Nginx

‘SSL_ERROR_INTERNAL_ERROR_ALERT’ 使用 Let’s Encrypt & Nginx

  • July 28, 2016

我已經執行我的 Nginx Web 伺服器將近一周了,突然之間,它開始拋出這個/defaultsite錯誤(僅使用 HTTPS)並在使用 HTTP 時重定向到。網站連結是https://leakkiller.com,如果你想看看自己會發生什麼。我也嘗試過清除瀏覽器記憶體。我的域名註冊商是 1&1(我一生中最大的錯誤),但我將數字海洋用於 VPS,因此我通過它們路由我的 DNS。您可以在下面找到我的 nginx 伺服器塊。

server {
   listen 80 default_server;
   listen [::]:80 default_server;
   server_name leakkiller.com www.leakkiller.com;
   return 301 https://$host$request_uri;
}

server {
   listen 443 ssl;
   listen [::]:80 ssl ipv6only=on;

   ssl_certificate /etc/letsencrypt/live/leakkiller.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/leakkiller.com/privkey.pem;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_dhparam /etc/ssl/certs/dhparam.pem;
   ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
   ssl_session_timeout 1d;
   ssl_session_cache shared:SSL:50m;
   ssl_stapling on;
   ssl_stapling_verify on;
   add_header Strict-Transport-Security max-age=15768000;

   resolver 8.8.8.8 8.8.4.4;

   charset UTF-8;

   root /usr/share/nginx/html;
   index index.php index.html index.htm;

   location / {
       try_files $uri $uri/index.php;
   }

   location ~ /.well-known {
       allow all;
   }

   location /phpmyadmin {
       satisfy any;
       allow 127.0.0.1;
       deny all;
       auth_basic "Authentication Required";
       auth_basic_user_file /etc/nginx/aith_basic/phpadminpass;
       index index.php;
   }

   error_page 404 /404.html;
   error_page 500 502 503 504 /50x.html;
   location = /50x.html {
       root /usr/share/nginx/html;
   }

   location ~ \.php$ {
       try_files $uri =404;
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       fastcgi_pass unix:/var/run/php5-fpm.sock;
       fastcgi_index index.php;
       include fastcgi_params;
   }
}

我要麼按照 ceejayoz 的建議被 MITMed,要麼我的 ISP (AT&T) 在提出這個問題時遇到了問題。

引用自:https://serverfault.com/questions/792340