VPS侦探论坛

 找回密码
 注册
查看: 1612|回复: 13

www.xxx.com.conf配置文件中没有ssl的配置

[复制链接]
发表于 2023-3-28 00:23:32 | 显示全部楼层 |阅读模式


通过lnmp1.9一键安装后发现
www.xxx.com.conf配置文件中没有ssl的配置

即只有listen 80的配置,而listen 443的配置没有,导致也无法通过https访问,但证书的生成过程是OK的,路径是/usr/local/nginx/conf/ssl也没问题的,我把主域名和泛域名都申请了,有个www.xxx.com证书路径,也有xxx.com的证书路径
请问下是怎么回事?需要自己另外写入listen 443的配置吗?
美国VPS推荐: 遨游主机LinodeLOCVPS主机云搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
发表于 2023-3-28 08:36:14 | 显示全部楼层


复述一下你使用的什么命令及操作流程
你单独生成的泛域名ssl证书?
如果是用命令 lnmp onlyssl 模式下是只生成证书不生成配置文件的
如果添加过程报错也是不生成https站点配置的
Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org
发表于 2023-3-28 10:18:58 | 显示全部楼层

不知道和我的情况一样不一样
看提示生成的证书路径  /usr/local/nginx/conf/ssl/www.***.cn_ecc/www.***.cn.key
但是www.***.cn.conf里配置的证书路径是 /usr/local/nginx/conf/ssl/www.***.cn/www.***.cn.key
自己vim www.***.cn.conf修改证书路径添加 _ecc,搞定
美国VPS推荐: 遨游主机LinodeLOCVPS主机云搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
发表于 2023-3-28 10:22:46 | 显示全部楼层



如果没有配置,那就奇怪了,我的倒是正常配置,就只是路径不对
  1. listen 443 ssl http2;
  2. #listen [::]:443 ssl http2;
  3. server_name www.***.cn ***.cn;
复制代码
Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org
 楼主| 发表于 2023-3-28 10:53:41 | 显示全部楼层

licess 发表于 2023-3-28 08:36
复述一下你使用的什么命令及操作流程
你单独生成的泛域名ssl证书?
如果是用命令 lnmp onlyssl 模式下是只 ...

我的操作是安装完lnmp后通过,lnmp add命令安装的.ssl证书也是在这个过程中完成的.添加过程并没有报错.
但确实在配置文件里不见443端口的ssl配置.
我也发传票问过主机商,他们并没限制443端口.

补充内容 (2023-3-28 14:11):
仔细看了下,ssl/下面缺少公钥,即没有拉到证书文件ssl_certificate /usr/local/nginx/conf/ssl/www.xxx.com/fullchain.cer

军哥运维代购:http://shop63846532.taobao.com/

发表于 2023-3-28 16:36:26 | 显示全部楼层

wangpaishi 发表于 2023-3-28 10:18
不知道和我的情况一样不一样
看提示生成的证书路径  /usr/local/nginx/conf/ssl/www.***.cn_ecc/www.***.cn ...

带_ecc的证书是有问题的,是不会生成https站点配置文件的,按置顶帖修复一下
 楼主| 发表于 2023-3-28 18:50:23 | 显示全部楼层

licess 发表于 2023-3-28 16:36
带_ecc的证书是有问题的,是不会生成https站点配置文件的,按置顶帖修复一下 ...

准备自己写个conf,但# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
这一行我看ssl下面没有dhparam.pem存在了,这个要怎么处理呢?
美国VPS推荐: 遨游主机LinodeLOCVPS主机云搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
 楼主| 发表于 2023-3-28 18:53:00 | 显示全部楼层

全部如下:
server
    {
        listen 443 ssl http2;
        #listen [::]:443 ssl http2;
        server_name www.xxx.com xxx.com;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/www.xxx.com;

        ssl_certificate /usr/local/nginx/conf/ssl/www.xxx.com/www.xxx.com.csr;
        ssl_certificate_key /usr/local/nginx/conf/ssl/www.xxx.com/www.xxx.com.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
        ssl_session_cache builtin:1000 shared:SSL:10m;
        # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org
 楼主| 发表于 2023-3-28 23:48:37 | 显示全部楼层


licess 发表于 2023-3-28 08:36
复述一下你使用的什么命令及操作流程
你单独生成的泛域名ssl证书?
如果是用命令 lnmp onlyssl 模式下是只 ...

