nginx – 我的www子域名收到了SSL_ERROR_BAD_CERT_DOMAIN

Nginx 前端之家
前端之家收集整理的这篇文章主要介绍了nginx – 我的www子域名收到了SSL_ERROR_BAD_CERT_DOMAIN前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

服务器:Ubuntu,Nginx.

我有一个域名example.com在namecheap.com注册并在DigitalOcean配置.
我有www子域名的CNAME记录:

www.example.com. 1800 IN CNAME example.com.

这是我的/ etc / Nginx / sites-enabled / default文件内容

# HTTP - redirect all requests to HTTPS
server {
    listen 80;
    listen [::]:80 default_server ipv6only=on;
    return 301 https://$host$request_uri;
}

# HTTPS - serve HTML from /usr/share/Nginx/html,proxy requests to /parse/
# through to Parse Server

server {
    listen               80;
    server_name          www.example.com;

    return 301 https://example.com$request_uri;
}

server {
        listen 443;
        server_name example.com;

        root /home/example/website;
        index index.html index.htm;

        ssl on;
        # Use certificate and key provided by Let's Encrypt:
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

        # Config (http://www.westphahl.net/blog/2012/01/03/setting-up-https-with-Nginx-and-startssl/)
        add_header Strict-Transport-Security max-age=31536000;
        add_header X-Frame-Options DENY;

        # Pass requests for /parse/ to Parse Server instance at localhost:1337
        location /parse/ {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Nginx-Proxy true;
                proxy_pass http://localhost:1337/;
                proxy_ssl_session_reuse off;
                proxy_set_header Host $http_host;
                proxy_redirect off;
        }

        location / {
                try_files $uri $uri/ =404;
        }

}

但是,当我尝试打开www.example.com时,Firefox会显示SSL_ERROR_BAD_CERT_DOMAIN“您的连接不安全”错误.

如何解决

答案:感谢所有建议者,向www子域发布SSL证书就可以了.

这是Let’s Encrypt的命令:

./letsencrypt-auto certonly --standalone -d example.com -d www.example.com
从Chrome的警告页面输出

This server could not prove that it is www.example.com; its security certificate is from example.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

证书已发布到顶级域example.com,但不是子域www.exmample.com.

如果ssl发行人说他们应该给你www,请与他们联系以获取更多信息.

请注意,此警告来自SSL握手级别,并且在请求到达Nginx服务器进行处理之前.

原文链接:https://www.f2er.com/nginx/435380.html
nginx

猜你在找的Nginx相关文章

Nginx基础知识学习(安装/进程模型/事件处理机制/详细配置/定时切割日志)
一、Linux下Nginx的安装 1.去官网 http://nginx.org/download/下载对应的Nginx安...
Nginx配置文件nginx.conf中location的匹配原则
一、空格:默认匹配、普通匹配 location / { root /home; } 二、= :精确匹配(表示匹配到...
nginx指定配置文件启动
``` nginx -c 配置文件路径 ``` ``` /usr/local/nginx/sbin/nginx -c /usr/local/nginx/co...
你真的了解负载均衡中间件nginx吗?
前言 nginx可所谓是如今最好用的软件级别的负载均衡了。通过nginx的高性能,并发能力强,占...
Ngnix负载均衡安装及配置
1.ngnix概念 Nginx是一款高性能的http 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理...
[Linux] nginx的try_files指令实现隐藏index.php的重写
1.nginx的try_files指令 ,核心功能是替代rewrite,并且比rewrite更强大的是可以按顺序查找...
[日常] 前端资源测试机上忽略版本号的的nginx配置
利用nginx的rewrite的指令,可以实现url的重新跳转,rewrtie有四种不同的flag,分别是redi...
[Nginx] 1.17.9中的更改日志
1. 不允许多个Host请求头 2. 忽略额外的Transfer-Encoding请求头 3.修复在HTTP/2时的socke...
[Linux] 解决nginx: [emerg] directive "rewrite" is not terminated by ";"
解决nginx: [emerg] directive "rewrite" is not terminated by &q...
[Nginx] location与rewrite配合处理项目的重写和路径问题
某个项目中路由是通过$_SERVER['REQUEST_URI']来进行的匹配处理 , 并且隐...
LinuxWindowsCentOSUbuntuNginxWebServiceScalaMemcacheApacheRedisDockerBashAzureTomcatLNMPShell数据结构服务器运维网络安全
xebugnodemondocker-copydcoselasticsearcwindows-contdocker-windodocker-awsamazon-cloudenvoyproxyhashicorp-vaswisscomdevkafka-pythonzscalerphoton-osdocker-swarmkamongoogle-cloudconcoursewso2-ampersistent-vapi-managerprocess-manamanjarojenkins-workhypriotremoteapikeystonejsbitcoindbitcoin-test