ssl - 在没有“www”的情况下访问时将证书添加到我的站点
问题描述
我的域名是:www.nace.network
我的网络服务器是(包括版本): nginx 版本:nginx/1.15.8
我的网络服务器运行的操作系统是(包括版本):Ubuntu 14.04.6 LTS
我可以登录到我机器上的 root shell(是或否,或者我不知道):是
我的客户端版本是(例如 certbot --version 或 certbot-auto --version 的输出,如果您使用的是 Certbot): certbot 0.31.0
最近我能够为我的网站更新我的证书,我可以通过 www.nace.network 访问它,但是当不使用“www”访问我的网站时,它会向我发送“警告:潜在的安全风险”警报,以何种方式我可以修吗?这是我的 nginx 文件的内容:
server {
listen 8080 default_server;
listen [::]:8080 default_server ipv6only=on;
server_name www.nace.network;
root /home/ubuntu/nace/public; #could maybe change this to dummy location like /nul
location / {
return 301 https://$host$request_uri;
}#location
}#server
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name www.nace.network;
passenger_enabled on;
rails_env production;
root /home/ubuntu/nace/public;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location / {
deny 46.229.168.0;
deny 51.68.152.0;
}#locatoin
location = /50x.html {
root html;
}#location
ssl_certificate /etc/letsencrypt/live/www.nace.network/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.nace.network/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}#server
当时我用这个命令更新证书:
ubuntu@ip-112-33-0-224:~/letsencrypt$ sudo -H ./letsencrypt-auto certonly --standalone -d nace.network -d www.nace.network
这就是结果
./letsencrypt-auto has insecure permissions!
To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/
/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a release (2.7.7+) that supports hmac.compare_digest as soon as possible.
utils.PersistentlyDeprecated2018,
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nace.network
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.
我试图将证书与命令结合起来:certbot certonly -t -n --standalone --expand --rsa-key-size 4096 --agree-tos -d www.nace.network,nace.network
但它向我抛出了以下内容:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Attempting to parse the version 0.39.0 renewal configuration file found at /etc/letsencrypt/renewal/www.nace.network.conf with version 0.31.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nace.network
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.
解决方案
证书上配置了哪些名称?
您好,再次查看您的配置,我注意到您没有没有 www 的服务器名称。
你可以按照这个Nginx no-www 到 www 和 www 到 no-www
或简单地将服务器名称编辑为没有“www”的名称,然后将其重定向到 www.yourdomain.stuff
推荐阅读
- algorithm - 为什么使用三元搜索来查找单峰函数的最大值/最小值?
- python-3.x - 你如何得到变量名而不是值?
- c - 错误:“sum10”的参数 1 的类型不兼容
- python - 由于 wkhtmltopdf 而返回代码为 2147942401 的任务调度程序
- r - 在 selectinput 中获取“ALL”值以使用多过滤器进行绘图(闪亮)
- python - 底图 Matplotlib 颜色栏
- next.js - 在同一文件中的其他路由中为特定的下一个连接路由应用中间件
- php - 我需要帮助将 html 模板转换为 wordpress 主题
- javascript - 如何使用反应钩子使用子组件中的按钮重新呈现父组件
- c - 如何编写包含在 C 中作为命令行参数给出的换行符的文本?