www.xxx.com.conf配置文件中没有ssl的配置

33to9 · 发表于 2023-3-28 00:23:32

通过lnmp1.9一键安装后发现
www.xxx.com.conf配置文件中没有ssl的配置

即只有listen 80的配置，而listen 443的配置没有，导致也无法通过https访问，但证书的生成过程是OK的，路径是/usr/local/nginx/conf/ssl也没问题的，我把主域名和泛域名都申请了，有个www.xxx.com证书路径，也有xxx.com的证书路径
请问下是怎么回事？需要自己另外写入listen 443的配置吗？

licess · 发表于 2023-3-28 08:36:14

复述一下你使用的什么命令及操作流程
你单独生成的泛域名ssl证书？
如果是用命令 lnmp onlyssl 模式下是只生成证书不生成配置文件的
如果添加过程报错也是不生成https站点配置的

wangpaishi · 发表于 2023-3-28 10:18:58

不知道和我的情况一样不一样
看提示生成的证书路径 /usr/local/nginx/conf/ssl/www.***.cn_ecc/www.***.cn.key
但是www.***.cn.conf里配置的证书路径是 /usr/local/nginx/conf/ssl/www.***.cn/www.***.cn.key
自己vim www.***.cn.conf修改证书路径添加 _ecc，搞定

wangpaishi · 发表于 2023-3-28 10:22:46

如果没有配置，那就奇怪了，我的倒是正常配置，就只是路径不对

listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name www.***.cn ***.cn;

复制代码

33to9 · 发表于 2023-3-28 10:53:41

licess 发表于 2023-3-28 08:36
复述一下你使用的什么命令及操作流程
你单独生成的泛域名ssl证书？
如果是用命令 lnmp onlyssl 模式下是只 ...

我的操作是安装完lnmp后通过，lnmp add命令安装的.ssl证书也是在这个过程中完成的.添加过程并没有报错.
但确实在配置文件里不见443端口的ssl配置.
我也发传票问过主机商，他们并没限制443端口.

补充内容 (2023-3-28 14:11):
仔细看了下，ssl/下面缺少公钥，即没有拉到证书文件ssl_certificate /usr/local/nginx/conf/ssl/www.xxx.com/fullchain.cer

licess · 发表于 2023-3-28 16:36:26

wangpaishi 发表于 2023-3-28 10:18
不知道和我的情况一样不一样
看提示生成的证书路径 /usr/local/nginx/conf/ssl/www.***.cn_ecc/www.***.cn ...

带_ecc的证书是有问题的，是不会生成https站点配置文件的，按置顶帖修复一下

33to9 · 发表于 2023-3-28 18:50:23

licess 发表于 2023-3-28 16:36
带_ecc的证书是有问题的，是不会生成https站点配置文件的，按置顶帖修复一下 ...

准备自己写个conf，但# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
这一行我看ssl下面没有dhparam.pem存在了，这个要怎么处理呢？

33to9 · 发表于 2023-3-28 18:53:00

全部如下：
server
{
      listen 443 ssl http2;
      #listen [::]:443 ssl http2;
      server_name www.xxx.com xxx.com;
      index index.html index.htm index.php default.html default.htm default.php;
      root  /home/wwwroot/www.xxx.com;

      ssl_certificate /usr/local/nginx/conf/ssl/www.xxx.com/www.xxx.com.csr;
      ssl_certificate_key /usr/local/nginx/conf/ssl/www.xxx.com/www.xxx.com.key;
      ssl_session_timeout 5m;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
      ssl_prefer_server_ciphers on;
      ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
      ssl_session_cache builtin:1000 shared:SSL:10m;
      # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
      ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;

33to9 · 发表于 2023-3-28 23:48:37

licess 发表于 2023-3-28 08:36
复述一下你使用的什么命令及操作流程
你单独生成的泛域名ssl证书？
如果是用命令 lnmp onlyssl 模式下是只 ...

