问题说明

同一台服务器上使用 certbot 为一个新网站添加 https 时,执行 certbot 可以成功配置 https ,但是浏览器访问时却提示 此网站无法提供安全连接 ,而且之前可以正常访问的网站(https)全部不可访问,提示同样的问题。

解决方法

在 certbot 生成的配置下添加如下代码

ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;

注释掉 certbot 生成的以下代码

include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

最终配置如下

listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/nideshop.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/nideshop.com/privkey.pem; # managed by Certbot
#    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;

标签: CentOS, Nginx