我有很多php项目在Lightsail LAMP服务器上运行。最近他们已经停止工作,因为他们无法调用Wordpress API运行在另一个服务器上。我可以在我的机器上卷曲这个端点,但是当我试图从任何Lightsail服务器上卷曲时,我收到的是"SSL证书问题:证书已过期">
此网站的证书在一个月内不会过期,当我从localhost curl时,在curl上运行verbose标志时会确认这一点。我也检查了整个证书链是完整的,它似乎是。
从其他服务器(或从自己)访问服务器时的输出:
bitnami@<server address>:~$ curl -I https://<server address> -v
* Rebuilt URL to: https://localhost/
* Trying <server address>...
* Connected to <server address> port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /opt/bitnami/common/openssl/certs/curl-ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: certificate has expired
* Closing connection 0
curl: (60) SSL certificate problem: certificate has expired
More details here: http://curl.haxx.se/docs/sslcerts.html
输出时从本地机器:
* Trying <server address>...
* TCP_NODELAY set
* Connected to <server address> (<server address>) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=<server address>
* start date: Aug 9 22:55:44 2021 GMT
* expire date: Nov 7 22:55:42 2021 GMT
* subjectAltName: host "<server address>" matched cert's "<server address>"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Server auth using Basic with user <auth code>
> HEAD <path> HTTP/1.1
> Host: <server address>
> Authorization: Basic <auth code>
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
任何关于为什么会发生这种情况的想法将非常感激。谢谢!
这很可能是由LetsEncrypt证书过期引起的。检查:https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/