我目前给出的信息不够吗~

licess · 发表于 2023-3-29 10:06:17

33to9 发表于 2023-3-28 18:50
准备自己写个conf，但# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_ ...

# 后面就是生成命令，这就是特意添加的

33to9 · 发表于 2023-3-29 13:56:54

licess 发表于 2023-3-29 10:06
# 后面就是生成命令，这就是特意添加的

重新安装了一遍系统，拉证书的时候报错了，这个是啥错误~？

2023-03-29 13:53:53 (279 KB/s) - 'latest.tar.gz' saved [270092/270092]

[Wed Mar 29 13:53:53 CST 2023] It is recommended to install socat first.
[Wed Mar 29 13:53:53 CST 2023] We use socat for standalone server if you use standalone mode.
[Wed Mar 29 13:53:53 CST 2023] If you don't use standalone mode, just ignore this warning.
[Wed Mar 29 13:53:53 CST 2023] Installing to /usr/local/acme.sh
[Wed Mar 29 13:53:53 CST 2023] Installed to /usr/local/acme.sh/acme.sh
[Wed Mar 29 13:53:53 CST 2023] Installing alias to '/root/.bashrc'
[Wed Mar 29 13:53:53 CST 2023] OK, Close and reopen your terminal to start using acme.sh
[Wed Mar 29 13:53:53 CST 2023] Installing cron job
no crontab for root
no crontab for root
[Wed Mar 29 13:53:53 CST 2023] Good, bash is found, so change the shebang to use bash as preferred.
[Wed Mar 29 13:53:54 CST 2023] OK
Add acme.sh upgrade crontab rule...
Restarting cron (via systemctl): cron.service.
Generate ssl certificate using Let's Encrypt...
[Wed Mar 29 13:53:55 CST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 29 13:53:55 CST 2023] Create account key ok.
[Wed Mar 29 13:53:55 CST 2023] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 29 13:53:57 CST 2023] Registered
[Wed Mar 29 13:53:57 CST 2023] ACCOUNT_THUMBPRINT='gWY5QCF1-wnQHM4lNe4XJu3-EA37tfAV9JNnELutfMw'
[Wed Mar 29 13:53:57 CST 2023] Creating domain key
[Wed Mar 29 13:53:57 CST 2023] The domain key is here: /usr/local/nginx/conf/ssl/www.xxx.com/www.xxx.com.key
[Wed Mar 29 13:53:57 CST 2023] Multi domain='DNS:www.xxx.com,DNS:xxx.com,DNS:*.xxx.com'
[Wed Mar 29 13:53:57 CST 2023] Getting domain auth token for each domain
[Wed Mar 29 13:53:58 CST 2023] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Error creating new order :: Domain name \"www.xxx.com\" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.",
  "status": 400
}
[Wed Mar 29 13:53:58 CST 2023] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
Generate SSL Certificate failed!
================================================
Virtualhost infomation:
Your domain: www.xxx.com
Home Directory: /home/wwwroot/www.xxx.com
Rewrite: wordpress
Enable log: no
Create database: no
Create ftp account: no
Enable SSL: yes
  =>Let's Encrypt
IPv6 Support: Disabled
----

