Итак, каждый раз, когда я пытаюсь создать этот сертификат, давайте зашифруем сертификат с помощью этой команды, я никогда не смогу завершить его, потому что я получаю эту ошибку здесь:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p", mail.blabla.cc (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.blabla.cc/.well-known/acme-challenge/JCHNmTQhgr_FDpsERRZUj8caBGFbCbd9t-B3XIaBnHQ: "
Когда я посещаю обычный http для blabla.de, я попадаю на обычный веб-сайт, но когда я перехожу на http://mail.blabla.de я получаю только белую страницу без ошибок. Когда я направляю свой браузер на задачу letsencrypt acme, я получаю ошибку 404 not found.
Когда я захожу на https для mail.blabla.de, я попадаю в свою установку roundcube и могу просто войти в систему в обычном режиме (все еще есть рабочий сертификат, но мне нужно создать новые). Это мои конфигурации apache:
Для почтового поддомена:
<VirtualHost *:443>
DocumentRoot /opt/www/roundcubemail/
ServerName blabla.cc
ServerAlias mail.blabla.cc
Alias / "/opt/www/roundcubemail/"
<Directory />
Options FollowSymLinks
</Directory>
<Directory "/opt/www/roundcubemail/">
Require all granted
Options -Indexes
AllowOverride All
</Directory>
SSLEngine on
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Header always set Strict-Transport-Security "max-age=15768000"
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AE$
SSLHonorCipherOrder on
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
SSLCertificateFile /etc/letsencrypt/live/blabla.cc/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/blabla.cc/privkey.pem
Для обычных поддоменов и основного домена:
Порт 80:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName blabla.cc
ServerAdmin simon@blabla.cc
ServerAlias www.blabla.cc ftp.blabla.cc
DocumentRoot /var/www/webspaces/blabla.cc/htdocs
<Directory /var/www/webspaces/blabla.cc/htdocs>
Options Indexes FollowSymLinks MultiViews
RewriteEngine On
AllowOverride All
allow from all
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
Порт 443:
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName blabla.cc
ServerAlias www.blabla.cc ftp.blabla.cc
ServerAdmin simon@blabla.cc
DocumentRoot /var/www/webspaces/blabla.cc/htdocs
<Directory /var/www/webspaces/blabla.cc/htdocs>
Options Indexes FollowSymLinks MultiViews
RewriteEngine On
AllowOverride All
allow from all
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
SSLCertificateFile /etc/letsencrypt/live/blabla.cc/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/blabla.cc/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
В этом примере я переименовал свой домен в blabla.cc.
Я не знаю, почему я получаю сообщение об ошибке, может ли кто-нибудь помочь мне исправить это? Думаю, это неправильная конфигурация apache. ...