打印

自动生成ssl打不开是什么原因?

自动生成ssl打不开是什么原因?

用https无法打开是什么原因?
创建过程:
[root@host wwwroot]# lnmp vhost add
+-------------------------------------------+
|    Manager for LNMP, Written by Licess    |
+-------------------------------------------+
|              https://lnmp.org             |
+-------------------------------------------+
Please enter domain(example: www.lnmp.org): www.areyouok.tk
Your domain: www.areyouok.tk
Enter more domain name(example: lnmp.org *.lnmp.org):
Please enter the directory for the domain: www.areyouok.tk
Default directory: /home/wwwroot/www.areyouok.tk: /home/wwwroot/tk
Virtual Host Directory: /home/wwwroot/tk
Allow Rewrite rule? (y/n) n
You choose rewrite: none
Allow access log? (y/n) y
Enter access log filename(Default:www.areyouok.tk.log):
You access log filename: www.areyouok.tk.log
Create database and MySQL user with same name (y/n) n
Add SSL Certificate (y/n) y
1: Use your own SSL Certificate and Key
2: Use Let's Encrypt to create SSL Certificate and Key
Enter 1 or 2: 2
Please enter your email address: test@qq.com
It will be processed automatically.

Press any key to start create virtul host...
Create Virtul Host directory......
set permissions of Virtual Host directory......
You select the exist rewrite rule:/usr/local/nginx/conf/none.conf
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
Gracefully shutting down php-fpm . done
Starting php-fpm  done
You select the exist rewrite rule:/usr/local/nginx/conf/none.conf
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
/bin/certbot [found]
Starting create SSL Certificate use Let's Encrypt...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.areyouok.tk
Using the webroot path /home/wwwroot/tk for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.areyouok.tk/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.areyouok.tk/privkey.pem
   Your cert will expire on 2018-04-19. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
- If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Let's encrypt crontab renew rule is exist.
Let's Encrypt SSL Certificate create successfully.
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
================================================
Virtualhost infomation:
Your domain: www.areyouok.tk
Home Directory: /home/wwwroot/tk
Rewrite: none
Enable log: yes
Create database: no
Create ftp account: no
Enable SSL: yes
  =>Let's Encrypt
================================================

TOP

[root@host vhost]# vi www.areyouok.tk.conf
server
    {
        listen 80;
        #listen [::]:80;
        server_name www.areyouok.tk ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/tk;

        include none.conf;
        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include enable-php.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }
location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/www.areyouok.tk.log;
    }

server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
server_name www.areyouok.tk ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/tk;
        ssl on;
        ssl_certificate /etc/letsencrypt/live/www.areyouok.tk/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.areyouok.tk/privkey.pem;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;
        # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

        include none.conf;
        #error_page   404   /404.html;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include enable-php.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }
               
        access_log  /home/wwwlogs/www.areyouok.tk.log;
    }

TOP

证书生成正常就肯定没问题,自行排查防火墙、服务商是否有安全组、防火墙之类的设置

LNMP付费问题排查/LNMP技术支持/Paypal信用卡代付/代购VPS,域名,软件等 QQ 503228080 旺旺 lzhenbao
军哥淘宝店铺
QQ/旺旺仅提供代购及付费代维/问题解决等服务,其他不回复!LNMP相关问题请在本论坛发帖,提问前先搜索,按https://bbs.vpser.net/thread-2555-1-1.html 要求反馈问题!

TOP