Nginx反向代理:未经授权的

agxfikkp  于 2023-06-05  发布在  Nginx
关注(0)|答案(1)|浏览(207)

我是Nginix的初学者,我遇到了下面的错误。帮帮我。首先,我的会议没有:

ssl_certificate /etc/ssl/certs/crt.crt; //generated by openssl
    ssl_certificate_key /etc/ssl/private/crt.key; //generated by openssl

在这种情况下,当在nginx中获取和安装我的证书时,会导致以下错误。enter image description here
因此,我使用openssl生成了ssl证书,并添加了ssl证书,如下面我的conf。
我的配置文件:

server {
    listen 80;
    server_tokens off;
    resolver 127.0.0.11 ipv6=off;
    server_name GENERIC-SUB-DOMAIN;
}

server {
    listen 443 ssl http2;
    server_name GENERIC-SUB-DOMAIN;
    server_tokens off;
    resolver 127.0.0.11 ipv6=off;
    proxy_pass_header Server;
    ssl_certificate /etc/ssl/certs/crt.crt; //generated by openssl
    ssl_certificate_key /etc/ssl/private/crt.key; //generated by openssl
    location / {
        set $do_not_cache 1;
        if ($request_uri ~* "\.(css|json|js|text|png|jpg|map|ico|svg|mp3|mp4|txt|jfproj|etx|pfa|fnt|vlw|woff|fot|ttf|sfd|pfb|vfb|otf|gxf|odttf|woff2|pf2|bf|ttc|chr|bdf|fon)") {
           set $do_not_cache 0;
        }
        proxy_http_version 1.1;
        proxy_pass http://localhost:9500;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_cache seocromom_cache;
        proxy_cache_valid 24h;
        proxy_cache_bypass $do_not_cache;
        proxy_no_cache $do_not_cache;
        proxy_cache_key "$host$uri$is_args$args";
        proxy_cache_lock on;
    }

}

现在,我看到下面的错误,我不知道为什么它是造成的:
输入PEM密码:
Certbot无法对某些域进行身份验证(身份验证器:nginx)。证书颁发机构报告了这些问题:域名:域名类型:未授权详细信息:ip:来自http://domain/. well-known/acme-challenge/60 NcdFtxVU 3D 8au-VAYtqbkg 8 meWXTqgorOxOqT-n9 E的无效响应:404
提示:证书颁发机构无法验证Certbot所做的临时nginx配置更改。确保列出的域指向此nginx服务器,并且可以从Internet访问。
输入PEM密码:一些挑战失败了。寻求帮助或在https://community.letsencrypt.org上搜索解决方案。有关详细信息,请参阅日志文件/var/log/letsencrypt/letsencrypt. log或使用-v重新运行Certbot。
我认为这可能是错的,但我的想法可能是错的。我想知道解决方案来修复我的Nginix配置。

ssl_certificate /etc/ssl/certs/crt.crt; //generated by openssl
ssl_certificate_key /etc/ssl/private/crt.key; //generated by openssl
ccgok5k5

ccgok5k51#

屏幕截图上的错误看起来像你添加

listen ... ssl;

但没有其他SSL指令(SSL_certificate,SSL_certificate_key,etc
进行简单的主机配置

server {
  server_name somedomain.tld;
  listen 80;
  access_log /var/log/nginx/host.access.log;
  error_log /var/log/nginx/host.error.log error;
  location ^~ /.well-known/acme-challenge/ {
    alias /var/www/html/.well-known/acme-challenge/;
  }
}

然后用**--dry-run**键启动certbot:

$ certbot --dry-run certonly --webroot -w /var/www/html --agree-tos -d

如果输出如下:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Simulating a certificate request for somedomain.tld
The dry run was successful.

不使用**--空运行**键进行尝试

相关问题