HTTPS 的問題

主機 : 使用 GCP
作業系統 : ubuntu


打一下目前嘗試過的:

感覺網路上有很多自動獲取 Let’s Encrypt 憑證
我使用的是 SSL For Free,不過開始操作他是跳到 ZeroSSL

zerossl併購了sslforfree,所以從www.sslforfree.com登入後,它給你直接切換到zerossl的登入界面

目前是操作到憑證可以下載,一開始我選擇 Google App Engine

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

不過照著 Installing SSL Certificate on Google App Engine 這個文件設定,下載憑證時確實有三個檔案

  • certificate.crt
  • ca_bundle.crt
  • private.key

但在 GCP 上傳 SSL 憑證,我只上傳了certificate.crtprivate.key 但最後它還是說您不是這個憑證的網域授權擁有者

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

因為在 GCP 上傳 SSL 憑證宣告失敗,我想說我作業系統是 ubuntu ,照著另一份 Installing SSL Certificate on Ubuntu 文件設定
不過現在是卡在它有一個步驟說 :

Next, you will need to find the Apache configuration file on your server. Typically, you will find the configuration file in /etc/apache2/sites-enabled/your_site_name.
In case you cannot find your configuration file, you can run the following command:
sudo a2ensite your_site_name
Once the Apache configuration file is located, you will need to configure the virtual host section of your website. Before you do so, please make sure to create a backup of your current *.conf file. This way, you will be able to undo any changes in case something goes wrong.
A typical Virtual Host file looks like the file below:
<VirtualHost *:443>
DocumentRoot /var/www/site
ServerName www.domain.com
SSLEngine on
SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/private.key
SSLCertificateChainFile /path/to/ca_bundle.crt
</VirtualHost>

我不太確定當它要叫我去/etc/apache2/sites-enabled/your_site_name.
那個 your_site_name 是什麼,因為在 sites-enabled 這個資料夾底下就只有 000-default.conf ,我就先當 your_site_name000-default.conf

執行命令如下

000-default.conf 裡面內容是 :

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

我多增加

<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName 34.105.41.98
SSLEngine on
/etc/ssl/certificate.crt
/etc/ssl/private/private.key
/etc/ssl/ca_bundle.crt
</VirtualHost>

所以整份變成 :

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName 34.105.41.98
SSLEngine on
/etc/ssl/certificate.crt
/etc/ssl/private/private.key
/etc/ssl/ca_bundle.crt
</VirtualHost>

不過照著下一個步驟執行 apachectlConfigtest 出現 :

所以我就先跳過直接 apachectl stop ,但出現 :

原本這邊就卡住了,不知道該怎麼辦


謝謝 John 給的參考文章 Setting up Apache Server with SSL on Google Cloud Platform

First, let's make sure SSL is enabled for Apache. In the "/etc/apache2/sites-enabled" directory, you should find a file called "default-ssl.conf". In this file, verify that "SSLEngine on" exists. If you find "SSLEngine off", change it to "SSLEnging on".

其實我沒有確定 SSL is enabled for Apache ,反正就先找 default-ssl.conf 這個檔案,但它沒有放在 /etc/apache2/sites-enabled 所以用搜尋的

/etc/apache2/sites-available/default-ssl.conf 這邊,打開 default-ssl.conf 來看 SSLEngine on 是存在的

Towards the end of the "default-ssl.conf" file, verify that there is a line similar to "SSLCertificateFile /etc/letsencrypt/live/". If this line does not exist, try running the Certbot instructions again.

不過我沒有在底下找到類似 SSLCertificateFile /etc/letsencrypt/live/...


然後又嘗試了把 "default-ssl.conf" 複製一份在 /etc/apache2/sites-enabled ,再去執行 apachectl restart 這行指令,以為他就不會出 Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration 這個錯誤

其實我不知道 sites-enabledsites-available 兩個資料夾差別,它們都有 000-default.conf 這個檔案,但 sites-enabled 沒有 default-ssl.conf 檔案


看到文章說不行要 try running the Certbot instructions again.
最後只好安裝 Certbot ,然後 5 行指令就成功解決 HTTPS 事情

Select a repo