【发布时间】:2020-03-11 11:46:28
【问题描述】:
我想将 ssl 证书添加到我的 django 应用程序。我关注了tutorial,因此域的 nginx 配置已更改,但现在看起来生成的证书不正确。
certbot 修改前的 nginx conf
server {
listen 80;
listen [::]:80;
server_name doamin.com www.domain.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/poul3r/doamin.com;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
}
在 certbot 操作之后
server {
server_name doamin.com www.doamin.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/poul3r/doamin.com;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/doamin.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/doamin.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = doamin.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name doamin.com www.doamin.com;
return 404; # managed by Certbot
}
在letsencypt实施过程中我做错了什么或可能出了什么问题?
【问题讨论】:
-
您在 nginx 日志(错误和访问日志)中看到了什么?
-
@dirkgroten 来自 nginx 错误日志文件的日志看起来像“[error] 15715#15715: *73 在 SSL 握手时侦听 SSL 端口的服务器中没有定义“ssl_certificate”,客户端:X.X.X.X,服务器: 0.0.0.0:443"(X.X.X.X - 我的电脑 ip)。这是什么意思? “/etc/letsencrypt/live/doamin.com/fullchain.pem”路径后面有密钥文件。已生成并存在的所有证书文件。
标签: django nginx ssl-certificate lets-encrypt