我目前给出的信息不够吗~

军哥运维代购:http://shop63846532.taobao.com/

发表于 2023-3-29 10:06:17 | 显示全部楼层



33to9 发表于 2023-3-28 18:50
准备自己写个conf,但# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
        ssl_ ...

# 后面就是生成命令,这就是特意添加的
 楼主| 发表于 2023-3-29 13:56:54 | 显示全部楼层

licess 发表于 2023-3-29 10:06
# 后面就是生成命令,这就是特意添加的


重新安装了一遍系统,拉证书的时候报错了,这个是啥错误~?

2023-03-29 13:53:53 (279 KB/s) - 'latest.tar.gz' saved [270092/270092]

[Wed Mar 29 13:53:53 CST 2023] It is recommended to install socat first.
[Wed Mar 29 13:53:53 CST 2023] We use socat for standalone server if you use standalone mode.
[Wed Mar 29 13:53:53 CST 2023] If you don't use standalone mode, just ignore this warning.
[Wed Mar 29 13:53:53 CST 2023] Installing to /usr/local/acme.sh
[Wed Mar 29 13:53:53 CST 2023] Installed to /usr/local/acme.sh/acme.sh
[Wed Mar 29 13:53:53 CST 2023] Installing alias to '/root/.bashrc'
[Wed Mar 29 13:53:53 CST 2023] OK, Close and reopen your terminal to start using acme.sh
[Wed Mar 29 13:53:53 CST 2023] Installing cron job
no crontab for root
no crontab for root
[Wed Mar 29 13:53:53 CST 2023] Good, bash is found, so change the shebang to use bash as preferred.
[Wed Mar 29 13:53:54 CST 2023] OK
Add acme.sh upgrade crontab rule...
Restarting cron (via systemctl): cron.service.
Generate ssl certificate using Let's Encrypt...
[Wed Mar 29 13:53:55 CST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 29 13:53:55 CST 2023] Create account key ok.
[Wed Mar 29 13:53:55 CST 2023] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 29 13:53:57 CST 2023] Registered
[Wed Mar 29 13:53:57 CST 2023] ACCOUNT_THUMBPRINT='gWY5QCF1-wnQHM4lNe4XJu3-EA37tfAV9JNnELutfMw'
[Wed Mar 29 13:53:57 CST 2023] Creating domain key
[Wed Mar 29 13:53:57 CST 2023] The domain key is here: /usr/local/nginx/conf/ssl/www.xxx.com/www.xxx.com.key
[Wed Mar 29 13:53:57 CST 2023] Multi domain='DNS:www.xxx.com,DNS:xxx.com,DNS:*.xxx.com'
[Wed Mar 29 13:53:57 CST 2023] Getting domain auth token for each domain
[Wed Mar 29 13:53:58 CST 2023] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Error creating new order :: Domain name \"www.xxx.com\" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.",
  "status": 400
}
[Wed Mar 29 13:53:58 CST 2023] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
Generate SSL Certificate failed!
================================================
Virtualhost infomation:
Your domain: www.xxx.com
Home Directory: /home/wwwroot/www.xxx.com
Rewrite: wordpress
Enable log: no
Create database: no
Create ftp account: no
Enable SSL: yes
  =>Let's Encrypt
IPv6 Support: Disabled
----
 楼主| 发表于 2023-3-29 15:31:25 | 显示全部楼层

