我认为您的重写规则看起来几乎没有问题，如前所述，它可能需要暂时删除以生成证书.在这些规则之前，您可能需要RewriteEngine On":

重写引擎开启RewriteCond %{HTTPS} 关闭 [或]RewriteCond %{HTTP_HOST} ^www.[NC]RewriteCond %{REQUEST_URI} !^/播客 [NC]RewriteRule ^ https://website.com%{REQUEST_URI} [L,NE,R=301]

关于通配符证书的问题，它们是受支持的，但只有在附加插件的帮助下.在这里查看更多:https://certbot.eff.org/docs/using.html?highlight=wildcard#id14

I have an issue with the certicate that I have generated for a website (dubbed here website.com).

I can type in brower http://www.website.com and successfully redirected to https://website.com as I wanted (with a certificate generated by let's encrypt). I have done this redirection with Rewrite Rules with Apache2. The redirection to https://website.com also works fine when I type http://website.com.

Now, I am face to an issue when I type directly in browser https://wwww.website.com : I get the following error :

To generate let's encrypt certifcate, I have executed the following command :

./certbot-auto certonly --no-bootstrap --no-self-upgrade --renew-by-default -a standalone -d website.com --rsa-key-size 4096

I would like to generate a certificate working both for website.com and www.website.com : is the command above with cerbot-auto correct for this ?

It seems that before my migration from Debian 7 to Debian 10, I had a *.website.com name in the certifcate info window of the browser but I am not sure.

How to type https://www.website.com and to be correctly redirected to https://website.com without having the error illustrated in the figure above ?

Update 1

Is a single certificate sufficient to make all the redirections to be performed, I mean in my case only one certificate website.com ? This was the case on my previous OS, I think that I had only a uniq certificate (for website.com).

I want to have the following redirections :

http://website.com -----> https://website.com

http://www.website.com -----> https://website.com

https://www.website.com -----> https://website.com

except for URL containing the directory podcast where I want to stay in HTTP mode.

So, from Ref: Apache redirect www to non-www and HTTP to HTTPS, I did :

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www. [NC]
RewriteCond %{REQUEST_URI} !^/podcast [NC]
RewriteRule ^ https://website.com%{REQUEST_URI} [L,NE,R=301]

Does these Rewrite rules seem to be correct ?

Unfortunately, if I type directly https://www.website.com, I am not redirected to https://website.com and the Warning window figure above appears, I don't know what to do.

Update 2

1) Does Let's Encrypt offer the possibility to generate a "wildcards" certificate ?, I mean under the form *.website.com when we look at the certificate in browsers.

2) Moreover, Does anyone know how to perform with apache2 Rewrite rules the rule which allows to redirect https://www.website.com to https://website.com.

To have more informations, I am starting a bounty. At the end of the bounty, I talk about what to do to make a redirection from https://www.website.com to https://website.com (these URL are masked into bounty under the same href tag but they are different).

Update 3

Thanks for your answers. I think my issue is not about wildcards certificates since I just want a redirection from https://www.website.com to https://website.com (don't take into account of the UPDATE 2 above. Surely a simple rewrite rule should be enough. Before my current OS (Debian 10), I was running well all my config files that I try to use again now. Especially, I was using only one certificate generated with the option "-d website.com" (I didn't use a second domain "www.website.com").

I am going to try to modify these rewrite rules to get this redirection without being obliged to generate a www.website.com certificate files.

解决方案

You could try running this minor update to your original certbot-auto command to get your certificate to include the additional www.website.com domain name (I believe this is what John Hanley was talking about in his comment on your original question) Please note, according to one source (letsencrypt community link below) you may have to remove URL rewrite rules if you already have them set up, before the certification process will work. (if you run the command and get an error, that might be why)

./certbot-auto certonly --no-bootstrap --no-self-upgrade --renew-by-default -a standalone -d website.com -d www.website.com --rsa-key-size 4096

references that might be helpful:

command paramter reference for certbot (man page) https://certbot.eff.org/docs/man/certbot.html?highlight=bootstrap

letsencrypt community discussion of adding a new domain https://community.letsencrypt.org/t/add-a-domain-using-certbot-auto/33660

letsencrypt documentation for updating an existing certificate https://certbot.eff.org/docs/using.html#re-creating-and-updating-existing-certificates note, according to the man page, --renew-by-default implies --expand, which is used in these examples (--expand just prevents you from having to answer whether you are intentionally updating the existing certificate)

I think your rewrite rule looks mostly fine as it is, as mentioned before it might need to be removed temporarily to get you certificate generated. And you may need "RewriteEngine On" before those rules:

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www. [NC]
RewriteCond %{REQUEST_URI} !^/podcast [NC]
RewriteRule ^ https://website.com%{REQUEST_URI} [L,NE,R=301]

And to the question about wildcard certificates, they are supported but only with the help of additional plugins. See more here: https://certbot.eff.org/docs/using.html?highlight=wildcard#id14

这篇关于Let's Encrypt 证书的问题:https://www.website.com 无法使用重定向到 https://website.com的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！