my/etc/nginx/stites-enabled/默认文件:
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name omp.kolebor.ru;
location = / {
try_files $uri $uri/ =404;
}
location / {
try_files $uri /test/$uri /test/index.html;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/omp.kolebor.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/omp.kolebor.ru/privkey.pem;
ssl_client_certificate /etc/letsencrypt/live/omp.kolebor.ru/ca2.crt;
ssl_verify_client on;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = omp.kolebor.ru) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name omp.kolebor.ru;
return 404; # managed by Certbot
}
当我执行"nginx -t"时,我会出现错误:
nginx:[empry] ssl_ctx_load_verify_locations("/etc/letsencrypt/live/live/opp.kolebor.ru/ca2.crt"(失败(ssl:(
我检查了多次路径的正确性,这是正确的。
我不明白为什么括号中没有错误(SSL:???(
也许证书ca2.crt不正确?
我尝试从命令创建新CRT:
openssl req -new -new -newkey rsa:1024 -nodes -nodes -keyout ca.key -x509 -day 500 -subj/c = ru/st = ru/st =莫斯科/l =莫斯科/l =莫斯科/o = company/o = user/cn = etcn = etc/ememaildress = support@site.com -out ca.crt
它与此证书一起使用。