2

在我的 EC2 服务器/Ubuntu Xenial 16.04 上成功配置 nginx 后,我尝试多次安装 certbot,但每次都因超时问题而失败。

我按照https://certbot.eff.org/#ubuntuxenial-nginx上的程序操作, 我收到一条成功消息,但是当我去测试时:https ://www.ssllabs.com/ssltest/analyze.html?d= mysite.com

它不起作用。另外,如果我尝试: curl -I https://54.238.241.234:443 # 它失败但是: curl -I http://54.238.241.234:80 # 有效

我的 Nginx 配置如下:

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;


        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name mysite.com;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;

                # With php7.0-cgi alone:
                #fastcgi_pass 127.0.0.1:9000;
                # With php7.0-fpm:
                fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /\.ht {
                deny all;
        }

        location ~ /.well-known {
                    allow all;
        }



    listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite.com-0002/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.com-0002/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot


    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot
}

我的UFW状态如下

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
Nginx Full                 ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
22 (v6)                    ALLOW       Anywhere (v6)             
Nginx Full (v6)            ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)

我的 route53 配置也是正确的。

我真的很想知道这个问题是从哪里来的,并且希望能在这件事上提供任何帮助。提前致谢。

4

0 回答 0