Apache:为每个虚拟主机设置一个单独的SSL证书

Question

我已经生成了让我们加密(阶段模式)证书并安装在我的web服务器上，我在检查每个证书时遇到的问题与浏览器显示的不同，更糟糕的是，浏览器只为所有域显示一个证书。对于这两个域，我看到如下：

钥匙大小是正确的，但指纹是不同的，为什么呢？

我的httpd.conf

ServerRoot "/etc/httpd"

Listen 80

Listen 443 https
SSLStrictSNIVHostCheck on

Include conf.modules.d/*.conf

User apache
Group apache

ServerAdmin root@localhost

ServerName 15.188.158.148:80
#ServerName highschoolhelper.org

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/var/www/html"

<Directory "/var/www">
    AllowOverride None
    Require all granted
</Directory>


<IfModule dir_module>
    DirectoryIndex index.html index.php
</IfModule>

<Files ".ht*">
    Require all denied
</Files>

ErrorLog "logs/error_log"
LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %v %V %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
    TypesConfig /etc/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>

AddDefaultCharset UTF-8

<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>


EnableSendfile on

IncludeOptional conf.d/*.conf
IncludeOptional conf.d/domains/*.conf

每个vhost配置都有一个类似于以下内容的配置：

<VirtualHost *:80>
    ServerName apple.highschoolhelper.org
    ServerAlias apple.highschoolhelper.org www.apple.highschoolhelper.org
    DocumentRoot /var/www/html/apple.highschoolhelper.org/public_html
    ServerAdmin webmaster@apple.highschoolhelper.org
    DirectoryIndex index.html index.php
    LogLevel warn
    <Directory /var/www/html/apple.highschoolhelper.org/public_html>
        IndexIgnoreReset ON
        IndexIgnore .well-known

        Options +Indexes +FollowSymLinks
        AllowOverride All
    </Directory>
    ErrorLog /var/log/httpd/apple.highschoolhelper.org-error.log
    CustomLog /var/log/httpd/apple.highschoolhelper.org-access.log combined
</VirtualHost>
<VirtualHost *:443>
    ServerName apple.highschoolhelper.org
    ServerAlias apple.highschoolhelper.org www.apple.highschoolhelper.org
    DocumentRoot /var/www/html/apple.highschoolhelper.org/public_html
    ServerAdmin webmaster@apple.highschoolhelper.org
    DirectoryIndex index.html index.php
    LogLevel warn
    <Directory /var/www/html/apple.highschoolhelper.org/public_html>
        IndexIgnoreReset ON
        IndexIgnore .well-known

        Options +Indexes +FollowSymLinks
        AllowOverride All
    </Directory>
    ErrorLog /var/log/httpd/apple.highschoolhelper.org-error.log
    CustomLog /var/log/httpd/apple.highschoolhelper.org-access.log combined


    SSLEngine       on
    SSLCertificateFile      /etc/letsencrypt/live/apple.highschoolhelper.org/apple.highschoolhelper.org_fullchain.crt
    SSLCertificateKeyFile       /etc/letsencrypt/live/apple.highschoolhelper.org/apple.highschoolhelper.org_pkey.pem
</VirtualHost>

