Nginx

‘SSL_ERROR_INTERNAL_ERROR_ALERT’ 使用 Let’s Encrypt & Nginx

  • July 28, 2016

我已經執行我的 Nginx Web 伺服器將近一周了,突然之間,它開始拋出這個/defaultsite錯誤(僅使用 HTTPS)並在使用 HTTP 時重定向到。網站連結是https://leakkiller.com,如果你想看看自己會發生什麼。我也嘗試過清除瀏覽器記憶體。我的域名註冊商是 1&1(我一生中最大的錯誤),但我將數字海洋用於 VPS,因此我通過它們路由我的 DNS。您可以在下面找到我的 nginx 伺服器塊。

server {
   listen 80 default_server;
   listen [::]:80 default_server;
   server_name leakkiller.com www.leakkiller.com;
   return 301 https://$host$request_uri;
}

server {
   listen 443 ssl;
   listen [::]:80 ssl ipv6only=on;

   ssl_certificate /etc/letsencrypt/live/leakkiller.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/leakkiller.com/privkey.pem;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_dhparam /etc/ssl/certs/dhparam.pem;
   ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
   ssl_session_timeout 1d;
   ssl_session_cache shared:SSL:50m;
   ssl_stapling on;
   ssl_stapling_verify on;
   add_header Strict-Transport-Security max-age=15768000;

   resolver 8.8.8.8 8.8.4.4;

   charset UTF-8;

   root /usr/share/nginx/html;
   index index.php index.html index.htm;

   location / {
       try_files $uri $uri/index.php;
   }

   location ~ /.well-known {
       allow all;
   }

   location /phpmyadmin {
       satisfy any;
       allow 127.0.0.1;
       deny all;
       auth_basic "Authentication Required";
       auth_basic_user_file /etc/nginx/aith_basic/phpadminpass;
       index index.php;
   }

   error_page 404 /404.html;
   error_page 500 502 503 504 /50x.html;
   location = /50x.html {
       root /usr/share/nginx/html;
   }

   location ~ \.php$ {
       try_files $uri =404;
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       fastcgi_pass unix:/var/run/php5-fpm.sock;
       fastcgi_index index.php;
       include fastcgi_params;
   }
}

我要麼按照 ceejayoz 的建議被 MITMed,要麼我的 ISP (AT&T) 在提出這個問題時遇到了問題。

引用自:https://serverfault.com/questions/792340

相關問答

Nginx

遷移到新伺服器時是否需要或建議保留 SSL 證書?

  • May 23, 2021
檢視問答
Nginx

Laravel Forge/LetsEncrypt SSL 錯誤“SSL_ERROR_NO_CYPHER_OVERLAP”

  • May 2, 2019
檢視問答
Nginx

安裝 LetsEncrypt SSL 時出錯: (http-01): urn:acme:error:connection :: 伺服器無法連接到客戶端以驗證域

  • October 11, 2018
檢視問答
Nginx

讓我們加密 Nginx 無法辨識的證書

  • April 11, 2017
檢視問答
Nginx

ssl_verify_client 用於除某些路徑之外的所有路徑

  • December 27, 2016
檢視問答
Nginx

複製使用 Cloudflare for SSL 的網路伺服器後如何解決“400 Bad Request”?

  • November 9, 2022
檢視問答