<VirtualHost *:80>
ServerName example.com
Redirect 301 / https://example.com/
</VirtualHost>
<VirtualHost *:443>
Servername example.com
DocumentRoot /var/www/example.com/wav
ErrorLog /var/log/apache2/example.com/www/error.log
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
尝试使用openssl进行验证时:
openssl s_client -connect example.com -port 443
我理解到以下的内容:
我得到了以下结果:
CONNECTED(00000003)
140229655213824:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 202 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1541086087
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
看起来握手没问题,但证书没有被发送。
值得指出的是,Apache日志没有报告任何错误 - 只有通常的“启动/关闭”消息。 apache2ctl configtest
没有报告任何问题。
openssl s_client -connect ip:port -debug
命令来打印包的内容。我们发现这个5字节的包是“HTTP”。原因是我们试图使用curl与一个只提供HTTP服务的服务器进行HTTPS通信。我们的解决方案如下。 - Chris