新手 zeroSSL 纯ip 证书,访问显示不安全 #1
Description
docker-compose
nginx:
image: xiaojun207/nginx
restart: always
volumes:
- ./nginx/data/web:/data/web
- ./nginx/ssl:/etc/nginx/ssl
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/acme_cert:/acme_cert
- ./nginx/download:/opt/download/
- ./nginx/logs:/var/log/nginx
ports:
- 80:80
- 443:443
environment:
SslDomains: "120.55.163.156"
SslServer: "zerossl"
mail: "15951836388@qq.com"
配置 server {
listen 443 ssl;
server_name 120.55.163.156;
# root /data/web/www;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #按照这个协议配置
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;#按照这个套件配置
ssl_stapling off;
ssl_certificate /etc/nginx/ssl/fullchain.pem; # 证书自动安装的路径
ssl_certificate_key /etc/nginx/ssl/key.pem; # 证书自动安装的路径
location / {
proxy_pass http://localhost; #这里的xx.cn 是我们需要转发的 ,配合 修改hosts文件 : 127.0.0.1 xx.cn
}
}
log
[Wed Jan 10 10:54:32 UTC 2024] 生成默认证书, 配置文件中使用,否则nginx启动会失败
2024-01-10T10:54:32.809716448Z [Wed Jan 10 10:54:32 UTC 2024] default cert exists in :/etc/nginx/ssl
2024-01-10T10:54:32.818580845Z [Wed Jan 10 10:54:32 UTC 2024] Start nginx
2024-01-10T10:54:32.822628148Z [Wed Jan 10 10:54:32 UTC 2024] sleep 2 second to start Acme.sh...
2024-01-10T10:54:34.824806438Z [Wed Jan 10 10:54:34 UTC 2024] Start Acme.sh...
2024-01-10T10:54:34.825694078Z [Wed Jan 10 10:54:34 UTC 2024] SSL_DIR :/etc/nginx/ssl
2024-01-10T10:54:34.826522965Z [Wed Jan 10 10:54:34 UTC 2024] mail :15951836388@qq.com
2024-01-10T10:54:34.827074521Z [Wed Jan 10 10:54:34 UTC 2024] RELOAD_CMD :nginx -s reload
2024-01-10T10:54:34.828095515Z [Wed Jan 10 10:54:34 UTC 2024] Issue the cert: 120.55.163.156 with options -d 120.55.163.156
2024-01-10T10:54:34.886611300Z [Wed Jan 10 10:54:34 UTC 2024] Changed default CA to: https://acme.zerossl.com/v2/DV90
2024-01-10T10:54:34.888146160Z [Wed Jan 10 10:54:34 UTC 2024] 1、acme.sh register ..
2024-01-10T10:54:38.754594456Z [Wed Jan 10 10:54:38 UTC 2024] Registering account: https://acme.zerossl.com/v2/DV90
2024-01-10T10:54:44.161314978Z [Wed Jan 10 10:54:44 UTC 2024] Already registered
2024-01-10T10:54:44.205017497Z [Wed Jan 10 10:54:44 UTC 2024] ACCOUNT_THUMBPRINT='2CCrnnSNehCf8CaSSaomACA3HGIdNU_AraFIBdYW4Ok'
2024-01-10T10:54:44.206743125Z [Wed Jan 10 10:54:44 UTC 2024] 2、acme.sh issue ..
2024-01-10T10:54:47.082024038Z [Wed Jan 10 10:54:47 UTC 2024] Using CA: https://acme.zerossl.com/v2/DV90
2024-01-10T10:54:47.112416815Z [Wed Jan 10 10:54:47 UTC 2024] Single domain='120.55.163.156'
2024-01-10T10:54:47.170973692Z [Wed Jan 10 10:54:47 UTC 2024] Getting domain auth token for each domain
2024-01-10T10:54:54.161977010Z [Wed Jan 10 10:54:54 UTC 2024] Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:unsupportedIdentifier","status":400,"detail":"IPv4 and IPv6 identifier types are not yet supported"}
2024-01-10T10:54:54.167125014Z [Wed Jan 10 10:54:54 UTC 2024] Please add '--debug' or '--log' to check more details.
2024-01-10T10:54:54.168571279Z [Wed Jan 10 10:54:54 UTC 2024] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
2024-01-10T10:54:54.170658833Z [Wed Jan 10 10:54:54 UTC 2024] 3、acme.sh install-cert ..
2024-01-10T10:54:54.219781209Z [Wed Jan 10 10:54:54 UTC 2024] The domain '120.55.163.156' seems to have a ECC cert already, lets use ecc cert.
2024-01-10T10:54:54.281405231Z [Wed Jan 10 10:54:54 UTC 2024] Installing cert to: /etc/nginx/ssl/cert.pem
2024-01-10T10:54:54.283170177Z cat: can't open '/acme_cert/120.55.163.156_ecc/120.55.163.156.cer': No such file or directory
2024-01-10T10:54:54.285044833Z [Wed Jan 10 10:54:54 UTC 2024] Start acme.sh crond
2024-01-10T11:00:03.049402517Z 127.0.0.1 - - [10/Jan/2024:11:00:03 +0000] "GET / HTTP/1.0" 200 615 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0"
2024-01-10T11:00:03.050078382Z 114.222.246.82 - - [10/Jan/2024:11:00:03 +0000] "GET / HTTP/1.1" 200 406 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0"
2024-01-10T11:00:25.347375349Z 114.222.246.82 - - [10/Jan/2024:11:00:25 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0"