我采用了一个必须为子域更新证书的系统。 例如,系统中有两个不同的域。
该计算机是具有 Ubunutu 16.04.4(xenial)的根系统。 Web服务器是 Nginx 1.12.2
我已使用certbot更新了证书,并重定向了子域的符号链接,因为该证书包含展位域。
然后我意识到子项目中的Web文件夹为空。有默认的起始页。
Web文件夹 / var / www / clients / client0 / web5 / web 外观
我找不到子项目(GitLab)中的代码以及被删除的东西。 在我续订证书之前,域sub.MainProject.de可以运行,但是没有SSL。现在它具有SSL,但是显示默认的空白页面,并显示文本“ Welcome to your website!”。
我在GitLab存储库的位置( / var / opt / gitlab / git-data )中找到了,但是没有index.html,可以在Nginx配置中链接根目录
这是我从命令中得到的简化历史记录。
vim /etc/letsencrypt/renewal/sub.MainProject.de.conf
vim /var/log/letsencrypt/letsencrypt.log
vim /etc/letsencrypt/live/sub.MainProject.de/
/etc/init.d/nginx restart
lsb_release -a
sudo apt-get update
sudo certbot renew --dry-run
sudo apt-get install software-properties-common
cd /etc/nginx/
sudo add-apt-repository ppa:certbot/certbot
sudo certbot --nginx
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo certbot --nginx certonly
service nginx restart
cd /var/www/sub.MainProject.de/ssl/
sudo ln -sf /etc/letsencrypt/live/MainProject.de/chain.pem sub.MainProject.de-le.bundle
sudo ln -sf /etc/letsencrypt/live/MainProject.de/fullchain.pem sub.MainProject.de-le.crt
sudo ln -sf /etc/letsencrypt/live/MainProject.de/privkey.pem sub.MainProject.de-le.key
service nginx restart
vim /etc/nginx/sites-available/sub.MainProject.de.vhost
cd /var/www/clients/client0/web5/
cd web/
ls -l
cd /etc/nginx/sites-available/
vim sub.MainProject.de.vhost
service nginx restart
cd /var/www/clients/client0/web5/
vim index.html
cd /var/opt/gitlab/git-data/repositories/MainProject/
cd /etc/gitlab/
vim gitlab.rb
sudo gitlab-ctl restart nginx
sudo gitlab-ctl restart status
sudo gitlab-ctl reconfigure
service nginx restart
sudo gitlab-ctl start
service nginx restart
sudo gitlab-ctl status
我在 /etc/nginx/sites-available/sub.MainProject.de.vhost 中的vhost文件
server {
listen *:80;
listen *:443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /var/www/clients/client0/web5/ssl/sub.MainProject.de-le.crt;
ssl_certificate_key /var/www/clients/client0/web5/ssl/sub.MainProject.de-le.key;
server_name sub.MainProject.de ;
root /var/www/sub.MainProject.de/web/;
if ($scheme != "https") {
rewrite ^ https://$http_host$request_uri? permanent;
}
index index.html index.htm index.php index.cgi index.pl index.xhtml;
location ~ \.shtml$ {
ssi on;
}
error_page 400 /error/400.html;
error_page 401 /error/401.html;
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 405 /error/405.html;
error_page 500 /error/500.html;
error_page 502 /error/502.html;
error_page 503 /error/503.html;
recursive_error_pages on;
location = /error/400.html {
internal;
}
location = /error/401.html {
internal;
}
location = /error/403.html {
internal;
}
location = /error/404.html {
internal;
}
location = /error/405.html {
internal;
}
location = /error/500.html {
internal;
}
location = /error/502.html {
internal;
}
location = /error/503.html {
internal;
}
error_log /var/log/ispconfig/httpd/sub.MainProject.de/error.log;
access_log /var/log/ispconfig/httpd/sub.MainProject.de/access.log combined;
location ~ /\. {
deny all;
}
location ^~ /.well-known/acme-challenge/ {
access_log off;
log_not_found off;
root /usr/local/ispconfig/interface/acme/;
autoindex off;
index index.html;
try_files $uri $uri/ =404;
}
location = /favicon.ico {
log_not_found off;
access_log off;
expires max;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location /stats/ {
index index.html index.php;
auth_basic "Members Only";
auth_basic_user_file /var/www/clients/client0/web5/web//stats/.htpasswd_stats;
}
location ^~ /awstats-icon {
alias /usr/share/awstats/icon;
}
location ~ \.php$ {
try_files /ee974d31eec46bbdc066e78824e61f10.htm @php;
}
location @php {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/lib/php7.0-fpm/web5.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
location /cgi-bin/ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
root /var/www/clients/client0/web5;
gzip off;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
fastcgi_index index.cgi;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
}
感谢帮助!