VPS侦探论坛 › LNMP一键安装包 › www.xxx.com.conf配置文件中没有ssl的配置

33to9 发表于 2023-3-28 00:23:32

www.xxx.com.conf配置文件中没有ssl的配置

通过lnmp1.9一键安装后发现
www.xxx.com.conf配置文件中没有ssl的配置

即只有listen 80的配置，而listen 443的配置没有，导致也无法通过https访问，但证书的生成过程是OK的，路径是/usr/local/nginx/conf/ssl也没问题的，我把主域名和泛域名都申请了，有个www.xxx.com证书路径，也有xxx.com的证书路径
请问下是怎么回事？需要自己另外写入listen 443的配置吗？

licess 发表于 2023-3-28 08:36:14

复述一下你使用的什么命令及操作流程
你单独生成的泛域名ssl证书？
如果是用命令 lnmp onlyssl 模式下是只生成证书不生成配置文件的
如果添加过程报错也是不生成https站点配置的

wangpaishi 发表于 2023-3-28 10:18:58

不知道和我的情况一样不一样
看提示生成的证书路径/usr/local/nginx/conf/ssl/www.***.cn_ecc/www.***.cn.key
但是www.***.cn.conf里配置的证书路径是 /usr/local/nginx/conf/ssl/www.***.cn/www.***.cn.key
自己vim www.***.cn.conf修改证书路径添加 _ecc，搞定

wangpaishi 发表于 2023-3-28 10:22:46

如果没有配置，那就奇怪了，我的倒是正常配置，就只是路径不对
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name www.***.cn ***.cn;

33to9 发表于 2023-3-28 10:53:41

licess 发表于 2023-3-28 08:36
复述一下你使用的什么命令及操作流程
你单独生成的泛域名ssl证书？
如果是用命令 lnmp onlyssl 模式下是只 ...

我的操作是安装完lnmp后通过，lnmp add命令安装的.ssl证书也是在这个过程中完成的.添加过程并没有报错.
但确实在配置文件里不见443端口的ssl配置.
我也发传票问过主机商，他们并没限制443端口.

补充内容 (2023-3-28 14:11):
仔细看了下，ssl/下面缺少公钥，即没有拉到证书文件ssl_certificate /usr/local/nginx/conf/ssl/www.xxx.com/fullchain.cer

licess 发表于 2023-3-28 16:36:26

wangpaishi 发表于 2023-3-28 10:18
不知道和我的情况一样不一样
看提示生成的证书路径/usr/local/nginx/conf/ssl/www.***.cn_ecc/www.***.cn ...

带_ecc的证书是有问题的，是不会生成https站点配置文件的，按置顶帖修复一下

33to9 发表于 2023-3-28 18:50:23

licess 发表于 2023-3-28 16:36
带_ecc的证书是有问题的，是不会生成https站点配置文件的，按置顶帖修复一下 ...

准备自己写个conf，但# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
      ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
这一行我看ssl下面没有dhparam.pem存在了，这个要怎么处理呢？

33to9 发表于 2023-3-28 18:53:00

全部如下：
server
    {
      listen 443 ssl http2;
      #listen [::]:443 ssl http2;
      server_name www.xxx.com xxx.com;
      index index.html index.htm index.php default.html default.htm default.php;
      root/home/wwwroot/www.xxx.com;

      ssl_certificate /usr/local/nginx/conf/ssl/www.xxx.com/www.xxx.com.csr;
      ssl_certificate_key /usr/local/nginx/conf/ssl/www.xxx.com/www.xxx.com.key;
      ssl_session_timeout 5m;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
      ssl_prefer_server_ciphers on;
      ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
      ssl_session_cache builtin:1000 shared:SSL:10m;
      # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
      ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

33to9 发表于 2023-3-28 23:48:37

licess 发表于 2023-3-28 08:36
复述一下你使用的什么命令及操作流程
你单独生成的泛域名ssl证书？
如果是用命令 lnmp onlyssl 模式下是只 ...

我目前给出的信息不够吗~

licess 发表于 2023-3-29 10:06:17

33to9 发表于 2023-3-28 18:50
准备自己写个conf，但# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
      ssl_ ...

