{"id":51324,"date":"2020-12-28T13:00:05","date_gmt":"2020-12-28T05:00:05","guid":{"rendered":"http:\/\/www.zhushiyao.com\/?p=51324"},"modified":"2022-04-14T14:42:39","modified_gmt":"2022-04-14T06:42:39","slug":"ssl%e5%ae%89%e5%85%a8%e8%af%81%e4%b9%a6%e8%bf%87%e6%9c%9f%e5%af%bc%e8%87%b4%e7%bd%91%e7%ab%99%e8%ae%bf%e9%97%ae%e5%87%ba%e7%8e%b0%e4%b8%8d%e5%ae%89%e5%85%a8%e9%97%ae%e9%a2%98","status":"publish","type":"post","link":"http:\/\/www.zhushiyao.com\/?p=51324","title":{"rendered":"ssl\u5b89\u5168\u8bc1\u4e66\u8fc7\u671f\u5bfc\u81f4\u7f51\u7ad9https\u8bbf\u95ee\u51fa\u73b0\u4e0d\u5b89\u5168\u95ee\u9898"},"content":{"rendered":"\n

\u5927\u560e\u597d\uff0c\u534a\u540a\u5b50\u8fd0\u7ef4\u53c8\u51fa\u73b0\u4e86\u3002<\/p>\n\n\n\n

\u4e00\u4e2a\u7f51\u7ad9\uff0c\u7528\u5f97\u597d\u597d\u7684\uff0c\u5ffd\u7136\u8bf4\u4e0d\u5b89\u5168\u4e86\u3002\u767b\u4e0a\u53bb\u4e00\u770b\uff0c\u679c\u7136\u4e0d\u5b89\u5168\u3002<\/p>\n\n\n\n

\u663e\u793aNET::ERR_CERT_DATE_INVALID<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u8d76\u7d27\u767b\u5f55\u5230\u670d\u52a1\u5668\u4e0a\u770b\u4e00\u770b\u662f\u600e\u4e48\u80a5\u4e8b<\/p>\n\n\n\n

\u5f97\u77e5\u662fnginx\u7684\u642d\u7684\u670d\u52a1\u5668<\/p>\n\n\n\n

nginx -t \u770b\u4e00\u4e0b<\/p>\n\n\n\n

\u518d\u770b\u4e00\u4e0b \/etc\/nginx\/nginx.conf\uff0c \u5565\u4e5f\u6ca1\u6709\uff0c\u518d\u4ed4\u7ec6\u7784\u4e00\u4e0b\u539f\u6765\u653e\u5728 include \/etc\/nginx\/conf.d\/*.conf;<\/p>\n\n\n\n

