如何绑定具有crt文件的SSL证书

Question

我正在我的网站上安装SSL证书，我尝试了以下步骤，但仍然没有网站在https中运行，并且仍然在http上工作。

我已经将我的crt文件绑定在下面

<VirtualHost _default_:443>
DocumentRoot /var/www/http
    ServerName my_domain.com
SSLEngine on
SSLCertificateFile /path/to/coolexample.crt
SSLCertificateKeyFile /path/to/privatekey.key
SSLCertificateChainFile /path/to/intermediate.crt

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
                    SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
                    SSLOptions +StdEnvVars
    </Directory>
    BrowserMatch "MSIE [2-6]" \
                    nokeepalive ssl-unclean-shutdown \
                    downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>

键入此命令apache2ctl configtest后，它将显示语法OK

但是在输入了最后一个命令apache2ctl restart之后，它显示了以下错误消息

httpd未运行，试图启动 (13)拒绝许可: AH00072: make_sock:无法绑定到地址：：80 (13)权限被拒绝: AH00072: make_sock:无法绑定到地址0.0.0.0:80 没有监听套接字，关闭 AH00015:无法打开日志 动作“重新启动”失败。 Apache错误日志可能包含更多信息。

Answer 1

要激活SSL加密，需要为端口443提供额外的VirtualHost。这通常是在平台依赖的Apache/conf/extra/httpd-ssl.conf中完成的。

在这样的文件中，您需要一个类似于(Windows示例)的条目：

<VirtualHost *:443>
  DocumentRoot "C:/webserver/html/my_html"
  ServerName www.example.com
  Protocols h2 http/1.1

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:SEED-SHA:DHE-RSA-SEED-SHA:!DSS
  SSLHonorCipherOrder on
  SSLCompression off
  SSLCertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/portal.digipen.de-crt.pem"
  SSLCertificateKeyFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/portal.digipen.de-key.pem"
  SSLCACertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/ca-portal.digipen.de-crt.pem"

  <IfModule headers_module>
  Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
  Header always set x-frame-options "SAMEORIGIN"
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-XSS-Protection "1; mode=block"
  </IfModule>

  BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

  SSLProxyEngine on

  EnableSendfile off
  EnableMMAP off 
</VirtualHost>