安卓手机上微信无法打开Https网址的完美解决方案

时间:2024-02-15 21:20:51

1,第三方网站检测网站的SSL证书是否正确的安装

https://www.geocerts.com/ssl-checker ,大概率你会看到下边的场景,一个证书链完整的警告,如果想知道我的基础配置是什么,请看 申请 Let’s Encrypt 泛域名证书 及 Nginx/Apache 证书配置

2,我的网站是Apache提供服务的,就要考虑增加配置

我的配置文件是httpd-ssl.conf。其他平台均正常,安卓微信无法打开的配置如下:

#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"

Let`s Encrypt生成证书如下:

完美的解决方案其实不止一种,共八种,如下:

方案一:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Server Certificate Chain:
#SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/chain.pem"
 

方案二:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Server Certificate Chain:
#SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
 

方案三:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Certificate Authority (CA):
#SSLCACertificateFile "/etc/letsencrypt/live/abc.com/chain.pem"

方案四:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Certificate Authority (CA):
#SSLCACertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"

方案五:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Server Certificate Chain:
#SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/chain.pem"
#   Certificate Authority (CA):
#SSLCACertificateFile "/etc/letsencrypt/live/abc.com/chain.pem"

方案六:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Server Certificate Chain:
#SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Certificate Authority (CA):
#SSLCACertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"

方案七:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Server Certificate Chain:
#SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Certificate Authority (CA):
#SSLCACertificateFile "/etc/letsencrypt/live/abc.com/chain.pem"

方案八:

============================之前配置==============================
#   Server Certificate:
SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
#   Server Private Key:
SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
===========================新加配置===============================
#   Server Certificate Chain:
#SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/chain.pem"
#   Certificate Authority (CA):
#SSLCACertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"

 

以上八种方案产生原理是只要增加配置Server Certificate Chain和Certificate Authority (CA)任一均可,同时配置也可;证书可用的是chain.pem和fullchain.pem;

增加配置完成之后,重启Apache服务器,再次检测网站的证书配置https://www.geocerts.com/ssl-checker,此时你看到如下图所示:

此时证书链完整,安卓手机上的微信也可以打开https的网址啦!觉得有用的,可以关注我,给我点赞。我会努力写出更多有价值的博文的。