server
\n {
\n listen 80;<\/p>\n\n\n\n

            listen [::]:80;\n\n            server_name sub.xxx.com;\n\n            location \/ {\n                    return 301 https:\/\/sub.xxx.com$request_uri;\n            }\n    access_log \/data\/logs\/www.log main;\n            error_log \/data\/logs\/www_error.log error;<\/code><\/pre>\n\n\n\n
}<\/p>\n\n\n\n
server
\n    {
\n        listen 443 ssl http2;
\n        server_name sub.xxx.com;
\n        index index.php index.html;
\n        root \/data\/wwwroot\/xxxxxx;<\/p>\n\n\n\n
    location \/ {\n        rewrite ^\/$ \/index.php last;\n        if (!-e $request_filename) {\n            rewrite \"^\/(.*)$\" \/index.php\/$1 last;\n        }\n    }\n\n    location ~ ^(.+\\\\.php)(.*)$ {\n\n        fastcgi_connect_timeout 300;\n        fastcgi_send_timeout 300;\n        fastcgi_read_timeout 300;\n\n        fastcgi_pass 127.0.0.1:9000;\n        fastcgi_index index.php;\n        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n        include fcgi.conf;\n    }\n    location ~ .*\\.(gif|jpg|jpeg|png|bmp|swf)$\n    {\n        expires      30d;\n        access_log off;\n    }\n\n    location ~ .*\\.(js|css)?$\n    {\n        expires      12h;\n        access_log off;\n    }\n    location \/_log {\n       autoindex on;\n       autoindex_localtime on;\n    }\n    access_log \/data\/logs\/www.log main;\n            error_log \/data\/logs\/www_error.log error;\n            ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;\nssl_certificate \/etc\/letsencrypt\/live\/sub.xxx.com\/fullchain.pem; # managed by Certbot\nssl_certificate_key \/etc\/letsencrypt\/live\/sub.xxx.com\/privkey.pem; # managed by Certbot<\/code><\/pre>\n\n\n\n
}<\/p>\n\n\n\n
\u770b\u6765\u7528\u7684\u662fLet’s Encrypt\u514d\u8d39SSL\u8bc1\u4e66\uff0c\u8fd9\u4e2a\u8bc1\u4e66\u6709\u4e2a\u9ebb\u70e6\u4e00\u70b9\u7684\u5730\u65b9\u5c31\u662f90\u5929\u8fc7\u671f\uff0c\u770b\u6765\u81ea\u4ece\u4e0a\u6b21\u66f4\u65b0\u4e4b\u540e\u5df2\u7ecf\u670990\u5929\u4e86\uff0c\u6240\u4ee5\u8fc7\u671f\u4e86\u3002<\/p>\n\n\n\n
\u627e\u5230\u539f\u56e0\u5c31\u597d\u529e\u4e86\uff0c\u5c06\u8bc1\u4e66\u7eed\u671f\u4e00\u4e0b\u5b8c\u4e8b\u3002<\/p>\n\n\n\n
\u53d1\u73b0\u539f\u6765\u8fd0\u7ef4\u4f7f\u7528\u4e86 certbot \uff0c\u90a3\u5c31\u66f4\u7b80\u5355\u4e86\u3002<\/p>\n\n\n\n
# certbot certificates \u770b\u4e00\u4e0b\uff0c\u679c\u7136\u6709\u76f8\u5e94\u7684\u8bc1\u4e66<\/p>\n\n\n\n
\u90a3\u5c31\u7528certbot \u66f4\u65b0\u4e00\u4e0b\u8bc1\u4e66 renew \uff0c\u6210\u529f\u5b8c\u6210\u3002<\/p>\n\n\n\n
\u5982\u679c\u663e\u793a\u4e0d\u6210\u529f\uff0c\u9700\u8981\u5148\u6682\u505c nginx  (systemctl stop nginx.service)<\/p>\n\n\n\n
# certbot renew
\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\n<\/p>\n\n\n\n
\n\n\n\n
Processing \/etc\/letsencrypt\/renewal\/sub.xxx.com.conf<\/p>\n\n\n\n
\n\n\n\n
Cert is due for renewal, auto-renewing\u2026
\nPlugins selected: Authenticator nginx, Installer nginx
\nStarting new HTTPS connection (1): acme-v02.api.letsencrypt.org
\nRenewing an existing certificate
\nPerforming the following challenges:
\nhttp-01 challenge for sub.xxx.com
\nWaiting for verification\u2026
\nCleaning up challenges<\/p>\n\n\n\n
\n\n\n\n
new certificate deployed with reload of nginx server; fullchain is
\n\/etc\/letsencrypt\/live\/sub.xxx.com\/fullchain.pem<\/p>\n\n\n\n
\n\n\n\n
\n\n\n\n
Processing \/etc\/letsencrypt\/renewal\/xxx.com.conf<\/p>\n\n\n\n
\n\n\n\n
Cert is due for renewal, auto-renewing\u2026
\nPlugins selected: Authenticator nginx, Installer nginx
\nStarting new HTTPS connection (1): acme-v02.api.letsencrypt.org
\nRenewing an existing certificate
\nPerforming the following challenges:
\nhttp-01 challenge for xxx.com
\nWaiting for verification\u2026
\nCleaning up challenges<\/p>\n\n\n\n
\n\n\n\n
new certificate deployed with reload of nginx server; fullchain is
\n\/etc\/letsencrypt\/live\/xxx.com\/fullchain.pem<\/p>\n\n\n\n
\n\n\n\n
\n\n\n\n
Congratulations, all renewals succeeded. The following certs have been renewed:
\n  \/etc\/letsencrypt\/live\/sub.xxx.com\/fullchain.pem (success)
\n  \/etc\/letsencrypt\/live\/xxx.com\/fullchain.pem (success)<\/p>\n\n\n\n
\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
\u53c2\u8003\u6587\u7ae0\uff1a https:\/\/www.liaosam.com\/use-cron-service-and-certbot-for-renewal-of-letsencrypt-ssl-certificates.html<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\u5927\u560e\u597d\uff0c\u534a\u540a\u5b50\u8fd0\u7ef4\u53c8\u51fa\u73b0\u4e86\u3002 \u4e00\u4e2a\u7f51\u7ad9\uff0c\u7528\u5f97\u597d\u597d\u7684\uff0c\u5ffd\u7136\u8bf4\u4e0d\u5b89\u5168\u4e86\u3002\u767b\u4e0a\u53bb\u4e00\u770b\uff0c\u679c\u7136\u4e0d\u5b89\u5168\u3002 \u663e\u793aNET::E … \u7ee7\u7eed\u9605\u8bfb\u201cssl\u5b89\u5168\u8bc1\u4e66\u8fc7\u671f\u5bfc\u81f4\u7f51\u7ad9https\u8bbf\u95ee\u51fa\u73b0\u4e0d\u5b89\u5168\u95ee\u9898\u201d<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[5,1011,373],"_links":{"self":[{"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=\/wp\/v2\/posts\/51324"}],"collection":[{"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=51324"}],"version-history":[{"count":9,"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=\/wp\/v2\/posts\/51324\/revisions"}],"predecessor-version":[{"id":61186,"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=\/wp\/v2\/posts\/51324\/revisions\/61186"}],"wp:attachment":[{"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=51324"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=51324"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.zhushiyao.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=51324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}