我在 Ubuntu Server 14.04 上安装了最新的 nginx 版本。我托管了几个域,现在我正尝试在所有域上实施 letsencrypt。我已经有一个带有 comodo 证书的域,我们称之为domainone.com,它运行良好。我已经设置了第二个域,比如domaintwo.com``` with letsencrypt, but when I try to access thedomaintwo.com via HTTPS I get the content fromdomainone.com` 和无效证书警告。
以下是两个域的 nginx 配置:
domainone.com:
server {
listen 80;
server_name domainone.com www.domainone.com;
rewrite ^ https://www.domainone.com$request_uri? permanent;
}
server {
listen 443 ssl http2;
server_name domainone.com www.domainone.com;
root /usr/share/nginx/domainone.com/html;
index index.php index.html index.htm;
include /etc/nginx/snippets/ssl-params.conf;
include /etc/nginx/snippets/ssl-domainone.com.conf;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ /.well-known {
allow all;
}
...
}
domaintwo.com:
server {
listen 80;
listen [::]:80;
server_name domaintwo.com www.domaintwo.com;
return 301 https://www.domaintwo.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include /etc/nginx/snippets/ssl-domaintwo.com.conf;
include /etc/nginx/snippets/ssl-params.conf;
root /usr/share/nginx/domaintwo.com/html;
index index.php index.html index.htm;
location ~ /.well-known {
allow all;
}
...
}
Nginx 版本:
$ nginx -V
nginx version: nginx/1.10.1
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
...
我错过了什么?
答案1
您的 domaintwo.com 服务器没有 server_name 声明:
server_name domaintwo.com www.domaintwo.com;
因此,当 HTTPS 请求进入时,Nginx 会选择第一个支持 HTTPS 的域。
我有一个Nginx/Let's Encrypt 教程那可能会有用。