CloudFlare 无效的 SSL 证书
CloudFlare Invalid SSL certificate
我有一个Laravel 8申请。
我不知道我错过了什么。我正在尝试在我的服务器中部署一个站点。
我不断得到:
无效的 SSL 证书
server {
listen 443;
ssl_certificate /etc/nginx/ssl/mybabies.app.crt;
ssl_certificate_key /etc/nginx/ssl/mybabies.app.key;
server_name mybabies.app www.mybabies.app;
root /home/bheng/mybabies/public;
index index.html index.htm index.php;
charset utf-8;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
client_max_body_size 500M;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
error_page 404 /index.php;
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc|woff2|woff)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
location / {
#limit_req zone=one burst=2 nodelay;
try_files $uri $uri/ /index.php?$query_string;
add_header 'Access-Control-Allow-Origin' '*';
}
}
我已经在 CloudFlare 中创建了 crt
+ pem
密钥并在这两行中进行了配置:
ssl_certificate /etc/nginx/ssl/mybabies.app.crt;
ssl_certificate_key /etc/nginx/ssl/mybabies.app.key;
编辑
当我暂停它时
当我点击 View Certificate
时,我看到
已更新
我从
创建了证书
要在 Cloudflare 和您的服务器之间设置安全连接,您需要在页面 Origin Certificates 中生成 Origin CA Certificate,但是您这样做了相反,在 Client Certificates 中,这就是您收到错误的原因。
它们是完全不同的东西,有着不同的目的。阅读说明。
客户端证书
Secure and authenticate your APIs and web
applications with client certificates. Block traffic from devices that
do not have a valid client SSL/TLS certificate with mTLS rules.
原产地证书
Generate a free TLS certificate signed by Cloudflare to install on
your origin server. Origin Certificates are only valid for encryption
between Cloudflare and your origin server.
生成 PEM 和 KEY 后,您需要将它们放入 .crt 和 .key 并加载到 nginx 配置中,就像您之前所做的那样。
listen 443;
ssl_certificate /etc/nginx/ssl/mybabies.app.crt;
ssl_certificate_key /etc/nginx/ssl/mybabies.app.key;
现在连接 完全(严格) 应该可以工作了。
如果您想改用自签名证书,但仍要利用 CF 和服务器之间的安全连接,请改用选项 Full(不严格)。通过使用 Flexible,您的访问者仍将使用 HTTPS,但 CF 和服务器之间将没有 SSL 连接,服务器会将其视为 HTTP 连接,因此不推荐使用此选项。
更多:https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-
我有一个Laravel 8申请。
我不知道我错过了什么。我正在尝试在我的服务器中部署一个站点。
我不断得到:
无效的 SSL 证书
server {
listen 443;
ssl_certificate /etc/nginx/ssl/mybabies.app.crt;
ssl_certificate_key /etc/nginx/ssl/mybabies.app.key;
server_name mybabies.app www.mybabies.app;
root /home/bheng/mybabies/public;
index index.html index.htm index.php;
charset utf-8;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
client_max_body_size 500M;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log error;
error_page 404 /index.php;
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc|woff2|woff)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
location / {
#limit_req zone=one burst=2 nodelay;
try_files $uri $uri/ /index.php?$query_string;
add_header 'Access-Control-Allow-Origin' '*';
}
}
我已经在 CloudFlare 中创建了 crt
+ pem
密钥并在这两行中进行了配置:
ssl_certificate /etc/nginx/ssl/mybabies.app.crt;
ssl_certificate_key /etc/nginx/ssl/mybabies.app.key;
编辑
当我暂停它时
当我点击 View Certificate
时,我看到
已更新
我从
创建了证书要在 Cloudflare 和您的服务器之间设置安全连接,您需要在页面 Origin Certificates 中生成 Origin CA Certificate,但是您这样做了相反,在 Client Certificates 中,这就是您收到错误的原因。
它们是完全不同的东西,有着不同的目的。阅读说明。
客户端证书
Secure and authenticate your APIs and web applications with client certificates. Block traffic from devices that do not have a valid client SSL/TLS certificate with mTLS rules.
原产地证书
Generate a free TLS certificate signed by Cloudflare to install on your origin server. Origin Certificates are only valid for encryption between Cloudflare and your origin server.
生成 PEM 和 KEY 后,您需要将它们放入 .crt 和 .key 并加载到 nginx 配置中,就像您之前所做的那样。
listen 443;
ssl_certificate /etc/nginx/ssl/mybabies.app.crt;
ssl_certificate_key /etc/nginx/ssl/mybabies.app.key;
现在连接 完全(严格) 应该可以工作了。
如果您想改用自签名证书,但仍要利用 CF 和服务器之间的安全连接,请改用选项 Full(不严格)。通过使用 Flexible,您的访问者仍将使用 HTTPS,但 CF 和服务器之间将没有 SSL 连接,服务器会将其视为 HTTP 连接,因此不推荐使用此选项。
更多:https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-