[英]SSL NGINX Wont Load
I'm trying to set up SSL with NGINX. 我正在尝试使用NGINX设置SSL。
It worked with port 80 before changing to 443 and adding file paths. 在更改为443并添加文件路径之前,它使用端口80。
I genereated the csr and key. 我生成了csr和密钥。
openssl req -new -newkey rsa:2048 -nodes -keyout example_com.key -out example_com.csr
I followed this guide and this guide and have received my crt and ca-bundle from Namecheap/Comodo. 我遵循了本指南和本指南 ,并从Namecheap / Comodo获得了我的crt和ca-bundle。
I combined the files for NGINX: 我合并了NGINX的文件:
cat example_com.crt example_com.ca-bundle >> cert_chain.crt
and put in /etc/nginx/ssl/
. cat example_com.crt example_com.ca-bundle >> cert_chain.crt
并放入/etc/nginx/ssl/
。
Set Permission 设定权限
sudo mkdir /etc/nginx/ssl
sudo chown -R root:root /etc/nginx/ssl
sudo chmod -R 600 /etc/nginx/ssl
sudo ls -l
returns -rw------- 1 root root
sudo ls -l
返回-rw------- 1 root root
Sites-Available: 可用网站:
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/cert_chain.crt;
ssl_certificate_key /etc/nginx/ssl/example_com.key;
...
My /etc/nginx/nginx.conf
doesn't use any ports, thats all in the example.com sites-available. 我的
/etc/nginx/nginx.conf
不使用任何端口,仅在example.com网站可用。
When I reload NGINX: 当我重新加载NGINX时:
sudo systemctl reload nginx
or sudo systemctl restart nginx
sudo systemctl reload nginx
或sudo systemctl restart nginx
Job for nginx.service failed. See 'systemctl status nginx.service' and 'journalctl -xn' for details.
nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
Active: failed (Result: exit-code) since Sun 2017-03-26 22:16:54 UTC; 5h 8min ago
Process: 3998 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 3993 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=1/FAILURE)
Process: 3885 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 4000 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Main PID: 3888 (code=exited, status=0/SUCCESS)
I found the answer was to remove the extra linebreaks and whitespace in the cert, which was added by Comodo. 我发现答案是删除由Comodo添加的证书中多余的换行符和空格。
So that this 这样
...
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE REQUEST-----
...
Looks like this 看起来像这样
...
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE REQUEST-----
...
Also note that copy pasting into nano will insert extra whitespaces at the end of a line. 另请注意,将复制粘贴粘贴到nano上将在行尾插入额外的空格。 I used vim instead.
我改用vim。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.