SSL 证书未更新

tag-icon tag-icon nginx docker ssl-certificate
SSL 证书未更新

我之前的 SSL 证书刚刚过期。

在此处输入图片描述

我尝试从 AliCloud 和 sslforfree.com 购买另一个免费 SSL 证书。我很确定我已经在服务器中安装了正确的证书。但是当我在 Mac 上测试它时(www.10studio.tech),则始终显示旧证书。

清除浏览历史记录没有帮助。

有人能证实它是否只对我有用吗?我该怎么办?

编辑1:

我使用 docker 和 nginx。在 nginx 和 sslforfree.com 中,我有以下内容my_server_block.conf

server {
  listen  3002;
  absolute_redirect off;
  root  /app;

  location = / {
    rewrite ^(.*)$ https://$http_host/docs/introduction redirect;
  }
    
  location / {
    try_files $uri $uri/ =404;
  }
}

server {
  listen  3001 ssl;

  ssl_certificate      /certs/whole.crt;
  ssl_certificate_key  /certs/private.key;

  ssl_session_cache    shared:SSL:1m;
  ssl_session_timeout  5m;

  ssl_ciphers  HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers  on;

  location / {
    proxy_pass http://localhost:3002;
    proxy_redirect off;
    proxy_set_header Host $host:$server_port;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Ssl on;
  }
}

docker-compose.yml

version: "3"
services:
  docusaurus:
    image: bitnami/nginx:1.16
    restart: always
    volumes:
    - ./build:/app
    - ./certs:/certs:ro
    - ./my_server_block.conf:/opt/bitnami/nginx/conf/server_blocks/my_server_block.conf:ro
    ports:
    - "3001:3001"
    - "3002:3002"

nginx.conf

# Based on https://www.nginx.com/resources/wiki/start/topics/examples/full/#nginx-conf
# user              www www;  ## Default: nobody

worker_processes  auto;
error_log         "/opt/bitnami/nginx/logs/error.log";
pid               "/opt/bitnami/nginx/tmp/nginx.pid";

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    log_format    main '$remote_addr - $remote_user [$time_local] '
                       '"$request" $status  $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';
    access_log    "/opt/bitnami/nginx/logs/access.log";
    add_header    X-Frame-Options SAMEORIGIN;

    client_body_temp_path  "/opt/bitnami/nginx/tmp/client_body" 1 2;
    proxy_temp_path        "/opt/bitnami/nginx/tmp/proxy" 1 2;
    fastcgi_temp_path      "/opt/bitnami/nginx/tmp/fastcgi" 1 2;
    scgi_temp_path         "/opt/bitnami/nginx/tmp/scgi" 1 2;
    uwsgi_temp_path        "/opt/bitnami/nginx/tmp/uwsgi" 1 2;

    sendfile           on;
    tcp_nopush         on;
    tcp_nodelay        off;
    gzip               on;
    gzip_http_version  1.0;
    gzip_comp_level    2;
    gzip_proxied       any;
    gzip_types         text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
    keepalive_timeout  65;
    ssl_protocols      TLSv1 TLSv1.1 TLSv1.2;

    include  "/opt/bitnami/nginx/conf/server_blocks/*.conf";

    # HTTP Server
    server {
        # port to listen on. Can also be set to an IP:PORT
        listen  8080;

        location /status {
            stub_status on;
            access_log   off;
            allow 127.0.0.1;
            deny all;
        }
    }
}

答案1

显而易见的是,您必须在更新 TLS 证书后重新加载/重新启动您的 Web 服务器。

看起来您正在使用 docker-compose,但您的容器似乎尚未更新,因为您的 nginx 版本报告为 1.9.4,而您似乎要求的是 1.16.x。考虑使用以下方法强制更新:

docker-compose up --force-recreate --build -d

答案2

验证该位置的证书是否正确。假设您已正确重新启动 nginx,并且没有其他配置覆盖您提供的配置,则 nginx 必须加载该位置的证书。也许您将证书放在主机上的该目录中,而不是 Docker 映像中的该目录中?

相关内容