{"id":30,"date":"2024-11-21T16:55:09","date_gmt":"2024-11-21T08:55:09","guid":{"rendered":"http:\/\/genetop.top\/?p=30"},"modified":"2024-11-21T16:55:09","modified_gmt":"2024-11-21T08:55:09","slug":"apache_ssl_fail_to_connect","status":"publish","type":"post","link":"https:\/\/genetop.top\/index.php\/2024\/11\/21\/apache_ssl_fail_to_connect\/","title":{"rendered":"\u5982\u4f55\u89e3\u51b3apache2 SSL\u8fde\u63a5\u4e0d\u6210\u529f\u7684\u95ee\u9898"},"content":{"rendered":"<p>Apache2 SSL\u8fde\u63a5\u5931\u8d25\u901a\u5e38\u53ef\u4ee5\u5f52\u56e0\u4e8e\u914d\u7f6e\u9519\u8bef\u3001\u8bc1\u4e66\u95ee\u9898\u6216\u5ba2\u6237\u7aef\/\u670d\u52a1\u7aef\u534f\u8bae\u4e0d\u5339\u914d\u7b49\u539f\u56e0\u3002\u4ee5\u4e0b\u662f\u89e3\u51b3 Apache2 SSL \u8fde\u63a5\u5931\u8d25\u7684\u7cfb\u7edf\u6027\u65b9\u6cd5\uff1a<\/p>\n<hr \/>\n<h3>1. <strong>\u786e\u8ba4 Apache \u662f\u5426\u5df2\u542f\u7528 SSL<\/strong><\/h3>\n<p>\u786e\u4fdd Apache \u5df2\u542f\u7528 <code>mod_ssl<\/code> \u6a21\u5757\u548c HTTPS \u914d\u7f6e\uff1a<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo a2enmod ssl<br \/>\n<\/code><\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo systemctl restart apache2<br \/>\n<\/code><\/div>\n<\/div>\n<div dir=\"ltr\"><\/div>\n<div dir=\"ltr\">\u8fd9\u4e00\u6b65\u975e\u5e38\u5173\u952e\uff0c\u5982\u679c<code>mod_ssl<\/code> \u6ca1\u6709\u542f\u7528\uff0c\u4f7f\u7528 <code class=\"!whitespace-pre hljs language-bash\">curl -v https:\/\/yourdomain.com<\/code>\uff0c\u90fd\u4f1a\u51fa\u73b0\u5982\u4e0b\u9519\u8bef\uff1a<\/div>\n<div dir=\"ltr\"><\/div>\n<div dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">* ALPN, offering h2<br \/>\n* ALPN, offering http\/1.1<br \/>\n* successfully set certificate verify locations:<br \/>\n* CAfile: \/etc\/ssl\/certs\/ca-certificates.crt<br \/>\nCApath: \/etc\/ssl\/certs<br \/>\n* TLSv1.3 (OUT), TLS handshake, Client hello (1):<br \/>\n* error:1408F10B:SSL routines:ssl3_get_record:wrong version number<br \/>\n* Closing connection 0<br \/>\n<strong>curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number<\/strong><\/code><\/div>\n<p>\u9a8c\u8bc1 Apache \u662f\u5426\u76d1\u542c\u5728 HTTPS \u7aef\u53e3\uff08\u9ed8\u8ba4 443\uff09\uff1a<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo netstat -tuln | grep 443<br \/>\n<\/code><\/div>\n<\/div>\n<p>\u5982\u679c\u672a\u76d1\u542c\uff0c\u8bf7\u68c0\u67e5 Apache \u914d\u7f6e\u3002<\/p>\n<hr \/>\n<h3>2. <strong>\u68c0\u67e5 SSL \u865a\u62df\u4e3b\u673a\u914d\u7f6e<\/strong><\/h3>\n<p>\u7f16\u8f91 HTTPS \u865a\u62df\u4e3b\u673a\u914d\u7f6e\u6587\u4ef6\uff08\u4f8b\u5982 <code>\/etc\/apache2\/sites-available\/default-ssl.conf<\/code>\uff09\uff1a<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo nano \/etc\/apache2\/sites-available\/default-ssl.conf<br \/>\n<\/code><\/div>\n<\/div>\n<p>\u786e\u4fdd\u914d\u7f6e\u5185\u5bb9\u5982\u4e0b\uff1a<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"sticky top-9 md:top-[5.75rem]\">\n<div class=\"absolute bottom-0 right-2 flex h-9 items-center\">\n<div class=\"flex items-center rounded bg-token-sidebar-surface-primary px-2 font-sans text-xs text-token-text-secondary dark:bg-token-main-surface-secondary\"><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-apache\">&lt;VirtualHost *:443&gt;<br \/>\n<\/code><\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\" style=\"padding-left: 40px;\"><code class=\"!whitespace-pre hljs language-apache\">    ServerName yourdomain.com<br \/>\n<\/code><\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\" style=\"padding-left: 40px;\"><code class=\"!whitespace-pre hljs language-apache\">    DocumentRoot \/var\/www\/html<br \/>\n<\/code><\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\" style=\"padding-left: 40px;\"><code class=\"!whitespace-pre hljs language-apache\">    SSLEngine on<br \/>\n<\/code><\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\" style=\"padding-left: 