自动生成ssl打不开是什么原因?
用https无法打开是什么原因?创建过程:
# lnmp vhost add
+-------------------------------------------+
| Manager for LNMP, Written by Licess |
+-------------------------------------------+
| https://lnmp.org |
+-------------------------------------------+
Please enter domain(example: www.lnmp.org): www.areyouok.tk
Your domain: www.areyouok.tk
Enter more domain name(example: lnmp.org *.lnmp.org):
Please enter the directory for the domain: www.areyouok.tk
Default directory: /home/wwwroot/www.areyouok.tk: /home/wwwroot/tk
Virtual Host Directory: /home/wwwroot/tk
Allow Rewrite rule? (y/n) n
You choose rewrite: none
Allow access log? (y/n) y
Enter access log filename(Default:www.areyouok.tk.log):
You access log filename: www.areyouok.tk.log
Create database and MySQL user with same name (y/n) n
Add SSL Certificate (y/n) y
1: Use your own SSL Certificate and Key
2: Use Let's Encrypt to create SSL Certificate and Key
Enter 1 or 2: 2
Please enter your email address: test@qq.com
It will be processed automatically.
Press any key to start create virtul host...
Create Virtul Host directory......
set permissions of Virtual Host directory......
You select the exist rewrite rule:/usr/local/nginx/conf/none.conf
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
Gracefully shutting down php-fpm . done
Starting php-fpmdone
You select the exist rewrite rule:/usr/local/nginx/conf/none.conf
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
/bin/certbot
Starting create SSL Certificate use Let's Encrypt...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.areyouok.tk
Using the webroot path /home/wwwroot/tk for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.areyouok.tk/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.areyouok.tk/privkey.pem
Your cert will expire on 2018-04-19. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Let's encrypt crontab renew rule is exist.
Let's Encrypt SSL Certificate create successfully.
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
================================================
Virtualhost infomation:
Your domain: www.areyouok.tk
Home Directory: /home/wwwroot/tk
Rewrite: none
Enable log: yes
Create database: no
Create ftp account: no
Enable SSL: yes
=>Let's Encrypt
================================================ # vi www.areyouok.tk.conf
server
{
listen 80;
#listen [::]:80;
server_name www.areyouok.tk ;
index index.html index.htm index.php default.html default.htm default.php;
root/home/wwwroot/tk;
include none.conf;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log/home/wwwlogs/www.areyouok.tk.log;
}
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name www.areyouok.tk ;
index index.html index.htm index.php default.html default.htm default.php;
root/home/wwwroot/tk;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.areyouok.tk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.areyouok.tk/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
include none.conf;
#error_page 404 /404.html;
# Deny access to PHP files in specific directory
#location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log/home/wwwlogs/www.areyouok.tk.log;
} 证书生成正常就肯定没问题,自行排查防火墙、服务商是否有安全组、防火墙之类的设置
页:
[1]