2017-07-25 269 views
0

我有一個運行在EC2實例上的NGINX服務器,並且我正在該服務器上實現HTTPS。我在另一個網站上生成SSL證書並將其放在我的服務器上。重新啓動服務器,它仍然運行正常,但有兩個問題(我的域名是hbesco.com.br,這是我爲證書申請提供的常用名稱):NGINX HTTPS服務器 - SSL_ERROR_BAD_CERT_DOMAIN

它並未作爲默認HTTPS進入它適用於HTTP。另外,如果我像https://hbesco.com.br一樣強制它,那就OK了。但對於https://www.hbesco.com.br,它給了我以下錯誤:

無法與對等方安全通信:請求的域名與服務器的證書不匹配。 HTTP嚴格傳輸安全:假HTTP公共密鑰鋼釘:假證書鏈:----- BEGIN CERTIFICATE -----(...)

我NGINX網站可用/默認設置爲波紋管:

server { 
     listen 443 default_server; 

     ssl on; 
     ssl_certificate /usr/share/nginx/certificado-2048/CertificadoSSL.crt; 
     ssl_certificate_key /usr/share/nginx/certificado-2048/CertificadoSSL.key; 

     server_name hbesco.com.br; 
     passenger_enabled on; 
     rails_env production; 
     root   /home/ubuntu/hybrazil/current/public; 

     # redirect server error pages to the static page /50x.html 
     error_page 500 502 503 504 /50x.html; 
     location = /50x.html { 
      root html; 
     } 
} 

server { 
     listen 80; 

     server_name hbesco.com.br; 
     passenger_enabled on; 
     rails_env production; 
     root   /home/ubuntu/hybrazil/current/public; 

     # redirect server error pages to the static page /50x.html 
     error_page 500 502 503 504 /50x.html; 
     location = /50x.html { 
      root html; 
     } 
} 

任何想法爲什麼當我輸入「hbesco.com.br」它首先爲http,爲什麼當它有www之前,它給了我那個錯誤?

回答

1

It doesn't enter as HTTPS as default, it goes for HTTP

您需要添加一個重寫規則,迫使遊客從HTTP重定向到https:

server { 
     listen 80; 
     server_name hbesco.com.br; 
     rewrite ^ https://$server_name$request_uri? permanent; 
} 

Unable to communicate securely with peer: requested domain name does not match the server’s certificate.

這意味着,只有在hbesco.com.br證書中列出。你可以用任何ssl檢查器檢查它。

相關問題