加入收藏 | 设为首页 | 会员中心 | 我要投稿 李大同 (https://www.lidatong.com.cn/)- 科技、建站、经验、云计算、5G、大数据,站长网!
当前位置: 首页 > 运营中心 > Nginx > 正文

nginx – 我的www子域名收到了SSL_ERROR_BAD_CERT_DOMAIN

发布时间:2020-12-13 21:16:55 所属栏目:Nginx 来源:网络整理
导读:服务器:Ubuntu,nginx. 我有一个域名example.com在namecheap.com注册并在DigitalOcean配置. 我有www子域名的CNAME记录: www.example.com. 1800 IN CNAME example.com. 这是我的/ etc / nginx / sites-enabled / default文件内容: # HTTP - redirect all re

服务器:Ubuntu,nginx.

我有一个域名example.com在namecheap.com注册并在DigitalOcean配置.
我有www子域名的CNAME记录:

www.example.com. 1800 IN CNAME example.com.

这是我的/ etc / nginx / sites-enabled / default文件内容:

# HTTP - redirect all requests to HTTPS
server {
    listen 80;
    listen [::]:80 default_server ipv6only=on;
    return 301 https://$host$request_uri;
}

# HTTPS - serve HTML from /usr/share/nginx/html,proxy requests to /parse/
# through to Parse Server

server {
    listen               80;
    server_name          www.example.com;

    return 301 https://example.com$request_uri;
}

server {
        listen 443;
        server_name example.com;

        root /home/example/website;
        index index.html index.htm;

        ssl on;
        # Use certificate and key provided by Let's Encrypt:
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

        # Config (http://www.westphahl.net/blog/2012/01/03/setting-up-https-with-nginx-and-startssl/)
        add_header Strict-Transport-Security max-age=31536000;
        add_header X-Frame-Options DENY;

        # Pass requests for /parse/ to Parse Server instance at localhost:1337
        location /parse/ {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://localhost:1337/;
                proxy_ssl_session_reuse off;
                proxy_set_header Host $http_host;
                proxy_redirect off;
        }

        location / {
                try_files $uri $uri/ =404;
        }

}

但是,当我尝试打开www.example.com时,Firefox会显示SSL_ERROR_BAD_CERT_DOMAIN“您的连接不安全”错误.

如何解决?

答案:感谢所有建议者,向www子域发布SSL证书就可以了.

这是Let’s Encrypt的命令:

./letsencrypt-auto certonly --standalone -d example.com -d www.example.com
从Chrome的警告页面输出

This server could not prove that it is www.example.com; its security certificate is from example.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

证书已发布到顶级域example.com,但不是子域www.exmample.com.

如果ssl发行人说他们应该给你www,请与他们联系以获取更多信息.

请注意,此警告来自SSL握手级别,并且在请求到达nginx服务器进行处理之前.

(编辑:李大同)

【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
    相关内容
      推荐文章
        站长推荐
        热点阅读

          【免责声明】本站内容转载自互联网,其发布内容言论不代表本站观点,如果其链接、内容的侵犯您的权益,烦请提交相关链接至邮箱bqsm@foxmail.com我们将及时予以处理。

          建议您使用1920×1080分辨率、谷歌浏览器Google Chrome、Microsoft Edge以获得本站的最佳浏览效果

          Copygight © 2008-2022 https://www.lidatong.com.cn/ All Rights Reserved. 李大同