VPS侦探论坛

 找回密码
 注册
查看: 291|回复: 7

SSL证书生成成功但是无法访问

[复制链接]
发表于 2019-5-30 23:55:10 | 显示全部楼层 |阅读模式



1、chrome访问提示This site can’t provide a secure connection
xxx.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR\


2、运行openssl s_client -connect 域名:443 错误如下:






本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?注册

x
Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org/
发表于 2019-5-31 09:25:50 | 显示全部楼层


你自己写的配置文件还是自动生成的?自己写的配置贴出来看看,自动生成的话是否改动过?
Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org/
 楼主| 发表于 2019-6-1 06:28:09 | 显示全部楼层

本帖最后由 reecho 于 2019-6-1 06:29 编辑

nginx.conf
--------------------------------------------------------
user  www www;

worker_processes auto;

error_log  /home/wwwlogs/nginx_error.log  crit;

pid        /usr/local/nginx/logs/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
    {
        use epoll;
        worker_connections 51200;
        multi_accept on;
    }

http
    {
        include       mime.types;
        default_type  application/octet-stream;

        server_names_hash_bucket_size 128;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 50m;

        sendfile   on;
        tcp_nopush on;

        keepalive_timeout 60;

        tcp_nodelay on;

        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 64k;
        fastcgi_buffers 4 64k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 256k;

        gzip on;
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_comp_level 2;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";

        #limit_conn_zone $binary_remote_addr zone=perip:10m;
        ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.

        server_tokens off;
        #log format
        log_format  access  '$remote_addr - $remote_user [$time_local] "$request" '
             '$status $body_bytes_sent "$http_referer" '
             '"$http_user_agent" $http_x_forwarded_for';
                access_log off;

server
    {
        listen 80 default_server;
        #listen [::]:80 default_server ipv6only=on;
        server_name www.lnmp.org;
        index index.html index.htm index.php;
        root  /home/wwwroot;

        #error_page   404   /404.html;
        include enable-php.conf;

        location /nginx_status
        {
            stub_status on;
            access_log   off;
        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }
        
        location ~ /.well-known
        {
           allow all;
        }
        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/access.log  access;
    }
include vhost/*.conf;
}
--------------------------------------------------


xxxxx.com.conf
---------------------------------------------------server
    {
        listen 443 http2;
        ssl on;
        ssl_certificate /usr/local/nginx/conf/ssl/xxxxxx.com/xxxxxx.com.cer;
        ssl_certificate_key /usr/local/nginx/conf/ssl/xxxxxx.com/xxxxxx.com.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        #ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        server_name xxxxxx.com ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/xxxxxx.com;

        include exmuseum.conf;
        #error_page   404   /404.html;
        location ~ [^/]\.php(/|$)
        {
            # comment try_files $uri =404; to enable pathinfo
            try_files $uri =404;
            fastcgi_pass  unix:/tmp/php-cgi.sock;
            fastcgi_index index.php;
            include fastcgi.conf;
            #include pathinfo.conf;
        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        access_log off;
    }

军哥,有空帮忙看看。


美国VPS推荐: 遨游主机LinodeLOCVPSKVMLAVPS2EZ搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
 楼主| 发表于 2019-6-1 06:32:51 | 显示全部楼层



licess 发表于 2019-5-31 09:25
你自己写的配置文件还是自动生成的?自己写的配置贴出来看看,自动生成的话是否改动过? ...

基本无修改,nginx.conf 和 xxxxx.com.conf配置如下

nginx.conf
--------------------------------------------------------
user  www www;

worker_processes auto;

error_log  /home/wwwlogs/nginx_error.log  crit;

pid        /usr/local/nginx/logs/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

events
    {
        use epoll;
        worker_connections 51200;
        multi_accept on;
    }

http
    {
        include       mime.types;
        default_type  application/octet-stream;

        server_names_hash_bucket_size 128;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 50m;

        sendfile   on;
        tcp_nopush on;

        keepalive_timeout 60;

        tcp_nodelay on;

        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        fastcgi_buffer_size 64k;
        fastcgi_buffers 4 64k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 256k;

        gzip on;
        gzip_min_length  1k;
        gzip_buffers     4 16k;
        gzip_http_version 1.1;
        gzip_comp_level 2;
        gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
        gzip_vary on;
        gzip_proxied   expired no-cache no-store private auth;
        gzip_disable   "MSIE [1-6]\.";

        #limit_conn_zone $binary_remote_addr zone=perip:10m;
        ##If enable limit_conn_zone,add "limit_conn perip 10;" to server section.

        server_tokens off;
        #log format
        log_format  access  '$remote_addr - $remote_user [$time_local] "$request" '
             '$status $body_bytes_sent "$http_referer" '
             '"$http_user_agent" $http_x_forwarded_for';
                access_log off;

server
    {
        listen 80 default_server;
        #listen [::]:80 default_server ipv6only=on;
        server_name www.lnmp.org;
        index index.html index.htm index.php;
        root  /home/wwwroot;

        #error_page   404   /404.html;
        include enable-php.conf;

        location /nginx_status
        {
            stub_status on;
            access_log   off;
        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }
        
        location ~ /.well-known
        {
           allow all;
        }
        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/access.log  access;
    }
include vhost/*.conf;
}
--------------------------------------------------


xxxxx.com.conf
---------------------------------------------------server
    {
        listen 443 http2;
        ssl on;
        ssl_certificate /usr/local/nginx/conf/ssl/xxxxxx.com/xxxxxx.com.cer;
        ssl_certificate_key /usr/local/nginx/conf/ssl/xxxxxx.com/xxxxxx.com.key;
        ssl_session_timeout 5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        #ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        server_name xxxxxx.com ;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/xxxxxx.com;

        include exmuseum.conf;
        #error_page   404   /404.html;
        location ~ [^/]\.php(/|$)
        {
            # comment try_files $uri =404; to enable pathinfo
            try_files $uri =404;
            fastcgi_pass  unix:/tmp/php-cgi.sock;
            fastcgi_index index.php;
            include fastcgi.conf;
            #include pathinfo.conf;
        }

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        access_log off;
    }

军哥,有空帮忙看看。
美国VPS推荐: 遨游主机LinodeLOCVPSKVMLAVPS2EZ搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
发表于 2019-6-1 10:03:04 | 显示全部楼层

