我的/ etc / nginx / sites-enabled / default文件:
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name omp.kolebor.ru;
location = / {
try_files $uri $uri/ =404;
}
location / {
try_files $uri /test/$uri /test/index.html;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/omp.kolebor.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/omp.kolebor.ru/privkey.pem;
ssl_client_certificate /etc/letsencrypt/live/omp.kolebor.ru/ca2.crt;
ssl_verify_client on;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = omp.kolebor.ru) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name omp.kolebor.ru;
return 404; # managed by Certbot
}
当我执行"nginx -t"时,我收到错误:
nginx:[emerg] SSL_CTX_load_verify_locations(“/ etc / letsencrypt / live / omp.kolebor.ru / ca2.crt”)失败(SSL:)
我多次检查了路径的正确性,这是正确的。
我不明白为什么括号中没有错误(SSL:???)
也许证书ca2.crt不正确?
答案 0 :(得分:0)
我尝试从命令创建新的crt:
openssl req -new -newkey rsa:1024 -nodes -keyout ca.key -x509 -days 500 -subj / C = RU / ST = Moscow / L = Moscow / O = company / OU = User / CN = etc /emailAddress=support@site.com -out ca.crt
并使用此证书。