問(wèn)題描述

瀏覽器報(bào)錯(cuò)信息

Nginx配置

問(wèn)題解答

你不會(huì)是用IP地址直接訪問(wèn)的吧？ 證書證明的是域名，一定要用證書綁定的域名訪問(wèn)。

nginx啟動(dòng)不報(bào)錯(cuò)？

nginx -t看了沒，還有日志沒記錄么

證書是對(duì)域名簽發(fā)的，你用ip訪問(wèn)當(dāng)然會(huì)出現(xiàn)這樣的情況呀，因?yàn)檎也坏絀P 對(duì)應(yīng)的證書啊！

數(shù)字證書的路徑要使用絕對(duì)路徑，例如：

ssl_certificate /usr/local/nginx/ssl/enginx.net.crt; ssl_certificate_key /usr/local/nginx/ssl/enginx.net.key;

還有server_name不能用127.0.0.1，請(qǐng)使用域名，例如：

server_name enginx.net;

以下是我的SSL配置文件：

ssl on; ssl_certificate /usr/local/nginx/ssl/enginx.net.crt; ssl_certificate_key /usr/local/nginx/ssl/enginx.net.key; ssl_buffer_size 16k; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:DES-CBC3-SHA; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache builtin:20480 shared:SSL:10m; ssl_session_timeout 1h; ssl_stapling on; ssl_session_tickets on;