ssl认证:公共名称在服务器上是正确的但在网站上不正确

时间:2017-04-13 02:44:01

标签: ssl nginx

我有一个旧的子域名:api.example.com和一个ssl认证(现在我正在使用letsencryptnginx)。然后我为它internship.example.com创建了一个新的子域,并为它生成了一个新的ssl认证。但是当我在网站上查看时,它会显示以下错误:

Certificate does not match name internship.example.com。在网站上,SSL公用名是:Common Name = api.example.com但是当我通过命令在服务器上显示公用名时:

sudo openssl x509 -noout -in /etc/letsencrypt/live/internship.example.com/fullchain.pem -subject -issuer -dates

这是正确的:

subject= /CN=internship.example.com
issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
notBefore=Apr 13 01:02:00 2017 GMT
notAfter=Jul 12 01:02:00 2017 GMT

这是nginx配置文件:

server {
   listen 443 ssl;
   server_name internship.example.com;
   #root /usr/share/nginx/html;
   #index index.html index.htm;

   ssl on;
   ssl_certificate /etc/letsencrypt/live/internship.example.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/internship.example.com/privkey.pem;

   location / {
          proxy_pass http://localhost:4000;
                      proxy_http_version 1.1;
                      proxy_set_header Upgrade $http_upgrade;
                      proxy_set_header Connection 'upgrade';
                      proxy_set_header Host $host;
                      proxy_cache_bypass $http_upgrade;
   }
}

那为什么它在网站上不正确?有人可以帮我解释一下吗?

0 个答案:

没有答案