错误代码：nginx ubuntu服务器上的ssl_error_rx_record_too_long

我有一个网站是完全运行在一些旧的Ubuntu服务器上的Apache，也有它的HTTPS。 但现在由于某些原因，我需要移动到不同的（高configuration新的Ubuntu服务器）服务器，并尝试使用Nginx服务我的网站，所以安装nginx（ nginx/1.4.6 (Ubuntu) ）。 以下是我的nginx.conf文件设置

 server { listen 8005; location / { proxy_pass http://127.0.0.1:8001; } location /static/ { alias /root/apps/project/static/; } location /media/ { alias /root/apps/media/; } } # Https Server server { listen 443; location / { # proxy_set_header Host $host; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-Protocol $scheme; # proxy_set_header X-Url-Scheme $scheme; # proxy_redirect off; proxy_pass http://127.0.0.1:8001; } server_tokens off; ssl on; ssl_certificate /etc/ssl/certificates/project.com.crt; ssl_certificate_key /etc/ssl/certificates/www.project.com.key; ssl_session_timeout 20m; ssl_session_cache shared:SSL:10m; # ~ 40,000 sessions ssl_protocols SSLv3 TLSv1; # SSLv2 ssl_ciphers ALL:!aNull:!eNull:!SSLv2:!kEDH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP:@STRENGTH; ssl_prefer_server_ciphers on; } 

由于我已经有在另一台服务器上运行的https证书（ project.com.crt ）和密钥（ www.project.com.key ），我刚刚将它们复制到新的服务器（它现在不包含任何域）只有IP）并放在path/etc/ssl/certificates/并试图直接使用它们。 现在我已经重新启动Nginx，并试图访问我的IP 23.xxx.xxx.xx:8005与https:// 23.xxx.xxx.xx:8005 ，我在Firefox下面的错误

 Secure Connection Failed An error occurred during a connection to 23.xxx.xxx.xx:8005. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site. 

但是，当我访问没有https的IP，我可以为我的网站服务。

那么在上面的nginx conf文件中，我的Https设置有什么问题呢？ 我们是否无法通过在某个文件夹中复制粘贴来提供证书文件？ 我们是否需要为我的新服务器创build任何额外的证书？

• 重启Ubuntu 14.04后，nginx不会启动
• 如何在CentOS 6上重新安装python2.7以安装mod_wsgi
• 使用nginx服务静态页面 – 获取404
• 与监督，gunicorn和Django奇怪的行为
• Docker：Django和Postgresql：两个独立的容器还是一个更好？

编辑

根据下面的答案做一些改变后，现在我得到了以下错误

 This is probably not the site you are looking for! You attempted to reach 23.xxx.xxx.xx, but instead you actually reached a server identifying itself as www.xxxxxxxx.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of 23.xxx.xxx.xx. 

所以实际上，证书在旧服务器上工作正常，并且是可信的，但同一证书抱怨说它不是可信任的，所以一旦我们进行DNS更改，这个错误就不会出现。 我的意思是一旦我们的网站www.xxxxxxxx.comredirect到新的IP 23.xxx.xxx.xx？

 server { listen 8005 ssl; ssl_certificate /etc/ssl/certificates/project.com.crt; ssl_certificate_key /etc/ssl/certificates/www.project.com.key; ssl_session_timeout 20m; ssl_session_cache shared:SSL:10m; # ~ 40,000 sessions ssl_protocols SSLv3 TLSv1; # SSLv2 ssl_ciphers ALL:!aNull:!eNull:!SSLv2:!kEDH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP:@STRENGTH; ssl_prefer_server_ciphers on; location / { proxy_pass http://127.0.0.1:8001; } location /static/ { alias /root/apps/project/static/; } location /media/ { alias /root/apps/media/; } }