在 Startssl 注册好证书 nginx 下配置好生效后,firefox出现 对等端的证书已被废除。 (错误代码:sec_error_revoked_certificate)。其实并不是火狐不支持,而是自己没有配置好。
解决方法:
1
| wget https://startssl.com/certs/ca.crt
|
Description: This root CA is the root used for all Certificates and must be included in root stores. ↑
1
| wget https://startssl.com/certs/sca.server1.crt
|
下载Startssl Class 1的根证书 ↑
1
| cat server.crt ca.crt sca.server1.crt > servernew.crt
|
server.crt 是域名的证书,后面合并的俩文件是下载的Startssl根证书和Startssl Class1根证书
现在可以正常访问了。
https://daily.81810999.com/
nginx 站点配置文件如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
| server { listen 80; server_name daily.81810999.com; rewrite ^(.*) https://$server_name$1 permanent; } server { listen 443 ssl; server_name daily.81810999.com; ssl_certificate /root/server.crt; ssl_certificate_key /root/server.unsecure; root /www/web/daily_81810999_com/public_html; index index.html index.php index.htm; error_page 400 /errpage/400.html; error_page 403 /errpage/403.html; error_page 404 /errpage/404.html; error_page 503 /errpage/503.html; location ~ \.php$ { proxy_pass http://127.0.0.1:88; include naproxy.conf; } location ~ /\.ht { deny all; } location / { try_files $uri @apache; } location @apache { proxy_pass http://127.0.0.1:88; include naproxy.conf; } }
|