[Wed Mar 29 13:53:54 CST 2023] Running cmd: issue
[Wed Mar 29 13:53:54 CST 2023] _main_domain='www.xxx.com'
[Wed Mar 29 13:53:54 CST 2023] _alt_domains='xxx.com,*.xxx.com'
[Wed Mar 29 13:53:54 CST 2023] Using config home:/usr/local/acme.sh
[Wed Mar 29 13:53:54 CST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Wed Mar 29 13:53:54 CST 2023] DOMAIN_PATH='/usr/local/nginx/conf/ssl/www.xxx.com'
[Wed Mar 29 13:53:54 CST 2023] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 29 13:53:54 CST 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 29 13:53:54 CST 2023] GET
[Wed Mar 29 13:53:54 CST 2023] url='https://acme-v02.api.letsencrypt.org/directory'
[Wed Mar 29 13:53:54 CST 2023] timeout=
[Wed Mar 29 13:53:54 CST 2023] _CURL='curl --silent --dump-header /usr/local/acme.sh/http.header  -L '
[Wed Mar 29 13:53:55 CST 2023] ret='0'
[Wed Mar 29 13:53:55 CST 2023] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Wed Mar 29 13:53:55 CST 2023] ACME_NEW_AUTHZ
[Wed Mar 29 13:53:55 CST 2023] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed Mar 29 13:53:55 CST 2023] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Wed Mar 29 13:53:55 CST 2023] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Wed Mar 29 13:53:55 CST 2023] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'
[Wed Mar 29 13:53:55 CST 2023] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Mar 29 13:53:55 CST 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 29 13:53:55 CST 2023] _on_before_issue
[Wed Mar 29 13:53:55 CST 2023] _chk_main_domain='www.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] _chk_alt_domains='xxx.com,*.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] Le_LocalAddress
[Wed Mar 29 13:53:55 CST 2023] d='www.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] Check for domain='www.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] _currentRoot='/home/wwwroot/www.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] d='xxx.com'
[Wed Mar 29 13:53:55 CST 2023] Check for domain='xxx.com'
[Wed Mar 29 13:53:55 CST 2023] _currentRoot='/home/wwwroot/www.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] d='*.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] Check for domain='*.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] _currentRoot='/home/wwwroot/www.xxx.com'
[Wed Mar 29 13:53:55 CST 2023] d
[Wed Mar 29 13:53:55 CST 2023] config file is empty, can not read CA_KEY_HASH
[Wed Mar 29 13:53:55 CST 2023] Using config home:/usr/local/acme.sh
[Wed Mar 29 13:53:55 CST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Wed Mar 29 13:53:55 CST 2023] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 29 13:53:55 CST 2023] length='2048'
[Wed Mar 29 13:53:55 CST 2023] Using config home:/usr/local/acme.sh
[Wed Mar 29 13:53:55 CST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Wed Mar 29 13:53:55 CST 2023] Use length 2048
[Wed Mar 29 13:53:55 CST 2023] Using RSA: 2048
[Wed Mar 29 13:53:55 CST 2023] Create account key ok.
[Wed Mar 29 13:53:55 CST 2023] RSA key
[Wed Mar 29 13:53:55 CST 2023] config file is empty, can not read CA_EAB_KEY_ID
[Wed Mar 29 13:53:55 CST 2023] config file is empty, can not read CA_EAB_HMAC_KEY
[Wed Mar 29 13:53:55 CST 2023] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 29 13:53:55 CST 2023] url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Wed Mar 29 13:53:55 CST 2023] payload='{"contact": ["mailto:cn33to9@gmail.com"], "termsOfServiceAgreed": true}'
[Wed Mar 29 13:53:56 CST 2023] HEAD
[Wed Mar 29 13:53:56 CST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Wed Mar 29 13:53:56 CST 2023] _CURL='curl --silent --dump-header /usr/local/acme.sh/http.header  -L  -I  '
