Curl 连接到example.com时出现未知SSL协议错误
更新letsencrypt证书后,我的网站出现了一个问题。 我试图调试Nginx,但是日志是清楚的。但它是有效的。看来我没有选择重新安装我的服务器。救命啊Curl 连接到example.com时出现未知SSL协议错误,curl,nginx,lets-encrypt,Curl,Nginx,Lets Encrypt,更新letsencrypt证书后,我的网站出现了一个问题。 我试图调试Nginx,但是日志是清楚的。但它是有效的。看来我没有选择重新安装我的服务器。救命啊 curl --no-sessionid -I -vvvv --tlsv1.2 -qv -3 https://example.com/ * Trying 176.9.92.134... * TCP_NODELAY set * Connected to site.com (999.9.9.999) port 443 (#0) * ALPN,
curl --no-sessionid -I -vvvv --tlsv1.2 -qv -3 https://example.com/
* Trying 176.9.92.134...
* TCP_NODELAY set
* Connected to site.com (999.9.9.999) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /Users/user/anaconda3/ssl/cacert.pem
CApath: none
* SSLv3 (OUT), TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to example.ru:443
* Curl_http_done: called premature == 1
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to example.com:443
openssl的一些检查
Nginx配置
`服务器{
听99.99.99.99:443;
server_name example.com
ssl_trusted_certificate /var/www/example/ca.cer;
ssl_certificate /var/www/example/fullchain.cer;
ssl_certificate_key /var/www/example/example.com.key;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /var/www/example/example_dhparam.pem;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_stapling on;
ssl_stapling_verify on;
resolver 127.0.0.1 8.8.8.8;
location /.well-known/ {
alias /var/www/example/ssl/.well-known/;
}
location / {
alias /var/www/example/index.html;
}
}`
难道不是吗
server {
listen 443 ssl;
server_name example.com;
...
}
从参考资料来看
要配置HTTPS服务器,ssl参数必须为
在服务器块中的侦听套接字上启用,并且
应指定服务器证书和私钥文件>的位置
你能分享一下你在nginx中的配置吗?在https部分…或者你可以参考我更新的问题中的nginx配置-tlsv1.2要求TLS 1.2-3要求SSLv3。它们是互斥的,你自己决定吧!有什么区别?
server {
listen 443 ssl;
server_name example.com;
...
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate www.example.com.crt;
ssl_certificate_key www.example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
...
}