服务器:Ubuntu 16.04 Xenial上的Nginx
由于证书问题,我们的网站刚刚“崩溃”:
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/letsencrypt/keys/0000_key-certbot.pem") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
nginx: configuration file /etc/nginx/nginx.conf test failed
在虚拟主机中,我们有以下几行:
ssl_certificate_key /etc/letsencrypt/keys/0003_key-certbot.pem;
ssl_certificate /etc/letsencrypt/live/[domain]/fullchain.pem;
在检查/etc/letsencrypt/keys/文件夹时,我找到了这些结果
/etc/letsencrypt/keys # ls -la
total 40
drwx------ 2 root root 4096 Jul 5 15:33 .
drwxr-xr-x 11 root root 4096 Apr 18 10:58 ..
-rw------- 1 root root 1704 Apr 18 11:01 0000_key-certbot.pem
-rw------- 1 root root 1708 Jan 31 14:37 0000_key-letsencrypt.pem
-rw------- 1 root root 1704 Apr 18 11:18 0001_key-certbot.pem
-rw------- 1 root root 1704 Jan 31 14:37 0001_key-letsencrypt.pem
-rw------- 1 root root 1704 Apr 18 11:19 0002_key-certbot.pem
-rw------- 1 root root 1708 Feb 2 11:47 0002_key-letsencrypt.pem
-rw------- 1 root root 1708 Jun 17 12:01 0003_key-certbot.pem
-rw------- 1 root root 1704 Jul 5 15:33 0004_key-certbot.pem
(3)虚拟主机文件全部引用0000_key-certbot.pem后,将其更改为0003_key-certbot.pem网站再次正常工作。
我们如何防止网站每90天崩溃一次?
答案 0 :(得分:3)
在键入此内容时,我认为我找到了解决方案,我不应该使用
ssl_certificate_key /etc/letsencrypt/keys/0003_key-certbot.pem;
ssl_certificate /etc/letsencrypt/live/[domain]/fullchain.pem;
但是
ssl_certificate_key /etc/letsencrypt/live/[domain]/privkey.pem;
ssl_certificate /etc/letsencrypt/live/[domain]/fullchain.pem;
希望这有助于某人