reecho 发表于 2019-6-1 06:32
基本无修改,nginx.conf 和 xxxxx.com.conf配置如下

nginx.conf

你这还叫基本无修改啊
开ssl啥最重要,肯定是ssl,只写个http2不带ssl啥用不管

再次再次再次强调不会自己写配置或不是太明白不要自己修改,直接 lnmp vhost add 生成配置文件

美国VPS、VPN、域名代购:http://shop63846532.taobao.com/

 楼主| 发表于 2019-6-1 12:13:43 | 显示全部楼层


licess 发表于 2019-6-1 10:03
你这还叫基本无修改啊
开ssl啥最重要,肯定是ssl,只写个http2不带ssl啥用不管

因之前用 lnmp ssh add命令增加过,想用lnmp vhost add重新生成,于是用acme.sh 对自己域名用了revoke remove等命令
添加的时候acme.sh.log错误如下:
[Sat Jun  1 04:10:08 UTC 2019] _main_domain='exmuseum.com'
[Sat Jun  1 04:10:08 UTC 2019] _alt_domains='no'
[Sat Jun  1 04:10:08 UTC 2019] Using config home:/usr/local/acme.sh
[Sat Jun  1 04:10:08 UTC 2019] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sat Jun  1 04:10:08 UTC 2019] DOMAIN_PATH='/usr/local/nginx/conf/ssl/exmuseum.com'
[Sat Jun  1 04:10:08 UTC 2019] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sat Jun  1 04:10:08 UTC 2019] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sat Jun  1 04:10:08 UTC 2019] GET
[Sat Jun  1 04:10:08 UTC 2019] url='https://acme-v02.api.letsencrypt.org/directory'
[Sat Jun  1 04:10:08 UTC 2019] timeout=
[Sat Jun  1 04:10:08 UTC 2019] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
[Sat Jun  1 04:10:08 UTC 2019] ret='0'
[Sat Jun  1 04:10:09 UTC 2019] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Sat Jun  1 04:10:09 UTC 2019] ACME_NEW_AUTHZ
[Sat Jun  1 04:10:09 UTC 2019] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Jun  1 04:10:09 UTC 2019] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sat Jun  1 04:10:09 UTC 2019] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Sat Jun  1 04:10:09 UTC 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sat Jun  1 04:10:09 UTC 2019] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Jun  1 04:10:09 UTC 2019] ACME_VERSION='2'
[Sat Jun  1 04:10:09 UTC 2019] Le_NextRenewTime
[Sat Jun  1 04:10:09 UTC 2019] _on_before_issue
[Sat Jun  1 04:10:09 UTC 2019] _chk_main_domain='exmuseum.com'
[Sat Jun  1 04:10:09 UTC 2019] _chk_alt_domains
[Sat Jun  1 04:10:09 UTC 2019] Le_LocalAddress
[Sat Jun  1 04:10:09 UTC 2019] d='exmuseum.com'
[Sat Jun  1 04:10:09 UTC 2019] Check for domain='exmuseum.com'
[Sat Jun  1 04:10:09 UTC 2019] _currentRoot='/home/wwwroot/exmuseum.com'
[Sat Jun  1 04:10:09 UTC 2019] d
[Sat Jun  1 04:10:09 UTC 2019] _saved_account_key_hash is not changed, skip register account.
[Sat Jun  1 04:10:09 UTC 2019] Read key length:
[Sat Jun  1 04:10:09 UTC 2019] _createcsr
[Sat Jun  1 04:10:09 UTC 2019] Single domain='exmuseum.com'
[Sat Jun  1 04:10:09 UTC 2019] Getting domain auth token for each domain
[Sat Jun  1 04:10:09 UTC 2019] d
[Sat Jun  1 04:10:09 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Jun  1 04:10:09 UTC 2019] payload='{"identifiers": [{"type":"dns","value":"exmuseum.com"}]}'
[Sat Jun  1 04:10:09 UTC 2019] RSA key
[Sat Jun  1 04:10:09 UTC 2019] HEAD
[Sat Jun  1 04:10:09 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Jun  1 04:10:09 UTC 2019] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
[Sat Jun  1 04:10:09 UTC 2019] _ret='0'
[Sat Jun  1 04:10:09 UTC 2019] POST
[Sat Jun  1 04:10:09 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Jun  1 04:10:09 UTC 2019] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
[Sat Jun  1 04:10:09 UTC 2019] _ret='0'
[Sat Jun  1 04:10:09 UTC 2019] code='429'
[Sat Jun  1 04:10:09 UTC 2019] Le_LinkOrder
[Sat Jun  1 04:10:09 UTC 2019] Le_OrderFinalize
[Sat Jun  1 04:10:09 UTC 2019] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many certificates already issued for exact set of domains: exmuseum.com: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Sat Jun  1 04:10:09 UTC 2019] pid
[Sat Jun  1 04:10:09 UTC 2019] No need to restore nginx, skip.
[Sat Jun  1 04:10:09 UTC 2019] _clearupdns
[Sat Jun  1 04:10:09 UTC 2019] dns_entries
[Sat Jun  1 04:10:09 UTC 2019] skip dns.
[Sat Jun  1 04:10:09 UTC 2019] _on_issue_err
[Sat Jun  1 04:10:09 UTC 2019] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
美国VPS推荐: 遨游主机LinodeLOCVPSKVMLAVPS2EZ搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
发表于 2019-6-1 13:21:48 | 显示全部楼层

"detail": "Error creating new order :: too many certificates already issued for exact set of domains: exmuseum.com: see https://letsencrypt.org/docs/rate-limits/",

超了官网限制,这个没办法解决,唯一就是等到时间自动解禁
美国VPS推荐: 遨游主机LinodeLOCVPSKVMLAVPS2EZ搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|VPS侦探 ( 鲁ICP备16040043号-1 )

GMT+8, 2019-8-22 18:17 , Processed in 0.226630 second(s), 27 queries .

Powered by Discuz! X3.4

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表