[Wed Mar 29 13:53:56 CST 2023] _ret='0'
[Wed Mar 29 13:53:56 CST 2023] POST
[Wed Mar 29 13:53:56 CST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Wed Mar 29 13:53:56 CST 2023] _CURL='curl --silent --dump-header /usr/local/acme.sh/http.header  -L '
[Wed Mar 29 13:53:57 CST 2023] _ret='0'
[Wed Mar 29 13:53:57 CST 2023] code='201'
[Wed Mar 29 13:53:57 CST 2023] Registered
[Wed Mar 29 13:53:57 CST 2023] _accUri='https://acme-v02.api.letsencrypt.org/acme/acct/1032715997'
[Wed Mar 29 13:53:57 CST 2023] Calc CA_KEY_HASH='25BMexWmOFIHFteYp2ftXge4YND7UfQj0nl7U0F4ia8='
[Wed Mar 29 13:53:57 CST 2023] ACCOUNT_THUMBPRINT='gWY5QCF1-wnQHM4lNe4XJu3-EA37tfAV9JNnELutfMw'
[Wed Mar 29 13:53:57 CST 2023] Read key length:2048
[Wed Mar 29 13:53:57 CST 2023] Creating domain key
[Wed Mar 29 13:53:57 CST 2023] Using config home:/usr/local/acme.sh
[Wed Mar 29 13:53:57 CST 2023] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Wed Mar 29 13:53:57 CST 2023] Use length 2048
[Wed Mar 29 13:53:57 CST 2023] Using RSA: 2048
[Wed Mar 29 13:53:57 CST 2023] The domain key is here: /usr/local/nginx/conf/ssl/www.xxx.com/www.xxx.com.key
[Wed Mar 29 13:53:57 CST 2023] _createcsr
[Wed Mar 29 13:53:57 CST 2023] Multi domain='DNS:www.xxx.com,DNS:xxx.com,DNS:*.xxx.com'
[Wed Mar 29 13:53:57 CST 2023] Getting domain auth token for each domain
[Wed Mar 29 13:53:57 CST 2023] d='xxx.com'
[Wed Mar 29 13:53:57 CST 2023] d='*.xxx.com'
[Wed Mar 29 13:53:57 CST 2023] d
[Wed Mar 29 13:53:57 CST 2023] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed Mar 29 13:53:57 CST 2023] payload='{"identifiers": [{"type":"dns","value":"www.xxx.com"},{"type":"dns","value":"xxx.com"},{"type":"dns","value":"*.xxx.com"}]}'
[Wed Mar 29 13:53:58 CST 2023] POST
[Wed Mar 29 13:53:58 CST 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Wed Mar 29 13:53:58 CST 2023] _CURL='curl --silent --dump-header /usr/local/acme.sh/http.header  -L '
[Wed Mar 29 13:53:58 CST 2023] _ret='0'
[Wed Mar 29 13:53:58 CST 2023] code='400'
[Wed Mar 29 13:53:58 CST 2023] Le_LinkOrder
[Wed Mar 29 13:53:58 CST 2023] Le_OrderFinalize
[Wed Mar 29 13:53:58 CST 2023] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Error creating new order :: Domain name \"www.xxx.com\" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.",
  "status": 400
}
[Wed Mar 29 13:53:58 CST 2023] pid
[Wed Mar 29 13:53:58 CST 2023] No need to restore nginx, skip.
[Wed Mar 29 13:53:58 CST 2023] _clearupdns
[Wed Mar 29 13:53:58 CST 2023] dns_entries
[Wed Mar 29 13:53:58 CST 2023] skip dns.
[Wed Mar 29 13:53:58 CST 2023] _on_issue_err
[Wed Mar 29 13:53:58 CST 2023] Please check log file for more details: /usr/local/acme.sh/acme.sh.log

-----------------------------------------------------------------------------------
acme.sh.log

Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org
发表于 2023-3-30 08:16:33 | 显示全部楼层
33to9 发表于 2023-3-29 15:31
[Wed Mar 29 13:53:54 CST 2023] Running cmd: issue
[Wed Mar 29 13:53:54 CST 2023] _main_domain='www.x ...

Error creating new order :: Domain name \"www.xxx.com\" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.

泛域名ssl不能包含www的域名,www本身就是二级域名已经在 *.xxx.com 里面了
美国VPS推荐: 遨游主机LinodeLOCVPS主机云搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
 楼主| 发表于 2023-3-30 10:26:13 | 显示全部楼层
licess 发表于 2023-3-30 08:16
Error creating new order :: Domain name \"www.xxx.com\" is redundant with a wildcard domain in the  ...

好的,我删除重新装了一下,没加泛域名,这次成功了~感谢

军哥运维代购:http://shop63846532.taobao.com/

您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|VPS侦探 ( 鲁ICP备16040043号-1 )

GMT+8, 2024-11-21 23:25 , Processed in 0.030027 second(s), 18 queries .

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表