NGINX HTTPS服务器 - SSL_ERROR_BAD_CERT_DOMAIN
问题描述:
我有一个运行在EC2实例上的NGINX服务器,并且我正在该服务器上实现HTTPS。我在另一个网站上生成SSL证书并将其放在我的服务器上。重新启动服务器,它仍然运行正常,但有两个问题(我的域名是hbesco.com.br,这是我为证书申请提供的常用名称):NGINX HTTPS服务器 - SSL_ERROR_BAD_CERT_DOMAIN
它并未作为默认HTTPS进入它适用于HTTP。另外,如果我像https://hbesco.com.br一样强制它,那就OK了。但对于https://www.hbesco.com.br,它给了我以下错误:
无法与对等方安全通信:请求的域名与服务器的证书不匹配。 HTTP严格传输安全:假HTTP公共密钥钢钉:假证书链:----- BEGIN CERTIFICATE -----(...)
我NGINX网站可用/默认设置为波纹管:
server {
listen 443 default_server;
ssl on;
ssl_certificate /usr/share/nginx/certificado-2048/CertificadoSSL.crt;
ssl_certificate_key /usr/share/nginx/certificado-2048/CertificadoSSL.key;
server_name hbesco.com.br;
passenger_enabled on;
rails_env production;
root /home/ubuntu/hybrazil/current/public;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name hbesco.com.br;
passenger_enabled on;
rails_env production;
root /home/ubuntu/hybrazil/current/public;
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
任何想法为什么当我输入“hbesco.com.br”它首先为http,为什么当它有www之前,它给了我那个错误?
答
It doesn't enter as HTTPS as default, it goes for HTTP
您需要添加一个重写规则,迫使游客从HTTP重定向到https:
server {
listen 80;
server_name hbesco.com.br;
rewrite ^ https://$server_name$request_uri? permanent;
}
Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
这意味着,只有在hbesco.com.br证书中列出。你可以用任何ssl检查器检查它。