# 后面就是生成命令，这就是特意添加的

33to9 发表于 2023-3-29 13:56:54

licess 发表于 2023-3-29 10:06
# 后面就是生成命令，这就是特意添加的


重新安装了一遍系统，拉证书的时候报错了，这个是啥错误~？

2023-03-29 13:53:53 (279 KB/s) - 'latest.tar.gz' saved

It is recommended to install socat first.
We use socat for standalone server if you use standalone mode.
If you don't use standalone mode, just ignore this warning.
Installing to /usr/local/acme.sh
Installed to /usr/local/acme.sh/acme.sh
Installing alias to '/root/.bashrc'
OK, Close and reopen your terminal to start using acme.sh
Installing cron job
no crontab for root
no crontab for root
Good, bash is found, so change the shebang to use bash as preferred.
OK
Add acme.sh upgrade crontab rule...
Restarting cron (via systemctl): cron.service.
Generate ssl certificate using Let's Encrypt...
Using CA: https://acme-v02.api.letsencrypt.org/directory
Create account key ok.
Registering account: https://acme-v02.api.letsencrypt.org/directory
Registered
ACCOUNT_THUMBPRINT='gWY5QCF1-wnQHM4lNe4XJu3-EA37tfAV9JNnELutfMw'
Creating domain key
The domain key is here: /usr/local/nginx/conf/ssl/www.xxx.com/www.xxx.com.key
Multi domain='DNS:www.xxx.com,DNS:xxx.com,DNS:*.xxx.com'
Getting domain auth token for each domain
Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Error creating new order :: Domain name \"www.xxx.com\" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.",
"status": 400
}
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
Generate SSL Certificate failed!
================================================
Virtualhost infomation:
Your domain: www.xxx.com
Home Directory: /home/wwwroot/www.xxx.com
Rewrite: wordpress
Enable log: no
Create database: no
Create ftp account: no
Enable SSL: yes
=>Let's Encrypt
IPv6 Support: Disabled
----

33to9 发表于 2023-3-29 15:31:25

Running cmd: issue
_main_domain='www.xxx.com'
_alt_domains='xxx.com,*.xxx.com'
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
DOMAIN_PATH='/usr/local/nginx/conf/ssl/www.xxx.com'
Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
_init api for server: https://acme-v02.api.letsencrypt.org/directory
GET
url='https://acme-v02.api.letsencrypt.org/directory'
timeout=
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L '
ret='0'
ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
ACME_NEW_AUTHZ
ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
Using CA: https://acme-v02.api.letsencrypt.org/directory
_on_before_issue
_chk_main_domain='www.xxx.com'
_chk_alt_domains='xxx.com,*.xxx.com'
Le_LocalAddress
d='www.xxx.com'
Check for domain='www.xxx.com'
_currentRoot='/home/wwwroot/www.xxx.com'
d='xxx.com'
Check for domain='xxx.com'
_currentRoot='/home/wwwroot/www.xxx.com'
d='*.xxx.com'
Check for domain='*.xxx.com'
_currentRoot='/home/wwwroot/www.xxx.com'
d
config file is empty, can not read CA_KEY_HASH
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
_init api for server: https://acme-v02.api.letsencrypt.org/directory
length='2048'
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
Use length 2048
Using RSA: 2048
Create account key ok.
RSA key
config file is empty, can not read CA_EAB_KEY_ID
config file is empty, can not read CA_EAB_HMAC_KEY
Registering account: https://acme-v02.api.letsencrypt.org/directory
url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
payload='{"contact": ["mailto:cn33to9@gmail.com"], "termsOfServiceAgreed": true}'
HEAD
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-I'
_ret='0'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L '
_ret='0'
code='201'
Registered
_accUri='https://acme-v02.api.letsencrypt.org/acme/acct/1032715997'
Calc CA_KEY_HASH='25BMexWmOFIHFteYp2ftXge4YND7UfQj0nl7U0F4ia8='
ACCOUNT_THUMBPRINT='gWY5QCF1-wnQHM4lNe4XJu3-EA37tfAV9JNnELutfMw'
Read key length:2048
Creating domain key
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
Use length 2048
Using RSA: 2048
The domain key is here: /usr/local/nginx/conf/ssl/www.xxx.com/www.xxx.com.key
_createcsr
Multi domain='DNS:www.xxx.com,DNS:xxx.com,DNS:*.xxx.com'
Getting domain auth token for each domain
d='xxx.com'
d='*.xxx.com'
d
url='https://acme-v02.api.letsencrypt.org/acme/new-order'
payload='{"identifiers": [{"type":"dns","value":"www.xxx.com"},{"type":"dns","value":"xxx.com"},{"type":"dns","value":"*.xxx.com"}]}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L '
_ret='0'
code='400'
Le_LinkOrder
Le_OrderFinalize
Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Error creating new order :: Domain name \"www.xxx.com\" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.",
"status": 400
}
pid
No need to restore nginx, skip.
_clearupdns
dns_entries
skip dns.
_on_issue_err
Please check log file for more details: /usr/local/acme.sh/acme.sh.log

-----------------------------------------------------------------------------------
acme.sh.log

licess 发表于 2023-3-30 08:16:33

33to9 发表于 2023-3-29 15:31
Running cmd: issue
_main_domain='www.x ...
Error creating new order :: Domain name \"www.xxx.com\" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.

泛域名ssl不能包含www的域名，www本身就是二级域名已经在 *.xxx.com 里面了

33to9 发表于 2023-3-30 10:26:13

licess 发表于 2023-3-30 08:16
Error creating new order :: Domain name \"www.xxx.com\" is redundant with a wildcard domain in the...

好的，我删除重新装了一下，没加泛域名，这次成功了~感谢

查看完整版本: www.xxx.com.conf配置文件中没有ssl的配置