时间戳

首页 > 解决方案 > 在没有“www”的情况下访问时将证书添加到我的站点

ssl - 在没有“www”的情况下访问时将证书添加到我的站点

问题描述

我的域名是:www.nace.network

我的网络服务器是(包括版本): nginx 版本:nginx/1.15.8

我的网络服务器运行的操作系统是(包括版本):Ubuntu 14.04.6 LTS

我可以登录到我机器上的 root shell(是或否,或者我不知道):是

我的客户端版本是(例如 certbot --version 或 certbot-auto --version 的输出,如果您使用的是 Certbot): certbot 0.31.0

最近我能够为我的网站更新我的证书,我可以通过 www.nace.network 访问它,但是当不使用“www”访问我的网站时,它会向我发送“警告:潜在的安全风险”警报,以何种方式我可以修吗?这是我的 nginx 文件的内容:

server {
listen 8080 default_server;
listen [::]:8080 default_server ipv6only=on;
server_name www.nace.network;
root /home/ubuntu/nace/public; #could maybe change this to dummy location like /nul
location / {
return 301 https://$host$request_uri;
}#location
}#server

server {
  listen [::]:443 ssl ipv6only=on; # managed by Certbot
  listen 443 ssl; # managed by Certbot
  server_name www.nace.network;
  passenger_enabled on;
  rails_env production;
  root /home/ubuntu/nace/public;
  # redirect server error pages to the static page /50x.html
  error_page 500 502 503 504 /50x.html;
  location / {
   deny 46.229.168.0;
   deny 51.68.152.0;
  }#locatoin
  location = /50x.html {
  root html;
  }#location
  ssl_certificate /etc/letsencrypt/live/www.nace.network/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/www.nace.network/privkey.pem; # managed by Certbot

  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

}#server

当时我用这个命令更新证书:

ubuntu@ip-112-33-0-224:~/letsencrypt$ sudo -H ./letsencrypt-auto certonly --standalone -d nace.network -d www.nace.network

这就是结果

./letsencrypt-auto has insecure permissions!
To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/
/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a release (2.7.7+) that supports hmac.compare_digest as soon as possible.
  utils.PersistentlyDeprecated2018,
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nace.network
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

我试图将证书与命令结合起来:certbot certonly -t -n --standalone --expand --rsa-key-size 4096 --agree-tos -d www.nace.network,nace.network

但它向我抛出了以下内容:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Attempting to parse the version 0.39.0 renewal configuration file found at /etc/letsencrypt/renewal/www.nace.network.conf with version 0.31.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nace.network
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

标签: sslnginxssl-certificatelets-encrypt

解决方案

证书上配置了哪些名称?

您好,再次查看您的配置,我注意到您没有没有 www 的服务器名称。

你可以按照这个Nginx no-www 到 www 和 www 到 no-www

或简单地将服务器名称编辑为没有“www”的名称,然后将其重定向到 www.yourdomain.stuff

推荐阅读