我正在为我的www子域获取SSL_ERROR_BAD_CERT_DOMAIN

服务器:Ubuntu,nginx

我有一个域名example.com在namecheap.com注册并在DigitalOcean上configuration。 我有www子域的CNAMElogging:

 www.example.com. 1800 IN CNAME example.com. 

这里是我的/etc/nginx/sites-enabled/default文件的内容:

 # HTTP - redirect all requests to HTTPS server { listen 80; listen [::]:80 default_server ipv6only=on; return 301 https://$host$request_uri; } # HTTPS - serve HTML from /usr/share/nginx/html, proxy requests to /parse/ # through to Parse Server server { listen 80; server_name www.example.com; return 301 https://example.com$request_uri; } server { listen 443; server_name example.com; root /home/example/website; index index.html index.htm; ssl on; # Use certificate and key provided by Let's Encrypt: ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; # Config (http://www.westphahl.net/blog/2012/01/03/setting-up-https-with-nginx-and-startssl/) add_header Strict-Transport-Security max-age=31536000; add_header X-Frame-Options DENY; # Pass requests for /parse/ to Parse Server instance at localhost:1337 location /parse/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-NginX-Proxy true; proxy_pass http://localhost:1337/; proxy_ssl_session_reuse off; proxy_set_header Host $http_host; proxy_redirect off; } location / { try_files $uri $uri/ =404; } } 

但是,当我试图打开www.example.com Firefox显示SSL_ERROR_BAD_CERT_DOMAIN “您的连接不安全”的错误。

如何解决这个问题?

:感谢所有的build议者,向www子域颁发SSL证书是有诀窍的。

这是一个让我们encryption的命令:

 ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com 

Chrome的警告页面输出

这台服务器无法certificate它是http://www.example.com ; 其安全证书来自example.com 。 这可能是由错误configuration或攻击者拦截您的连接引起的。

该证书已发布到顶级域名example.com ,但不是子域www.exmample.com

如果ssl发行人说,他们应该给你www,请与他们了解更多信息。

请注意,此警告是在SSL握手级别发出的,并且在请求到达nginx服务器进行处理之前。