我刚刚安装了一个SSL证书,并用安全指令设置了Nginx。
这是所有的输出。 但如果你去https://app.clearpointcreditcounselingsolutions.org ,没有任何反应。 我完全难倒了!
server { listen 80; listen 443 default ssl; server_name app.clearpointcreditcounselingsolutions.org; ssl on; ssl_certificate ****.crt; ssl_certificate_key ****key; .... } $> netstat -tulpn | grep 443 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 24389/nginx.conf $> nmap 127.0.0.1 | grep 443 443/tcp open https $> openssl s_client -connect localhost:443 depth=3 L = ValiCert Validation Network, O = "ValiCert, Inc.", OU = ValiCert Class 2 Policy Validation Authority, CN = http://www.valicert.com/, emailAddress = [email protected] verify return:1 depth=2 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority verify return:1 depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certificates.godaddy.com/repository, CN = Go Daddy Secure Certification Authority, serialNumber = ******* verify return:1 depth=0 O = app.clearpointcreditcounselingsolutions.org, OU = Domain Control Validated, CN = app.clearpointcreditcounselingsolutions.org [..and on it goes, but does not belong here..] 所有看起来像检查。 我错过了什么? 我可以运行哪些其他testing?
谢谢,汤姆
编辑:感谢下面的帮助,我能够诊断出这个问题是与iptables,并通过添加以下修复:
-A INPUT -p tcp -s 0/0 --sport 1024:65535 -d $server_ip_address --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT 14 -A OUTPUT -p tcp -s $server_ip_address --sport 443 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
它看起来像在本地工作,但你可能有防火墙规则,阻止它从外面。
我可以通过端口80连接到你的服务器,但是试图在443上连接。
这是我通常用来检查SSL证书的时候,我设置它们: http : //www.sslshopper.com/ssl-checker.html#hostname=app.clearpointcreditcounselingsolutions.org