在Windows Apache上安装SSL

edqdpe6u  于 2022-11-24  发布在  Windows
关注(0)|答案(2)|浏览(125)

1.我想做的事:

I have a domain example.me, and a sub-domain text.example.me which is hosted on my Windows Server. It's running Apache with php 5.6
我要使用Let's Encrypt和此工具https://github.com/PKISharp/win-acme安装SSL证书

2.问题:

它似乎不工作,我得到以下错误时,试图访问https://test.example.me
此站点无法提供安全连接

3.到目前为止我所做的

我一步一步跟着从:https://commaster.net/content/how-setup-lets-encrypt-apache-windows
这是我的httpd-ssl.conf的内容

<VirtualHost *:443>
    ServerAdmin me@examole.com
    ServerName text.example.me
    DocumentRoot "D:/xampp/htdocs"

    RewriteEngine On
    # Redirect to the correct domain name
    RewriteCond %{HTTP_HOST} !^test.example.me$ [NC]
    RewriteRule ^/?(.*)$ https://test.example.me/$1 [NE,L,R=301]

    Alias /.well-known D:/xampp/htdocs/.well-known

    SSLEngine on
    SSLCertificateFile "conf/ssl.crt/text.example.me-crt.pem"
    SSLCertificateKeyFile "conf/ssl.key/test.example.me-key.pem"
    SSLCertificateChainFile "conf/ssl.csr/ca-test.example.me-crt.pem"
</VirtualHost>

我的80,443端口是可用的,并没有被Skype使用,所以这不是问题。
这是我的httpd-vhosts.conf的内容

<VirtualHost *:80>
    ServerAdmin me@example.me
    ServerName test.example.me

    RewriteEngine On
    # Redirect to the HTTPS site
    RewriteCond %{HTTPS} off
    RewriteRule ^/?(.*)$ https://test.example.me/$1 [NE,L,R=301]
    ErrorLog logs/slog.log
</VirtualHost>
ibps3vxo

ibps3vxo1#

我使用Let's Encrypt已经有几年了--但是没有(!)RewriteEngine。
这是我的http-vhosts.conf的一个片段

<VirtualHost *:80>
  DocumentRoot "C:/webserver/html/example_html"
  ServerName www.example.com
  Redirect permanent / https://www.example.com/
  # For the case that you are using ModProxy to forward to a Tomcat, please also add:
  # ProxyPass "/.well-known/" "!"
</VirtualHost>

从我的httpd-ssl.conf中截取一段代码:

<VirtualHost *:443>
  DocumentRoot "C:/webserver/html/example_html"
  ServerName www.example.com
  Protocols h2 http/1.1

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:SEED-SHA:DHE-RSA-SEED-SHA:!DSS
  SSLHonorCipherOrder on
  SSLCompression off
  SSLCertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/www.example.com-crt.pem"
  SSLCertificateKeyFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/www.example.com-key.pem"
  SSLCACertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/ca-www.example.com-crt.pem"

  <IfModule headers_module>
  Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
  Header always set x-frame-options "SAMEORIGIN"
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-XSS-Protection "1; mode=block"
  #Header always set Content-Security-Policy "script-src 'self'"
  </IfModule>

  BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

  #For the case that you use ModProxy to forward to a Tomcat or so
  #ProxyPass "/.well-known/" "!"

  EnableSendfile off
  EnableMMAP off 
</VirtualHost>

此外,请记住,当您要使用多个主机名时,您需要一个通配符证书-否则,使用Let 's Encrypt为每个主机/域名提供一个证书就很简单了-但您需要为正在使用的每个主机/域名提供一个虚拟主机部分。
最后但并非最不重要的是我个人的意见是ModRewrite不应该在没有必要的时候使用,因为它很复杂,而且不是大多数人真正理解的。

42fyovps

42fyovps2#

    • 如何在Windows Apache中从Certbot添加SSL证书**

1.访问Certbot官方网站:Certbot说明|证书机器人(eff.org)
1.* * 下载适用于Windows的最新版本Certbot安装程序,网址为https://dl.eff.org/certbot-beta-installer-win_amd64.exe
1.* * 安装
到C盘。
1.运行〉命令提示符〉以管理员身份运行

  1. C:\用户\管理员〉certbot--帮助
  2. C:\用户\管理员〉certbot仅证书--webroot
    1.输入电子邮件地址〉Y〉Y
  3. Enter your domain/subdomain name: abc.com / abc.xyz.com
    1.转到:C:\xampp\apache\conf\extra
    1.打开文件:httpd-vhosts.conf
    1.* * 编辑**:
    <VirtualHost :443> DocumentRoot C:\xampp\htdocs\aeapp ServerName callum.aeapp.uk SSLEngine on SSLCertificateFile "C:\Certbot\live\abc.com\fullchain.pem" SSLCertificateKeyFile "C:\Certbot\live\abc.com\privkey.pem"
    1.
    * 在防火墙设置中添加端口443**(如果已经添加,则跳过此步骤)
  • 搜索〉类型:防火墙并在本地计算机上打开具有高级安全性的Windows Defender防火墙
  • 转到:入站规则〉新建规则〉选择"端口"〉特定本地端口:键入"443"〉允许连接〉勾选所有3个选项〉添加名称"例如:abc ssl "〉完成。

1.* * 重新启动**Xampp

    • 检查您的网站/网络应用程序;如果已锁定,则表示已成功添加SSL证书。**

相关问题