33to9 · 发表于 2023-3-29 15:31:25

[Wed Mar 29 13:53:54 CST 2023] Running cmd: issue
[Wed Mar 29 13:53:54 CST 2023] _main_domain='www.xxx.com'
[Wed Mar 29 13:53:54 CST 2023] _alt_domains='xxx.com,*.xxx.com'
[Wed Mar 29 13:53:54 CST 2023] Using config home:/usr/local/acme.sh
[Wed Mar 29 13:53:54 CST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Wed Mar 29 13:53:54 CST 2023] DOMAIN_PATH='/usr/local/nginx/conf/ssl/www.xxx.com'
[Wed Mar 29 13:53:54 CST 2023] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 29 13:53:54 CST 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 29 13:53:54 CST 2023] GET
[Wed Mar 29 13:53:54 CST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
[Wed Mar 29 13:53:54 CST 2023] timeout=
[Wed Mar 29 13:53:54 CST 2023] _CURL='curl --silent --dump-header /usr/local/acme.sh/http.header  -L '
[Wed Mar 29 13:53:55 CST 2023] ret='0'
[Wed Mar 29 13:53:55 CST 2023] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Wed Mar 29 13:53:55 CST 2023] ACME_NEW_AUTHZ
[Wed Mar 29 13:53:55 CST 2023] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed Mar 29 13:53:55 CST 2023] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Wed Mar 29 13:53:55 CST 2023] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Wed Mar 29 13:53:55 CST 2023] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[Wed Mar 29 13:53:55 CST 2023] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Mar 29 13:53:55 CST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 29 13:53:55 CST 2023] _on_before_issue
[Wed Mar 29 13:53:55 CST 2023] _chk_main_domain='www.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] _chk_alt_domains='xxx.com,*.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] Le_LocalAddress
[Wed Mar 29 13:53:55 CST 2023] d='www.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] Check for domain='www.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] _currentRoot='/home/wwwroot/www.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] d='xxx.com'
[Wed Mar 29 13:53:55 CST 2023] Check for domain='xxx.com'
[Wed Mar 29 13:53:55 CST 2023] _currentRoot='/home/wwwroot/www.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] d='*.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] Check for domain='*.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] _currentRoot='/home/wwwroot/www.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] d
[Wed Mar 29 13:53:55 CST 2023] config file is empty, can not read CA_KEY_HASH
[Wed Mar 29 13:53:55 CST 2023] Using config home:/usr/local/acme.sh
[Wed Mar 29 13:53:55 CST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Wed Mar 29 13:53:55 CST 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 29 13:53:55 CST 2023] length='2048'
[Wed Mar 29 13:53:55 CST 2023] Using config home:/usr/local/acme.sh
[Wed Mar 29 13:53:55 CST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Wed Mar 29 13:53:55 CST 2023] Use length 2048
[Wed Mar 29 13:53:55 CST 2023] Using RSA: 2048
[Wed Mar 29 13:53:55 CST 2023] Create account key ok.
[Wed Mar 29 13:53:55 CST 2023] RSA key
[Wed Mar 29 13:53:55 CST 2023] config file is empty, can not read CA_EAB_KEY_ID
[Wed Mar 29 13:53:55 CST 2023] config file is empty, can not read CA_EAB_HMAC_KEY
[Wed Mar 29 13:53:55 CST 2023] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 29 13:53:55 CST 2023] url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Wed Mar 29 13:53:55 CST 2023] payload='{"contact": ["mailto:cn33to9@gmail.com"], "termsOfServiceAgreed": true}'
[Wed Mar 29 13:53:56 CST 2023] HEAD
