--- tags: bug , --- # HTTPS 的問題 主機 : 使用 GCP 作業系統 : ubuntu --- 打一下目前嘗試過的: 感覺網路上有很多自動獲取 Let’s Encrypt 憑證 我使用的是 [SSL For Free](https://www.sslforfree.com/)，不過開始操作他是跳到 [ZeroSSL](https://manage.sslforfree.com/dashboard) > zerossl併購了sslforfree，所以從www.sslforfree.com登入後，它給你直接切換到zerossl的登入界面 目前是操作到憑證可以下載，一開始我選擇 Google App Engine  不過照著 [Installing SSL Certificate on Google App Engine](https://help.zerossl.com/hc/en-us/articles/360015629359-Installing-SSL-Certificate-on-Google-App-Engine) 這個文件設定，下載憑證時確實有三個檔案 * certificate.crt * ca_bundle.crt * private.key 但在 GCP 上傳 SSL 憑證，我只上傳了`certificate.crt` 和 `private.key` 但最後它還是說`您不是這個憑證的網域授權擁有者`   因為在 GCP 上傳 SSL 憑證宣告失敗，我想說我作業系統是 ubuntu ，照著另一份 [Installing SSL Certificate on Ubuntu](https://help.zerossl.com/hc/en-us/articles/360015629419-Installing-SSL-Certificate-on-Ubuntu) 文件設定 不過現在是卡在它有一個步驟說 : > Next, you will need to find the Apache configuration file on your server. Typically, you will find the configuration file in /etc/apache2/sites-enabled/your_site_name. In case you cannot find your configuration file, you can run the following command: sudo a2ensite your_site_name Once the Apache configuration file is located, you will need to configure the virtual host section of your website. Before you do so, please make sure to create a backup of your current *.conf file. This way, you will be able to undo any changes in case something goes wrong. A typical Virtual Host file looks like the file below: <VirtualHost *:443> DocumentRoot /var/www/site ServerName www.domain.com SSLEngine on SSLCertificateFile /path/to/certificate.crt SSLCertificateKeyFile /path/to/private.key SSLCertificateChainFile /path/to/ca_bundle.crt </VirtualHost> 我不太確定當它要叫我去`/etc/apache2/sites-enabled/your_site_name.` 那個 `your_site_name` 是什麼，因為在 `sites-enabled` 這個資料夾底下就只有 `000-default.conf` ，我就先當 `your_site_name` 是 `000-default.conf` 執行命令如下  `000-default.conf` 裡面內容是 : ``` <VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet ``` 我多增加 ``` <VirtualHost *:443> DocumentRoot /var/www/html ServerName 34.105.41.98 SSLEngine on /etc/ssl/certificate.crt /etc/ssl/private/private.key /etc/ssl/ca_bundle.crt </VirtualHost> ``` 所以整份變成 : ``` <VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet <VirtualHost *:443> DocumentRoot /var/www/html ServerName 34.105.41.98 SSLEngine on /etc/ssl/certificate.crt /etc/ssl/private/private.key /etc/ssl/ca_bundle.crt </VirtualHost> ``` 不過照著下一個步驟執行 `apachectlConfigtest` 出現 :  所以我就先跳過直接 `apachectl stop` ，但出現 :  原本這邊就卡住了，不知道該怎麼辦 --- 謝謝 John 給的參考文章 [Setting up Apache Server with SSL on Google Cloud Platform](https://dev.to/brandonbrown4792/setting-up-apache-server-with-ssl-on-google-cloud-platform-mh9) > First, let's make sure SSL is enabled for Apache. In the "/etc/apache2/sites-enabled" directory, you should find a file called "default-ssl.conf". In this file, verify that "SSLEngine on" exists. If you find "SSLEngine off", change it to "SSLEnging on". 其實我沒有確定 `SSL is enabled for Apache` ，反正就先找 `default-ssl.conf` 這個檔案，但它沒有放在 `/etc/apache2/sites-enabled` 所以用搜尋的  在 `/etc/apache2/sites-available/default-ssl.conf` 這邊，打開 `default-ssl.conf` 來看 `SSLEngine on` 是存在的 > Towards the end of the "default-ssl.conf" file, verify that there is a line similar to "SSLCertificateFile /etc/letsencrypt/live/...". If this line does not exist, try running the Certbot instructions again. 不過我沒有在底下找到類似 `SSLCertificateFile /etc/letsencrypt/live/...` --- 然後又嘗試了把 "default-ssl.conf" 複製一份在 `/etc/apache2/sites-enabled` ，再去執行 `apachectl restart` 這行指令，以為他就不會出 `Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration` 這個錯誤  其實我不知道 `sites-enabled` 和 `sites-available` 兩個資料夾差別，它們都有 `000-default.conf` 這個檔案，但 `sites-enabled` 沒有 `default-ssl.conf` 檔案  --- 看到文章說不行要 try running the Certbot instructions again. 最後只好安裝 [Certbot](https://certbot.eff.org/) ，然後 5 行指令就成功解決 HTTPS 事情