我想让我的 Rails 应用程序 SSL 可用,但我无法配置它。
我使用的Let's encrypt是 SSL,服务器使用的是Nginx。还有openvpn由openvpn-安装。
这是我安装的步骤:
$ sudo service openvpnas stop
$ sudo service openvpn stop
$ sudo service nginx stop
$sudo ./certbot-auto certonly --standalone -d ganan-finance.com
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/ganan-finance.com.conf)
What would you like to do?
-------------------------------------------------------------------------------
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/acme/jose/jwa.py:110: DeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
signer = key.signer(self.padding, self.hash)
Performing the following challenges:
tls-sni-01 challenge for ganan-finance.com
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/ganan-finance.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/ganan-finance.com/privkey.pem
Your cert will expire on 2018-02-16. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
$ sudo service openvpnas start
$ sudo service openvpn start
$ sudo service nginx start
Nginx 配置
server {
listen 80;
listen 443 ssl;
server_name ganan-finance.com;
ssl_certificate /etc/letsencrypt/live/ganan-finance.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ganan-finance.com/privkey.pem;
}
和为什么没有挂锁显示此错误:
SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details:
ERROR: certificate common name 'tk2-207-13319.vs.sakura.ne.jp' doesn't match requested host name 'ganan-finance.com'.
Certificate valid through: Jun 30 20:40:44 2025 GMT
Certificate Issuer:
SSL Protocols Supported: TLSv1 TLSv1.1 TLSv1.2
我用过openvpn-安装安装openvpn。
我认为问题是由于混淆openvpn和Let's encrypt配置引起的。但我不知道如何解决这个问题。
我应该怎样修复该问题?