主域证书：

-----BEGIN CERTIFICATE-----
MIIGPzCCBSegAwIBAgITAPrxRtrC7JMtDhGS3WITo5TdmTANBgkqhkiG9w0BAQsF
ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0yMDA1MTky
MDA1MDZaFw0yMDA4MTcyMDA1MDZaMB8xHTAbBgNVBAMTFGhpZ2hzY2hvb2xoZWxw
ZXIub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmMg9z4hIP1do
sL3qQ1pqpl9JpNpqYE4NeI0/8HEDvC7Io08S3y9HzR+WxDzXWJl+Xv7z2DSHVd1i
3dKtT5I3kRe9T3gWFfN7yUtVYaXDZOMpCPnyIS8EXEj6n1ZzHBSe/xjqpu26ccoc
39fN3SdYYwqzwL7Ev1+DOLf24Y9iUFIvEPeN0im//mHOE5jB3BqaBcI7yyr/32jv
tYnM01jUXza7XKqarqESJR4mb6p9RmW8o8wPeorzoozrRietHAwtHCOSxGoDu2gc
A5KZm8W004N91LQrH3zwxoUakLD8I9MK3W+2LG8/fo5mA8ep8WXbx+Im8lTfqqlN
ifM+QJQLovZ+qI8w1qixDh9adX6qUswvm9WBfMSrYzhKbQYQNmEWSe9zjPSXyMBx
nVngnXdi4vewsxdfuCHWic0ZqZ/LNVD44fDU1771BNDWkTlToFO7K8EwGcoLpvoQ
B5G1sk4BnnWsAGEj/AgwJZASHCf/xiPVPtJJq4K2/3dKSMypbCqjV2avq66XsJjQ
I7p254ZEzwuf9XHdKoXidxxtQkj2JhLhLcfZwC87nWibAFg+Eej2Yzauhqli9JT4
WKUxepTUkuitSZBPxxvL9lES/iFO3O2UpJnPFlBwDPeRRNNk4hW2COSDrCeOK2Mr
o5f4H+wAUjp9aBpCqDON20g5JUkjXDkCAwEAAaOCAm8wggJrMA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
ADAdBgNVHQ4EFgQUIrTLihg9aowEbnynDXIGnAjdf9gwHwYDVR0jBBgwFoAUwMwD
RrlYIMxccnDz4S7LIKb1aDowdwYIKwYBBQUHAQEEazBpMDIGCCsGAQUFBzABhiZo
dHRwOi8vb2NzcC5zdGctaW50LXgxLmxldHNlbmNyeXB0Lm9yZzAzBggrBgEFBQcw
AoYnaHR0cDovL2NlcnQuc3RnLWludC14MS5sZXRzZW5jcnlwdC5vcmcvMB8GA1Ud
EQQYMBaCFGhpZ2hzY2hvb2xoZWxwZXIub3JnMEwGA1UdIARFMEMwCAYGZ4EMAQIB
MDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2Vu
Y3J5cHQub3JnMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUAxj8iGMN9VqaqBrWW
2o5T1NcVbR6brI5E0iAt5k1p2dwAAAFyLsEaJQAABAMARjBEAiBpP5ZJ+Xvv8ue2
cC25iWtsx5emTQdPzQqVyQGbpORT1AIgO5sXtftd3fo0tf4QaJgYht8QK9CaYFvE
g+Mdqy73qiIAdQAW6GnB0ZXq18P4lxrj8HYB94zhtp0xqFIYtoN/MagVCAAAAXIu
wRwOAAAEAwBGMEQCIAE9gQM4lMdxIuTWHJgQ88LXtnY/FFY3tG/t5+fIkWDdAiAk
4Oc2A0Ap5noO/DHh2b9c9LMGQLJLKa3s5V0YsIgkLDANBgkqhkiG9w0BAQsFAAOC
AQEARCQpteMb+z33OLthsj4C5EReV9uf9AkSOjNh7kNjpOk8KfiYTSqJPGm70UtC
peJP/cu25YMIU1RGIpoM77dPCciEH6d/jRxac6WcUeREuIrhu8UtoNMUdUv6XZqV
Pe9RGG/QaMAN1NFdMdG9QLvYAUv+BtU4AcknHeG3swu6ADFuIcprhNNhCLzzMdTr
TlVvYjRX0OURVZXoS7Ikgz403HVH0zwbAxMr0C5trp5kFjAYzo6jYqloLELVJVA+
G0aPcwkJiTGNK7eyNAmX9qglC+rejgAqm2xTVXMDRG4CDFpeBKNq0d3MDMW5magA
n319hW664vpJA/EFmS+ydP4fRA==
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw
GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2
MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB0
8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym
oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0
ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN
xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56
dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9
AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw
HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0
BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu
b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu
Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq
hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF
UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9
AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zp
DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7
IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf
zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI
PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w
SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em
2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0
WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt
n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU=
-----END CERTIFICATE-----

