Ssl 在不使用“;进行访问时,将证书添加到我的站点;www”;
我的域名是:www.nace.network 我的web服务器是(包括版本):nginx版本:nginx/1.15.8 我的web服务器运行的操作系统是(包括版本):Ubuntu 14.04.6 LTS 我可以登录到我机器上的根shell(是或否,或者我不知道):是 我的客户端的版本是(例如,如果您使用certbot,则输出certbot--version或certbot auto--version):certbot 0.31.0 最近,我能够为我的网站更新证书,我可以通过www.nace.network访问它,但当不使用“www”访问我的网站时,它会向我发送“警告:潜在安全风险”警报,我可以用什么方式修复它?这是我的nginx文件的内容:Ssl 在不使用“;进行访问时,将证书添加到我的站点;www”;,ssl,nginx,ssl-certificate,lets-encrypt,Ssl,Nginx,Ssl Certificate,Lets Encrypt,我的域名是:www.nace.network 我的web服务器是(包括版本):nginx版本:nginx/1.15.8 我的web服务器运行的操作系统是(包括版本):Ubuntu 14.04.6 LTS 我可以登录到我机器上的根shell(是或否,或者我不知道):是 我的客户端的版本是(例如,如果您使用certbot,则输出certbot--version或certbot auto--version):certbot 0.31.0 最近,我能够为我的网站更新证书,我可以通过www.nace.ne
server {
listen 8080 default_server;
listen [::]:8080 default_server ipv6only=on;
server_name www.nace.network;
root /home/ubuntu/nace/public; #could maybe change this to dummy location like /nul
location / {
return 301 https://$host$request_uri;
}#location
}#server
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name www.nace.network;
passenger_enabled on;
rails_env production;
root /home/ubuntu/nace/public;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location / {
deny 46.229.168.0;
deny 51.68.152.0;
}#locatoin
location = /50x.html {
root html;
}#location
ssl_certificate /etc/letsencrypt/live/www.nace.network/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.nace.network/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}#server
在使用以下命令续订证书时:
ubuntu@ip-112-33-0-224:~/letsencrypt$ sudo -H ./letsencrypt-auto certonly --standalone -d nace.network -d www.nace.network
./letsencrypt-auto has insecure permissions!
To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/
/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a release (2.7.7+) that supports hmac.compare_digest as soon as possible.
utils.PersistentlyDeprecated2018,
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nace.network
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.
certbot certonly-t-n--standalone--expand--rsa密钥大小4096--agree tos-d www.nace.network,nace.networkSaving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Attempting to parse the version 0.39.0 renewal configuration file found at /etc/letsencrypt/renewal/www.nace.network.conf with version 0.31.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nace.network
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.
证书上配置了哪些名称 您好,再次回顾您的配置,我注意到您没有一个没有www的服务器名称 你可以照这个做
或者简单地将服务器名称编辑为不带“www”的名称,然后将其重定向到www.yourdomain.stuff,在我使用此命令sudo-H./letsencrypt auto certonly--standalone-d nace.network-d www.nace.network续订证书时感谢您的回答,那么在我的情况下应该有4个服务器块吗?我在www.nace.network上有两个,在nace.network上还有两个?嗨,杰夫,第二名。一个块的服务器名称为www..nace.network,另一个块的服务器名称为nace.network,假设您将只使用https,这对我来说更有意义,第二个块我修改为服务器nace.network,但在访问nace.network时,它仍然向我显示了风险信息。我还缺少什么?您的证书仅包含
www.nace.networknace.network/etc/letsencrypt/live/nace.networkwww.nace.networklocation/.well-known/acme challenge/{root/var/www/challenges/;}webroot