一个requests SSLError问题

用docker部署一个内部应用,一切正常,就是客户端用requests调用api的时候,一直报SSLError,开始怀疑是客户端的问题,重装requests, 甚至重新编译安装客户端python。

无意中用requests请求了下公司官网,哇操,一切正常,又请求某度之类的测网速网站,都正常。

那么就是服务端问题了,因为服务端同时部署有ERP,第三方开发的,Apache还不让升级,也不能改为Nginx,麻蛋,ERP公司的技术水平真是令人蛋疼。。。

于是跟ERP共用Apache绑定多个域名,Let's Encrypt证书

https://www.ssllabs.com/ssltest/ 上面测试域名,显示B(除了这台服务器别的都是A+),然后提示一个错误 Chain issues: incomplete。

想想也只能是这个问题了,参考:https://lymsaga.top/2018/07/25/lnmp-ssl/

把配置节从


    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/wkwk.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/wkwk.com/privkey.pem
    

改为


    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/wkwk.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/wkwk.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/wkwk.com/chain.pem
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"

第一次不成功,不知道是不是太晚了脑袋是晕的,忘记重启Apache了还是什么原因,中间隔了半天,后面一次重启Apache。

ssllabs.com上测试也没有Chain Issues Incomplete了,但依然显示B,但客户端requests也可以调用api了。

睡之。

Alejandra :
Hello there , I saw you mention SSL certificates on your page here: laonan.net/blog/z2Udziv+EeqWQPI8kVRt8A/ - I really enjoyed the resource, thanks for sharing. A friend recently recommended a new SSL checker tool, and I personally think it’s much more user-friendly than most of the tools I’ve ever used. I like that it’s ad-free and straightforward; while most tools are full of useless content. I thought you might want to add it to your page, I’m pretty sure your users will like it! Here it is: https://www.websiteplanet.com/webtools/ssl-checker/ It allows you to check your SSL certificate quickly and easily. (And it’s completely free!) 😊 I hope I was able to return the favor, Alejandra
For example, "name@something.com". If someone replies to you it will be via email.
For example, "http://someaddress.com"