让';s加密获得A级和x2B级;在ssllabs.com上。此服务器';的证书链不完整。等级上限为B。
我正在尝试使用lighttpd和AcmeTiny脚本为我的站点获得A级。以下步骤:让';s加密获得A级和x2B级;在ssllabs.com上。此服务器';的证书链不完整。等级上限为B。,ssl,encryption,https,ssl-certificate,lighttpd,Ssl,Encryption,Https,Ssl Certificate,Lighttpd,我正在尝试使用lighttpd和AcmeTiny脚本为我的站点获得A级。以下步骤: 创建一个让我们加密帐户私钥: openssl genrsa 4096>帐户密钥 为域(单个域)创建证书签名请求(CSR) openssl genrsa 4096>域密钥 openssl-req-new-sha256-key-domain.key-subc”/CN=mysitehere.com>domain.csr 使网站承载挑战文件 mkdir/var/www/.well-known/acme challenge
$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
ssl.pemfile = "/root/letsencrypt/mysitehere.pem"
ssl-ca-file = "/root/letsencrypt/chained.pem"
ssl.dh-file = "/root/letsencrypt/dhparams/dhparams.pem"
ssl.cipher-list = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA "
ssl.honor-cipher-order = "enable"}
一切似乎都很好。https正在工作
在SSLLAB上测试此设置并获得B级
证书-100%
协议支持-100%
密钥交换-90%
密码强度-90%
此服务器的证书链不完整。连锁问题不完整
提供的证书1(1532字节)
由服务器mysitehere.com发送指纹SHA1:e0f6d98733915
额外下载让我们加密授权X1
信任存储中DST根CA X3自签名
如何使文件mysitehere.pem正确地避免从let's encrypt site额外下载,并从SSLLAB获得a级
谢谢大家!
sslca文件
应该是ssl.ca文件
谢谢您的关注!多么不幸的打字错误!问题解决了!很乐意帮忙!花时间正确设置SSL值得称赞。