40px;\"><code class=\"!whitespace-pre hljs language-apache\">    SSLCertificateFile \/path\/to\/certificate.crt<br \/>\n<\/code><\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\" style=\"padding-left: 40px;\"><code class=\"!whitespace-pre hljs language-apache\">    SSLCertificateKeyFile \/path\/to\/private.key<br \/>\n<\/code><\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\" style=\"padding-left: 40px;\"><code class=\"!whitespace-pre hljs language-apache\">    # \u53ef\u9009\uff1a\u6dfb\u52a0\u4e2d\u95f4\u8bc1\u4e66<br \/>\n    SSLCertificateChainFile \/path\/to\/ca_bundle.crt<br \/>\n<\/code><\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-apache\">&lt;\/VirtualHost&gt;<br \/>\n<\/code><\/div>\n<\/div>\n<p>\u542f\u7528\u914d\u7f6e\u5e76\u91cd\u542f Apache\uff1a<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo a2ensite default-ssl<br \/>\n<\/code><\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo systemctl restart apache2<br \/>\n<\/code><\/div>\n<\/div>\n<hr \/>\n<h3>3. <strong>\u914d\u7f6e SSL \u534f\u8bae\u548c\u5bc6\u7801\u5957\u4ef6<\/strong><\/h3>\n<p>\u4fee\u6539 <code>\/etc\/apache2\/mods-available\/ssl.conf<\/code> \u6587\u4ef6\uff1a<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo nano \/etc\/apache2\/mods-available\/ssl.conf<br \/>\n<\/code><\/div>\n<\/div>\n<p>\u786e\u4fdd <code>SSLProtocol<\/code> \u914d\u7f6e\u4e3a\u652f\u6301\u73b0\u4ee3\u534f\u8bae\uff1a<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-apache\">SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br \/>\n<\/code><\/div>\n<\/div>\n<p>\u914d\u7f6e\u5b89\u5168\u7684\u52a0\u5bc6\u5957\u4ef6\uff1a<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-apache\">SSLCipherSuite HIGH:!aNULL:!MD5:!3DES<br \/>\n<\/code><\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-apache\">SSLHonorCipherOrder on<br \/>\n<\/code><\/div>\n<\/div>\n<p>\u7981\u7528\u4e0d\u5b89\u5168\u7684\u529f\u80fd\uff1a<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-apache\">SSLCompression off<br \/>\n<\/code><\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-apache\">SSLUseStapling on<br \/>\n<\/code><\/div>\n<\/div>\n<p>\u4fdd\u5b58\u5e76\u91cd\u542f Apache\uff1a<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo systemctl restart apache2<br \/>\n<\/code><\/div>\n<\/div>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\"><\/code><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Apache2 SSL\u8fde\u63a5\u5931\u8d25\u901a\u5e38\u53ef\u4ee5\u5f52\u56e0\u4e8e\u914d\u7f6e\u9519\u8bef\u3001\u8bc1\u4e66\u95ee\u9898\u6216\u5ba2\u6237\u7aef\/\u670d\u52a1\u7aef\u534f\u8bae\u4e0d\u5339\u914d\u7b49\u539f\u56e0\u3002\u4ee5\u4e0b\u662f\u89e3\u51b3 A [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,13],"tags":[],"class_list":["post-30","post","type-post","status-publish","format-standard","hentry","category-linux","category-platform"],"_links":{"self":[{"href":"https:\/\/genetop.top\/index.php\/wp-json\/wp\/v2\/posts\/30","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/genetop.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/genetop.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/genetop.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/genetop.top\/index.php\/wp-json\/wp\/v2\/comments?post=30"}],"version-history":[{"count":1,"href":"https:\/\/genetop.top\/index.php\/wp-json\/wp\/v2\/posts\/30\/revisions"}],"predecessor-version":[{"id":31,"href":"https:\/\/genetop.top\/index.php\/wp-json\/wp\/v2\/posts\/30\/revisions\/31"}],"wp:attachment":[{"href":"https:\/\/genetop.top\/index.php\/wp-json\/wp\/v2\/media?parent=30"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/genetop.top\/index.php\/wp-json\/wp\/v2\/categories?post=30"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/genetop.top\/index.php\/wp-json\/wp\/v2\/tags?post=30"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}