同個server上http指向各自對的domain, 但是https全部指成了同一個網站

ssl ssl憑證 https

Alex Hsu 2019-07-22 14:49:46 ‧ 4279 瀏覽

分享至

先跟各位道歉由於我是硬著頭皮上的網站，很多部份可能不懂，請多多包含……

我有個 VPS 上原本host一個 aaa.com，並且成功使用 letsencrypt 拿到 ssl 憑證，瀏覽器也是顯示secure
（然後，我可能不知道白目去改了什麼……）
總之，後來同個 server 上了 bbb.com, ccc.com，雖然也都有拿到 letsencrypt 的憑證
可是 http //bbb.com, http //ccc.com，能指向對的網站資料夾
https //bbb.com, https //ccc.com，卻會被導至 aaa.com 的網站資料夾
網址欄則是 https //bbb.com 顯示 insecure
請問我到底是改到了什麼，或我應該提供什麼各位檢視？才能讓 https //bbb.com, https //ccc.com 各自也去對的網站資料夾？

再求各位協助，土下座

這裡附上 apache2.conf 內容

Mutex file:${APACHE_LOCK_DIR} default

PidFile ${APACHE_PID_FILE}

Timeout 300

KeepAlive On

MaxKeepAliveRequests 50

KeepAliveTimeout 5

User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel warn

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

Include ports.conf

<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf

這是 aaa.com 的 conf (在 site-enabled 資料夾裡)

<Directory /var/www/html/aaa.com/public_html>
        Require all granted
        AllowOverride All
</Directory>

<VirtualHost *:80>
        ServerName aaa.com
</VirtualHost>

<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerName aaa.com
        ServerAlias www.aaa.com
        ServerAdmin info@aaa.com
        DocumentRoot /var/www/html/aaa.com/public_html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog /var/www/html/aaa.com/logs/error.log
        CustomLog /var/www/html/aaa.com/logs/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

        SSLCertificateFile /etc/letsencrypt/live/aaa.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/aaa.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>

這是 bbb.com 的 conf

# domain: bbb.com
# public: /var/www/html/bbb.com/public_html/

<VirtualHost *:80>
  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin webmaster@bbb.com
  ServerName  bbb.com
  ServerAlias www.bbb.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.php
  DocumentRoot /var/www/html/bbb.com/public_html
  # Log file locations
  LogLevel warn
  ErrorLog  /var/www/html/bbb.com/log/error.log
  CustomLog /var/www/html/bbb.com/log/access.log combined
</VirtualHost>

=================

早上11點再度更新
嘆，我想應該是最一開始我在給 aaa.com 申請 ssl 時曾經參考過許多錯誤的教學（用各種方式申請失敗過很多次）
因此把整個設定給打亂了
apache 下 sites-available 資料夾裡面另外還有一個 default-ssl.conf 內容如下
不是很確定這個有沒有作用中

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html

                # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                # error, crit, alert, emerg.
                # It is also possible to configure the loglevel for particular
                # modules, e.g.
                #LogLevel info ssl:warn

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
                # include a line for only one particular virtual host. For example the
                # following line enables the CGI configuration for this host only
                # after it has been globally disabled with "a2disconf".
                #Include conf-available/serve-cgi-bin.conf

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
                SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
                
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

        </VirtualHost>
</IfModule>

再補充一下，我查看了 etc 裡面 letsencrypt/live 的資料夾，確定三個domain都各有申請憑證（實際上command line 輸入 certbot 給三個 domain 申請/renew憑證也都會顯示「目前已經有了」）

所以我應該真的是如二樓大大所說，某個地方去設定到把 https 全部指到 aaa.com 的資料夾（雖然完全沒有印象）
我曾經去 google 過這麼做的方式，想要反向把它改回來
但但但但真的是毫無頭緒，才會上來求救…… orz

看更多先前的討論...收起先前的討論...

黃彥儒 iT邦高手 1 級 ‧ 2019-07-22 15:53:05 檢舉

把Config檔案整個貼上來

dragonH iT邦超人 5 級 ‧ 2019-07-22 16:06:45 檢舉

我覺得不是憑證會造成的結果

應該是你 config 沒寫好

所以同上

Alex Hsu iT邦新手 5 級 ‧ 2019-07-23 09:26:42 檢舉

已補上 conf 檔，看起來是不是我沒去指 bbb.com 的 443 的關係？因為我就是傻傻的用 letsencrypt 官網上面的 certbot 指令去申請的 ssl，不是很懂還要改什麼Q.Q

Alex Hsu iT邦新手 5 級 ‧ 2019-07-23 09:30:20 檢舉

這是我申請 ssl 的方法
https://certbot.eff.org/lets-encrypt/ubuntubionic-apache

跑得快 iT邦新手 3 級 ‧ 2019-07-23 16:03:00 檢舉

https //bbb.com, https //ccc.com，卻會被導至 aaa.com 的網站資料夾
網址欄則是 https //bbb.com 顯示 insecure
會顯示insecure就代表終點網站與你輸入的網站憑證不同
你的bbb config virtualhost看起來只有80port沒有443
如果做了太多多餘的設定擔心有無影響，你先cp ssl.config ssl.config.bk，之類的備分後砍掉原有的看有無影響運行做確認

登入發表討論