个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
25
4
经过两天的尝试,我完全无法将证书添加到我的第二个域。这是我的情况:
什么有效:
我有一个动态站点 (domain1/site1) 托管在运行 Ubuntu 的 Digital Ocean droplet 上。它使用 Apache 提供服务并使用 Flask 微框架。一切正常,我能够使用 certbot 成功安装 Let's Encrypt 证书。
我已将第二个动态站点 (domain2/site2) 添加到同一个 droplet,在两个域/站点之间共享单个 IP。通过遵循以下答案,我能够使它正常工作:hosting multiple Flask apps for unique domains .现在我可以:
(1) 像往常一样通过 HTTPS 通过 domain1 访问 site1
(2) 通过 HTTP 通过 domain2 访问 site2。
什么不是:
当我尝试向 site2/domain2 添加新的 Let's Encrypt 证书时出现问题。 tutorial at Digital Ocean和 certbot documentation建议我需要做的就是使用新域再次运行 certbot。创建了一个新证书,但最好的情况是,site1 成为“潜在的安全风险”,而 site2 仍然不安全。
以下是我尝试安装第二个证书之前/etc/apache2/sites-available/文件的内容。
000-default.conf
<VirtualHost *:80>
<Directory /var/www/FlaskApp>
Options +ExecCGI
DirectoryIndex index.py
</Directory>
AddHandler cgi-script .py
ServerAdmin webmaster@localhost
DocumentRoot /var/www/FlaskApp
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
FlaskApp.conf
<VirtualHost *:80>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin@mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =audiologysource.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:80>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail@email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.wsgi
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
FlaskApp-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin@mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/audiologysource.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/audiologysource.com/privkey.pem
</VirtualHost>
</IfModule>
我的/var/www 目录是这样组织的:
\var\www
|
└─── FlaskApp
| | flaskapp.wsgi
| |
| └─── FlaskApp
| | __init__.py
| |
| └─── static
| └─── templates
| | home.html
| |
| └─── venv
|
└─── PersonalSiteApp #same as FlaskApp
| flaskapp.wsgi
|
└─── FlaskApp
| __init__.py
|
└─── static
└─── templates
| home.html
|
└─── venv
以下是我运行 certbot 并重新加载 Apache 后的相同文件:
sudo certbot --apache -d travismmoore.com -d www.travismmoore.com
000-default.conf:不变
FlaskApp.conf
<VirtualHost *:80>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin@mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =audiologysource.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanen$
</VirtualHost>
<VirtualHost *:80>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail@email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.w$
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =www.audiologysource.com [OR]
RewriteCond %{SERVER_NAME} =travismmoore.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanen$
</VirtualHost>
FlaskApp-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.audiologysource.com
ServerAlias audiologysource.com
#ServerName 157.245.135.241
ServerAdmin admin@mywebsite.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias travismmoore.com
SSLCertificateFile /etc/letsencrypt/live/travismmoore.com/fullchain.p$
SSLCertificateKeyFile /etc/letsencrypt/live/travismmoore.com/privkey.$
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail@email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.w$
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.travismmoore.com
ServerAlias travismmoore.com
ServerAdmin youemail@email.com
WSGIScriptAlias / /var/www/PersonalSiteApp/flaskapp.w$
<Directory /var/www/PersonalSiteApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/PersonalSiteApp/FlaskApp/static
<Directory /var/www/PersonalSiteApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/travismmoore.com/fullchain.p$
SSLCertificateKeyFile /etc/letsencrypt/live/travismmoore.com/privkey.$
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
非常感谢任何帮助!
最佳答案
我想我会用最终对遇到同样问题的人有用的东西来更新这个。我最终不得不删除所有证书,然后手动一次添加一个,使用:
sudo certbot --manual certonly -d domain_1.com -d www.domain_1.com
sudo certbot --manual certonly -d domain_2.com -d www.domain_2.com
关于python-3.x - 对于共享 IP 地址的多个 Flask 站点,Certbot 证书不适用于 Apache,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62110085/
25
4
0
我是一名优秀的程序员,十分优秀!