子網域名稱未被網域虛擬主機捕獲

tag-icon tag-icon apache2
子網域名稱未被網域虛擬主機捕獲

在 Ubuntu 伺服器 22.04 上使用 apache2。

0-預設.conf

<VirtualHost *:80>
    //ServerName and ServerAlias undefined
</VirtualHost>

0-預設-ssl.conf

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        //ServerName and ServerAlias undefined
    
        Redirect permanent / "http://my_ip_address/"
    
        SSLCertificateFile  /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
    </VirtualHost>
</IfModule>

example.com.conf

<VirtualHost *:80>
    ServerName example.com
    ServerAlias *.example.com

    Redirect permanent / https://example.com/
</VirtualHost>

example.com-ssl.conf

<IfModule mod_ssl.c>
    <VirtualHost *:443>

        ServerName example.com
        ServerAlias *.example.com

        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    </VirtualHost>
</IfModule>

LetsEncrypt 憑證包括:example.com, www.example.com and mail.example.com

日誌中有以下錯誤:

[ssl:info] [pid 947] AH01914: Configuring server mail.example.com:443 for SSL protocol
[ssl:debug] [pid 947] ssl_engine_init.c(528): AH01893: Configuring TLS extension handling
[ssl:debug] [pid 947] ssl_util_ssl.c(451): AH02412: [mail.example.com:443] Cert does not match for name 'mail.example.com' [subject: CN=vm1878795 / issuer: CN=vm1878795 / serial: 4AEB9107E420C7927F1EC0126E430A894F6BBC6B / notbefore: Aug 22 18:05:38 2023 GMT / notafter: Aug 19 18:05:38 2033 GMT]
[ssl:warn] [pid 947] AH01909: mail.example.com:443:0 server certificate does NOT include an ID which matches the server name
[ssl:info] [pid 947] AH02568: Certificate and private key mail.example.com:443:0 configured from /etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key
[ssl:info] [pid 947] AH01876: mod_ssl/2.4.52 compiled against Server: Apache/2.4.52, Library: OpenSSL/3.0.2

請問有什麼想法為什麼會https mail.example.com被預設主機而不是網域主機捕捉?

更新

這是一個輸出apachectl -D DUMP_VHOSTS

VirtualHost configuration:
*:443                  is a NameVirtualHost
     default server mail.example.com (/etc/apache2/sites-enabled/0-default-ssl.conf:2)
     port 443 namevhost mail.example.com (/etc/apache2/sites-enabled/0-default-ssl.conf:2)
     port 443 namevhost example.com (/etc/apache2/sites-enabled/example.com-ssl.conf:2)
             wild alias *.example.com
*:80                   is a NameVirtualHost
     default server mail.example.com (/etc/apache2/sites-enabled/0-default.conf:1)
     port 80 namevhost mail.example.com (/etc/apache2/sites-enabled/0-default.conf:1)
     port 80 namevhost example.com (/etc/apache2/sites-enabled/example.com.conf:1)
             wild alias *.example.com

所以問題可能應該是:為什麼它被視為mail.example.com預設伺服器名稱? PTR 指向可能mail.example.com是原因嗎?

相關內容