我尝试重新配置 SSL 证书,想要禁用 Let’s Encrypt 免费证书。
因为我已购买了证书,我在 Google 上找到了一些相关操作。
直接修改 app.yml,并确认 /var/discourse/shared/standalone/ssl/ 目录下的密钥和证书文件名与配置文件一致,然后重新构建,但结果仍然失败,系统依旧使用了 Let’s Encrypt 证书。
nginx 出现了一些错误日志:
2021/09/25 16:37:26 [emerg] 48#48: cannot load certificate "/shared/ssl/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2021/09/25 16:37:27 [emerg] 78#78: cannot load certificate "/shared/ssl/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2021/09/25 16:37:28 [emerg] 80#80: cannot load certificate "/shared/ssl/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2021/09/25 16:37:29 [emerg] 82#82: cannot load certificate "/shared/ssl/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2021/09/25 16:37:30 [emerg] 95#95: cannot load certificate "/shared/ssl/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2021/09/25 16:37:31 [emerg] 104#104: cannot load certificate "/shared/ssl/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2021/09/25 16:37:32 [emerg] 106#106: cannot load certificate "/shared/ssl/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
我已确认该目录下存在文件:
root@discourse-test:/var/discourse/shared/standalone/ssl# ls -al ssl.*
-rw-r--r-- 1 root root 7868 Sep 25 16:24 ssl.cer
-rw------- 1 root root 1675 Sep 25 16:24 ssl.key
并在以下链接中找到了一些讨论:
Removing Let’s Encrypt from installation choice
当我运行 ./discourse-setup 时,收到如下警告:
./discourse-setup: line 471: [: 1234567890123456: binary operator expected
有什么建议可以禁用 Let’s Encrypt 或解决重新配置的问题吗?
2 个赞
pfaffman
(Jay Pfaffman)
2
1 个赞
你好 pfaffman
感谢您的回复。
对于您提供的信息,我已经有了参考和实验方案。但结果失败了,nginx 服务无法读取文件。
错误信息如上所述:
2021/09/25 16:37:26 [emerg] 48#48: cannot load certificate "/shared/ssl/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2021/09/25 16:37:27 [emerg] 78#78: cannot load certificate "/shared/ssl/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2021/09/25 16:37:28 [emerg] 80#80: cannot load certificate "/shared/ssl/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2021/09/25 16:37:29 [emerg] 82#82: cannot load certificate "/shared/ssl/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2021/09/25 16:37:30 [emerg] 95#95: cannot load certificate "/shared/ssl/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2021/09/25 16:37:31 [emerg] 104#104: cannot load certificate "/shared/ssl/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
2021/09/25 16:37:32 [emerg] 106#106: cannot load certificate "/shared/ssl/ssl.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/ssl.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
1 个赞
我成功改用我自己的证书。
我一直使用错误的凭据文件名,nginx 设置需要 crt 文件,但我一直在安装和测试 cer 文件。
因此,我解决了 SSL 问题。
谢谢
3 个赞
您最初几篇帖子中引人注目的是:
无法加载证书 "/shared/ssl/ssl.crt"
以及
确认目录中存在该文件:
root@discourse-test:/var/discourse/shared/standalone/ssl# ls -al ssl.*
请注意 /shared/ 之后路径部分的差异。Nginx 期望 ssl.crt 文件位于 shared/ssl/ 文件夹中。但您发现它位于 shared/standalone/ 中。该文件并不在 Nginx 查找的路径中。
@JimPas 感谢您的回复。
我提供的信息是路径不匹配,因为一个路径是 Docker 卷路径,另一个是真实服务器的文件路径。
仅高级设置:为您的 Discourse Docker 设置启用 SSL/HTTPS
volumes:
- volume:
host: /var/discourse/shared/standalone
guest: /shared
看起来不匹配,但实际上是相同的。
第一个问题我已经解决了。
对我来说,根本原因是我没有注意到证书格式。
配置中设置的是 crt 格式,但我一直使用的是 cer 格式的文件,因此 Nginx 无法成功读取证书文件。
2 个赞
我从未注意到这一点。好吧,真是该打!
很高兴你意识到了并修复了它。
1 个赞
system
(system)
关闭
8
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.