1,第三方网站检测网站的SSL证书是否正确的安装
https://www.geocerts.com/ssl-checker ,大概率你会看到下边的场景,一个证书链完整的警告,如果想知道我的基础配置是什么,请看 申请 Let’s Encrypt 泛域名证书 及 Nginx/Apache 证书配置
2,我的网站是Apache提供服务的,就要考虑增加配置
我的配置文件是httpd-ssl.conf。其他平台均正常,安卓微信无法打开的配置如下:
# Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
Let`s Encrypt生成证书如下:
完美的解决方案其实不止一种,共八种,如下:
方案一:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Server Certificate Chain: #SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/chain.pem"
方案二:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Server Certificate Chain: #SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
方案三:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Certificate Authority (CA): #SSLCACertificateFile "/etc/letsencrypt/live/abc.com/chain.pem"
方案四:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Certificate Authority (CA): #SSLCACertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
方案五:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Server Certificate Chain: #SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/chain.pem" # Certificate Authority (CA): #SSLCACertificateFile "/etc/letsencrypt/live/abc.com/chain.pem"
方案六:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Server Certificate Chain: #SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Certificate Authority (CA): #SSLCACertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
方案七:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Server Certificate Chain: #SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Certificate Authority (CA): #SSLCACertificateFile "/etc/letsencrypt/live/abc.com/chain.pem"
方案八:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Server Certificate Chain: #SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/chain.pem" # Certificate Authority (CA): #SSLCACertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
以上八种方案产生原理是只要增加配置Server Certificate Chain和Certificate Authority (CA)任一均可,同时配置也可;证书可用的是chain.pem和fullchain.pem;
增加配置完成之后,重启Apache服务器,再次检测网站的证书配置,https://www.geocerts.com/ssl-checker,此时你看到如下图所示:
此时证书链完整,安卓手机上的微信也可以打开https的网址啦!觉得有用的,可以关注我,给我点赞。我会努力写出更多有价值的博文的。