小贝子编程

您的连接不是私有的(此证书无法通过受信任的验证机构进行验证)



我很难为我的网站设置 Traefik 的"让我们加密"自动证书。它不断弹出错误消息:"您的连接不是私有的"。当我检查证书时,它看起来像屏幕截图上显示的

这个功能被特雷菲克破坏了吗?我怎样才能让它工作。我做错了什么吗?

这是我的traefik.toml文件:

defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
  [web.auth.basic]
  users = ["admin:$apr1$yhytIYv.$p0hPOLpt/NE9aAr7c1HsV1"]
[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "acme.json"
onDemand = true
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
entryPoint = "https"
  [acme.httpChallenge]
  entryPoint = "http"

另外,我以这种方式启动容器:

docker network create proxy
docker run -d 
  -v /var/run/docker.sock:/var/run/docker.sock 
  -v $PWD/traefik.toml:/traefik.toml 
  -v $PWD/acme.json:/acme.json 
  -p 80:80 
  -p 443:443 
  -l traefik.frontend.rule=Host:monitor.btcsha.com 
  -l traefik.port=8080 
  --network proxy 
  --name traefik 
  traefik:1.7-alpine --docker

好的,我以某种方式让它工作了。我认为问题是我必须删除旧的acme.json文件。然后当我创建一个新的时,我忘了给它一个"chmod 600 acme.json"

是的,伊兹是对的"caServer = "https://acme-v02.api.letsencrypt.org/directory"

现在它起作用了。因此,为了将来的参考,这是我的traefik.toml:

defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
  [web.auth.basic]
  users = ["admin:$apr1$yhytIYv.$p0hPOLpt/NE9aAr7c1HsV1"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "irmscher9@gmail.com"
storage = "acme.json"
onDemand = true
caServer = "https://acme-v02.api.letsencrypt.org/directory"
entryPoint = "https"
  [acme.httpChallenge]
   entryPoint = "http"

。我用以下命令启动 docker:

docker network create proxy
docker run -d 
  -v /var/run/docker.sock:/var/run/docker.sock 
  -v $PWD/traefik.toml:/traefik.toml 
  -v $PWD/acme.json:/acme.json 
  -p 80:80 
  -p 443:443 
  -l traefik.frontend.rule=Host:monitor.btcsha.com 
  -l traefik.port=8080 
  --network proxy 
  --name traefik 
  traefik:1.7-alpine --docker

您正在使用让我们加密暂存 ( caServer = "https://acme-staging-v02.api.letsencrypt.org/directory" ),因此根证书无效,这是预期行为。

请阅读 https://letsencrypt.org/docs/staging-environment/

要获得真正的证书,您需要使用 Let's Encrypt 生产端点 ( caServer = "https://acme-v02.api.letsencrypt.org/directory" ),这是 Traefik 中的默认设置。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium