无法使 Certbot 的通配符证书与 Nginx 服务器配合使用

无法使 Certbot 的通配符证书与 Nginx 服务器配合使用

我有一个支持多个子域的 Web 应用程序,但我找不到正确的 nginx 设置来使证书正常工作。

我已经用这个命令创建了 certbot 证书

sudo certbot--服务器https://acme-v02.api.letsencrypt.org/directory-d *.example.com --manual --preferred-challenges dns-01 certonly

然后我继续将 fullchain.pem 和 privkey.pem 文件复制到 /etc/nginx/ssl/namesite-wildcard 目录。

这是我的 sites-available 目录中包含的 nginx 配置文件:

server {    
    server_name nameSite.com www.nameSite.com;  //Main domain settings, not related to my problem
    
    location / {
            proxy_pass http://localhost:42069;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
     }

        location /api {
                proxy_pass http://localhost:5000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
     }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/nameSite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/nameSite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server{ 
    listen 443 ssl;  //THIS is the tricky section
    

    server_name *.nameSite.com;

        location / {
                proxy_pass http://localhost:42069;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
     }
    ssl_certificate /etc/nginx/ssl/nameSite-wildcard/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/nameSite-wildcard/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

}

server {
    if ($host ~ ^[^.]+\.nameSite\.com$) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = www.nameSite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = nameSite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;    server_name nameSite.com www.nameSite.com;
    return 404; # managed by Certbot
}

我必须指出,主域是使用以下命令自动认证的:

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

所以,最后,当我尝试浏览www.nameSite.com或 nameSite.com 所有内容都经过认证,但每当我尝试任何 *.nameSite.com 时,浏览器都会告诉我连接未加密。

感谢您的帮助。

相关内容