我正在尝试生成LetsEncrypt证书文件,并且正在使用以下命令:
./certbot-auto --config /etc/letsencrypt/configs/milhas.brau.io.conf certonly
文件正确生成,但是在“ curl”命令中显示以下消息:
curl: (51) SSL: no alternative certificate subject name matches target host name 'milhasplus.brau.io'
milhas.brau.io.conf
# the domain we want to get the cert for;
# technically it's possible to have multiple of this lines, but it only worked
# with one domain for me, another one only got one cert, so I would recommend
# separate config files per domain.
domains = milhas.brau.io
# increase key size
rsa-key-size = 2048 # Or 4096
# the current closed beta (as of 2015-Nov-07) is using this server
server = https://acme-v01.api.letsencrypt.org/directory
# this address will receive renewal reminders
email = braulio@braulioti.com.br
# turn off the ncurses UI, we want this to be run as a cronjob
text = True
# authenticate by placing a file in the webroot (under .well-known/acme-challenge/)
# and then letting LE fetch it
authenticator = webroot
webroot-path = /var/www/letsencrypt/
NGINX配置文件
server {
listen 443 ssl default_server;
server_name milhas.brau.io;
ssl_certificate /etc/letsencrypt/live/milhas.brau.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/milhas.brau.io/privkey.pem;
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
location / {
proxy_pass https://80.241.208.103:8084/;
}
}
卷曲结果
$ curl -v https://milhasplus.brau.io/autenticacao/docs/termo_uso
* Trying 80.241.208.103...
* TCP_NODELAY set
* Connected to milhasplus.brau.io (80.241.208.103) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: PROFILE=SYSTEM
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=milhas.brau.io
* start date: Aug 25 10:28:56 2018 GMT
* expire date: Nov 23 10:28:56 2018 GMT
* subjectAltName does not match milhasplus.brau.io
* SSL: no alternative certificate subject name matches target host name 'milhasplus.brau.io'
* stopped the pause stream!
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (51) SSL: no alternative certificate subject name matches target host name 'milhasplus.brau.io'
谢谢