[Wed Mar 29 13:53:56 CST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Mar 29 13:53:56 CST 2023] _CURL='curl --silent --dump-header /usr/local/acme.sh/http.header  -L  -I  '
[Wed Mar 29 13:53:56 CST 2023] _ret='0'
[Wed Mar 29 13:53:56 CST 2023] POST
[Wed Mar 29 13:53:56 CST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Wed Mar 29 13:53:56 CST 2023] _CURL='curl --silent --dump-header /usr/local/acme.sh/http.header  -L '
[Wed Mar 29 13:53:57 CST 2023] _ret='0'
[Wed Mar 29 13:53:57 CST 2023] code='201'
[Wed Mar 29 13:53:57 CST 2023] Registered
[Wed Mar 29 13:53:57 CST 2023] _accUri='https://acme-v02.api.letsencrypt.org/acme/acct/1032715997'
[Wed Mar 29 13:53:57 CST 2023] Calc CA_KEY_HASH='25BMexWmOFIHFteYp2ftXge4YND7UfQj0nl7U0F4ia8='
[Wed Mar 29 13:53:57 CST 2023] ACCOUNT_THUMBPRINT='gWY5QCF1-wnQHM4lNe4XJu3-EA37tfAV9JNnELutfMw'
[Wed Mar 29 13:53:57 CST 2023] Read key length:2048
[Wed Mar 29 13:53:57 CST 2023] Creating domain key
[Wed Mar 29 13:53:57 CST 2023] Using config home:/usr/local/acme.sh
[Wed Mar 29 13:53:57 CST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Wed Mar 29 13:53:57 CST 2023] Use length 2048
[Wed Mar 29 13:53:57 CST 2023] Using RSA: 2048
[Wed Mar 29 13:53:57 CST 2023] The domain key is here: [1;32m/usr/local/nginx/conf/ssl/www.xxx.com/www.xxx.com.key[0m
[Wed Mar 29 13:53:57 CST 2023] _createcsr
[Wed Mar 29 13:53:57 CST 2023] Multi domain='DNS:www.xxx.com,DNS:xxx.com,DNS:*.xxx.com'
[Wed Mar 29 13:53:57 CST 2023] Getting domain auth token for each domain
[Wed Mar 29 13:53:57 CST 2023] d='xxx.com'
[Wed Mar 29 13:53:57 CST 2023] d='*.xxx.com'
[Wed Mar 29 13:53:57 CST 2023] d
[Wed Mar 29 13:53:57 CST 2023] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed Mar 29 13:53:57 CST 2023] payload='{"identifiers": [{"type":"dns","value":"www.xxx.com"},{"type":"dns","value":"xxx.com"},{"type":"dns","value":"*.xxx.com"}]}'
[Wed Mar 29 13:53:58 CST 2023] POST
[Wed Mar 29 13:53:58 CST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed Mar 29 13:53:58 CST 2023] _CURL='curl --silent --dump-header /usr/local/acme.sh/http.header  -L '
[Wed Mar 29 13:53:58 CST 2023] _ret='0'
[Wed Mar 29 13:53:58 CST 2023] code='400'
[Wed Mar 29 13:53:58 CST 2023] Le_LinkOrder
[Wed Mar 29 13:53:58 CST 2023] Le_OrderFinalize
[Wed Mar 29 13:53:58 CST 2023] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Error creating new order :: Domain name \"www.xxx.com\" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.",
  "status": 400
}
[Wed Mar 29 13:53:58 CST 2023] pid
[Wed Mar 29 13:53:58 CST 2023] No need to restore nginx, skip.
[Wed Mar 29 13:53:58 CST 2023] _clearupdns
[Wed Mar 29 13:53:58 CST 2023] dns_entries
[Wed Mar 29 13:53:58 CST 2023] skip dns.
[Wed Mar 29 13:53:58 CST 2023] _on_issue_err
[Wed Mar 29 13:53:58 CST 2023] Please check log file for more details: /usr/local/acme.sh/acme.sh.log

-----------------------------------------------------------------------------------
acme.sh.log

licess · 发表于 2023-3-30 08:16:33

33to9 发表于 2023-3-29 15:31
[Wed Mar 29 13:53:54 CST 2023] Running cmd: issue
[Wed Mar 29 13:53:54 CST 2023] _main_domain='www.x ...

Error creating new order :: Domain name \"www.xxx.com\" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.

泛域名ssl不能包含www的域名，www本身就是二级域名已经在 *.xxx.com 里面了

33to9 · 发表于 2023-3-30 10:26:13

licess 发表于 2023-3-30 08:16
Error creating new order :: Domain name \"www.xxx.com\" is redundant with a wildcard domain in the ...

好的，我删除重新装了一下，没加泛域名，这次成功了~感谢

		自动登录	找回密码
密码			注册

www.xxx.com.conf配置文件中没有ssl的配置

军哥运维代购：http://shop63846532.taobao.com/

军哥运维代购：http://shop63846532.taobao.com/