主機 : 使用 GCP
作業系統 : ubuntu
打一下目前嘗試過的:
感覺網路上有很多自動獲取 Let’s Encrypt 憑證
我使用的是 SSL For Free,不過開始操作他是跳到 ZeroSSL
zerossl併購了sslforfree,所以從www.sslforfree.com登入後,它給你直接切換到zerossl的登入界面
目前是操作到憑證可以下載,一開始我選擇 Google App Engine
不過照著 Installing SSL Certificate on Google App Engine 這個文件設定,下載憑證時確實有三個檔案
但在 GCP 上傳 SSL 憑證,我只上傳了certificate.crt
和 private.key
但最後它還是說您不是這個憑證的網域授權擁有者
因為在 GCP 上傳 SSL 憑證宣告失敗,我想說我作業系統是 ubuntu ,照著另一份 Installing SSL Certificate on Ubuntu 文件設定
不過現在是卡在它有一個步驟說 :
Next, you will need to find the Apache configuration file on your server. Typically, you will find the configuration file in /etc/apache2/sites-enabled/your_site_name.
In case you cannot find your configuration file, you can run the following command:
sudo a2ensite your_site_name
Once the Apache configuration file is located, you will need to configure the virtual host section of your website. Before you do so, please make sure to create a backup of your current *.conf file. This way, you will be able to undo any changes in case something goes wrong.
A typical Virtual Host file looks like the file below:
<VirtualHost *:443>
DocumentRoot /var/www/site
ServerName www.domain.com
SSLEngine on
SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/private.key
SSLCertificateChainFile /path/to/ca_bundle.crt
</VirtualHost>
我不太確定當它要叫我去/etc/apache2/sites-enabled/your_site_name.
那個 your_site_name
是什麼,因為在 sites-enabled
這個資料夾底下就只有 000-default.conf
,我就先當 your_site_name
是 000-default.conf
執行命令如下
000-default.conf
裡面內容是 :
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
我多增加
<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName 34.105.41.98
SSLEngine on
/etc/ssl/certificate.crt
/etc/ssl/private/private.key
/etc/ssl/ca_bundle.crt
</VirtualHost>
所以整份變成 :
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName 34.105.41.98
SSLEngine on
/etc/ssl/certificate.crt
/etc/ssl/private/private.key
/etc/ssl/ca_bundle.crt
</VirtualHost>
不過照著下一個步驟執行 apachectlConfigtest
出現 :
所以我就先跳過直接 apachectl stop
,但出現 :
原本這邊就卡住了,不知道該怎麼辦
謝謝 John 給的參考文章 Setting up Apache Server with SSL on Google Cloud Platform
First, let's make sure SSL is enabled for Apache. In the "/etc/apache2/sites-enabled" directory, you should find a file called "default-ssl.conf". In this file, verify that "SSLEngine on" exists. If you find "SSLEngine off", change it to "SSLEnging on".
其實我沒有確定 SSL is enabled for Apache
,反正就先找 default-ssl.conf
這個檔案,但它沒有放在 /etc/apache2/sites-enabled
所以用搜尋的
在 /etc/apache2/sites-available/default-ssl.conf
這邊,打開 default-ssl.conf
來看 SSLEngine on
是存在的
Towards the end of the "default-ssl.conf" file, verify that there is a line similar to "SSLCertificateFile /etc/letsencrypt/live/…". If this line does not exist, try running the Certbot instructions again.
不過我沒有在底下找到類似 SSLCertificateFile /etc/letsencrypt/live/...
然後又嘗試了把 "default-ssl.conf" 複製一份在 /etc/apache2/sites-enabled
,再去執行 apachectl restart
這行指令,以為他就不會出 Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
這個錯誤
其實我不知道 sites-enabled
和 sites-available
兩個資料夾差別,它們都有 000-default.conf
這個檔案,但 sites-enabled
沒有 default-ssl.conf
檔案
看到文章說不行要 try running the Certbot instructions again.
最後只好安裝 Certbot ,然後 5 行指令就成功解決 HTTPS 事情