1,第三方網站檢測網站的SSL證書是否正確的安裝
https://www.geocerts.com/ssl-checker ,大概率你會看到下邊的場景,一個證書鏈完整的警告,如果想知道我的基礎配置是什么,請看 申請 Let’s Encrypt 泛域名證書 及 Nginx/Apache 證書配置
2,我的網站是Apache提供服務的,就要考慮增加配置
我的配置文件是httpd-ssl.conf。其他平台均正常,安卓微信無法打開的配置如下:
# Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem"
Let`s Encrypt生成證書如下:
完美的解決方案其實不止一種,共八種,如下:
方案一:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Server Certificate Chain: #SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/chain.pem"
方案二:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Server Certificate Chain: #SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
方案三:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Certificate Authority (CA): #SSLCACertificateFile "/etc/letsencrypt/live/abc.com/chain.pem"
方案四:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Certificate Authority (CA): #SSLCACertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
方案五:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Server Certificate Chain: #SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/chain.pem" # Certificate Authority (CA): #SSLCACertificateFile "/etc/letsencrypt/live/abc.com/chain.pem"
方案六:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Server Certificate Chain: #SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Certificate Authority (CA): #SSLCACertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
方案七:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Server Certificate Chain: #SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Certificate Authority (CA): #SSLCACertificateFile "/etc/letsencrypt/live/abc.com/chain.pem"
方案八:
============================之前配置============================== # Server Certificate: SSLCertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem" # Server Private Key: SSLCertificateKeyFile "/etc/letsencrypt/live/abc.com/privkey.pem" ===========================新加配置=============================== # Server Certificate Chain: #SSLCertificateChainFile "/etc/letsencrypt/live/abc.com/chain.pem" # Certificate Authority (CA): #SSLCACertificateFile "/etc/letsencrypt/live/abc.com/fullchain.pem"
以上八種方案產生原理是只要增加配置Server Certificate Chain和Certificate Authority (CA)任一均可,同時配置也可;證書可用的是chain.pem和fullchain.pem;
增加配置完成之后,重啟Apache服務器,再次檢測網站的證書配置,https://www.geocerts.com/ssl-checker,此時你看到如下圖所示:
此時證書鏈完整,安卓手機上的微信也可以打開https的網址啦!覺得有用的,可以關注我,給我點贊。我會努力寫出更多有價值的博文的。