域apple.highschoolhelper.org证书：

-----BEGIN CERTIFICATE-----
MIIGbjCCBVagAwIBAgITAPpvUR1otz/jWG6vt8AJyofqHjANBgkqhkiG9w0BAQsF
ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0yMDA1MTky
MzExMDVaFw0yMDA4MTcyMzExMDVaMCUxIzAhBgNVBAMTGmFwcGxlLmhpZ2hzY2hv
b2xoZWxwZXIub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuXLg
clxj5xGYpNTL5a9ALvR6TYQ53qPX484S9ge4R77yTtgXvQ+AETQVVbm6GINL0gn1
LcvSCZyG6miwab7mpJ92n+CWOw4jjxJYeO7FbtgzyBG2Nf/HFAjOcrGIH1wUcMd0
WITlN3Sd18fKuIp0qdr4KZDMp+ZL9m3DXg0MpTW/DOF2Y2O1djREBj9y7CQ0AtRx
1uFnDVvW0+QjXXS5h5xn6EMzs0SC56+tR24AOqpPUKgqPXsqmayH1Bg5reOb2IkQ
UoTjtFeJ/I8teJvlY56YQsdUdy+EIxdBhVP6QMdzMkHhmonyMK5s9peZxmgbedSU
miTumgtvMhIYRua+1K2fNOXHkX9RUURqHtG61X5cC/naX3zjtN0/RtFjyN9vWn3o
IX5lsrPztrVIzvffMrgABPZKi2mOZlbfKiGEtfvpXDaVi1rXtGiF6wwcuH1WnLkf
spA6MQRQsyjF1OqTtgCRmw1O3MewsY5sNr8UVEm+VOVjpRLlQGQETBzIKD1EG8Mv
jk9Vh+cky4g+8MpLU0rug4PnRf8q8PHb+OJY7z7JwrTB1FpoMowDEXRet6WXt8xo
K0kNP6kjm/5LWTa51w+NQxralHCZM/zIOwQSfQrEbwp81ynCbtVQ2vBUfoFE4g/q
4VnD0Vpf64lz5e2fz0oyXfJCvCfjp8+S6RFeLEECAwEAAaOCApgwggKUMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQUHfyOwwQAbuPSvQXuqw8veEDKNUwwHwYDVR0jBBgw
FoAUwMwDRrlYIMxccnDz4S7LIKb1aDowdwYIKwYBBQUHAQEEazBpMDIGCCsGAQUF
BzABhiZodHRwOi8vb2NzcC5zdGctaW50LXgxLmxldHNlbmNyeXB0Lm9yZzAzBggr
BgEFBQcwAoYnaHR0cDovL2NlcnQuc3RnLWludC14MS5sZXRzZW5jcnlwdC5vcmcv
MEUGA1UdEQQ+MDyCGmFwcGxlLmhpZ2hzY2hvb2xoZWxwZXIub3Jngh53d3cuYXBw
bGUuaGlnaHNjaG9vbGhlbHBlci5vcmcwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYL
KwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlw
dC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwDGPyIYw31WpqoGtZbajlPU
1xVtHpusjkTSIC3mTWnZ3AAAAXIva2MBAAAEAwBIMEYCIQC3Ltiqm33XnHx5o61n
1Xk4QQ+5tw+FdPmbjavwN3kH6AIhAJOFzpcpBE5DVpzgZV6nGoOkLmNUq4MP5JZj
vciD/Hs9AHYAsMyD5aX5fWuvfAnMKEkEhyrH6IsTLGNQt8b9JuFsbHcAAAFyL2tk
7wAABAMARzBFAiAp/2OTOdE5cpkjxllo3JPIl4wvavE4HTD6v3Nb1ypIuwIhAPzi
p9KkgpLXJu49gEIWAin1oLW9dx6+3yfBq7tbgGVnMA0GCSqGSIb3DQEBCwUAA4IB
AQAEbgpLWNqapM5aa+/aKhtBZWlI14IqWBB+TX08mFc6XpLsFTDr2pcd9xC1GABA
NVy710WIzOSRWinRWKtuKtmQwv/+L9tkBXq0+OLdbkKWwYVqHtoiGMA+oHMBwvlj
w5reYdAOeHWuP5R0rISoWEgZv/O0OvFZAE0uWjKiOtYVO6TefPvpKjQX7TlMYQM5
TpDiSJJNZJ+8E4/UBczdAiqAvwoEf1W7dtwwIg6E7UFxa2xfsUrD3EDCPhSxTCKL
QFZ+/vVuvEjZOa3ronGGDV9DWPHNacsv1Hb8f/+xxKXGV3eVEhZDjBcPNt0f4c8p
hu8IGAGFrHWlmwYjkxRLlwgV
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw
GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2
MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB0
8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym
oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0
ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN
xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56
dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9
AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw
HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0
BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu
b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu
Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq
hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF
UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9
AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zp
DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7
IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf
zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI
PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w
SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em
2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0
WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt
n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU=
-----END CERTIFICATE-----

Answer 1

我现在可以在https://highschoolhelper.org中看到的证书是由"cPanel，Inc.证书颁发机构“颁发的。这意味着您的主机提供商正在使用一个cPanel系统，该系统覆盖您在文件中所做的任何配置的某些部分，或者可能是一个以集中方式管理其所有客户的SSL/TLS支持的设置。

您可能需要使用某种托管控制面板来为主域配置证书，而不是直接修改the服务器配置。

托管服务提供商也可能会有某种程度的自动化，以固定的时间间隔运行，并更新某些内容，因此，一些变化可能在你一开始就无法在互联网上看到，而只是在自动化完成了工作之后。

如果您不确定，请参考您的主机供应商的文件或联系他们的进一步说明。只有他们才能确切地知道他们的系统是如何建立的。

我目前在https://apple.highschoolhelper.org上看到的证书与您为它发布的证书相匹配，指纹也匹配。

根据您的配置，https://apple.highschoolhelper.org的证书应该在文件/etc/letsencrypt/live/apple.highschoolhelper.org/apple.highschoolhelper.org_fullchain.crt中找到，该文件与前面提到的*.csr不匹配--我想您做了一些更改吧？

您可以在服务器上通过以下方式检查证书文件的指纹：

openssl x509 -in /etc/letsencrypt/live/apple.highschoolhelper.org/apple.highschoolhelper.org_fullchain.crt -noout -fingerprint -sha256

如果这与浏览器显示的SHA-256指纹匹配，则该证书将正确工作。

您发布的主域证书是一个自签名的证书，它的主题字段和发布域都是C=AU, ST=Aust, L=City, O=Default Company Ltd, CN=aws-host。这看起来像是托管提供商自动化生成的默认证书，该证书只能在虚拟主机和提供程序的集中式系统之间使用，后者为主域提供SSL/TLS。