我有一个旧的子域名:api.example.com
和一个ssl认证(现在我正在使用letsencrypt
和nginx
)。然后我为它internship.example.com
创建了一个新的子域,并为它生成了一个新的ssl认证。但是当我在网站上查看时,它会显示以下错误:
Certificate does not match name internship.example.com
。在网站上,SSL公用名是:Common Name = api.example.com
但是当我通过命令在服务器上显示公用名时:
sudo openssl x509 -noout -in /etc/letsencrypt/live/internship.example.com/fullchain.pem -subject -issuer -dates
这是正确的:
subject= /CN=internship.example.com
issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
notBefore=Apr 13 01:02:00 2017 GMT
notAfter=Jul 12 01:02:00 2017 GMT
这是nginx配置文件:
server {
listen 443 ssl;
server_name internship.example.com;
#root /usr/share/nginx/html;
#index index.html index.htm;
ssl on;
ssl_certificate /etc/letsencrypt/live/internship.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/internship.example.com/privkey.pem;
location / {
proxy_pass http://localhost:4000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
那为什么它在网站上不正确?有人可以帮我解释一下吗?