尝试访问时出现问题https://betterexaminations.ie,我收到拒绝连接的消息,但是当我通过 ip 尝试时,它工作正常,(https://) 46.137.41.29。
您知道可能是什么问题吗?
这是我的 nginx 配置:
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
passenger_root /var/lib/gems/1.8/gems/passenger-3.0.12;
passenger_ruby /usr/bin/ruby1.8;
server {
listen 443;
server_name betterexaminations.ie;
root /var/rails/papers/public/;
passenger_enabled on;
ssl on;
ssl_certificate /var/rails/papers/certs/csr/thawte/certificate.bundle.cert;
ssl_certificate_key /var/rails/papers/certs/csr/www.betterexaminations.ie.key;
ssl_verify_depth 3;
}
server {
listen 80;
server_name betterexaminations.ie;
root /var/rails/papers/public/;
passenger_enabled on;
}
}
我在 Nginx 日志或 rails 日志中没有发现任何有趣的错误。
有任何想法吗?
编辑:
nmap -sT -r -n -p443 betterexaminations.ie
输出:
Starting Nmap 5.21 ( http://nmap.org ) at 2012-11-29 01:01 UTC
Nmap scan report for betterexaminations.ie (46.137.41.29)
Host is up (0.0022s latency).
PORT STATE SERVICE
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds
答案1
DNS 配置不正确:
$ host -t A betterexaminations.ie
betterexaminations.ie has address 54.247.125.236
现在看起来还不错:
$ host -t A betterexaminations.ie
betterexaminations.ie has address 46.137.41.29
证书看起来没问题:
$ echo ""|openssl s_client -connect 46.137.41.29:443|openssl x509 -subject -issuer -dates -noout
depth=2 C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA
verify error:num=20:unable to get local issuer certificate
verify return:0
DONE
subject= /OU=Go to https://www.thawte.com/repository/index.html/OU=Thawte SSL123 certificate/OU=Domain Validated/CN=betterexaminations.ie
issuer= /C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA
notBefore=Nov 17 00:00:00 2012 GMT
notAfter=Nov 17 23:59:59 2013 GMT