سيتعين عليك أيضًا التحقق من رمز تصحيح الخطأ (ECC)، ولكن أعتقد أن كل شيء مناسب.
إعجاب واحد (1)
نعم، هكذا يجب أن تعمل الأمور.
إعجاب واحد (1)
حسنًا. لقد تم كل شيء. شكرًا مرة أخرى على مثابرتك. لقد علّمت مشاركتك التي تشير إلى المشكلة كحل.
4 إعجابات
لقد سألت بالفعل في منشور آخر عما إذا كان من المنطقي الاحتفاظ بشهادة rsa القديمة، وآمل أن تتم إزالتها قريبًا.
Something is not quite right, I have just deleted the old certificates and created new ones with the following rewrite, but the certificate is not also created for www:
cat /var/discourse/containers/app.yml
after_ssl:
# tell letsencrypt what additional certs to get
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--keylength/
to: "-d www.rpg-foren.com --keylength"
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--fullchainpath/
to: "-d www.rpg-foren.com --fullchainpath"
global: true
cat /etc/runit/1.d/letsencrypt
#!/bin/bash
/usr/sbin/nginx -c /etc/nginx/letsencrypt.conf
issue_cert() {
LE_WORKING_DIR="${LETSENCRYPT_DIR}" /shared/letsencrypt/acme.sh --issue $2 -d rpg-foren.com -d www.rpg-foren.com --keylength $1 -w /var/www/discourse/public
}
cert_exists() {
[[ "$(cd /shared/letsencrypt/rpg-foren.com$1 && openssl verify -CAfile <(openssl x509 -in ca.cer) fullchain.cer | grep "OK")" ]]
}
########################################################
# RSA cert
########################################################
issue_cert "4096"
if ! cert_exists ""; then
# Try to issue the cert again if something goes wrong
issue_cert "4096" "--force"
fi
LE_WORKING_DIR="${LETSENCRYPT_DIR}" /shared/letsencrypt/acme.sh \
--installcert \
-d rpg-foren.com \
-d www.rpg-foren.com --fullchainpath /shared/ssl/rpg-foren.com.cer \
--keypath /shared/ssl/rpg-foren.com.key \
--reloadcmd "sv reload nginx"
########################################################
# ECDSA cert
########################################################
issue_cert "ec-256"
if ! cert_exists "_ecc"; then
# Try to issue the cert again if something goes wrong
issue_cert "ec-256" "--force"
fi
LE_WORKING_DIR="${LETSENCRYPT_DIR}" /shared/letsencrypt/acme.sh \
--installcert --ecc \
-d rpg-foren.com \
-d www.rpg-foren.com --fullchainpath /shared/ssl/rpg-foren.com_ecc.cer \
--keypath /shared/ssl/rpg-foren.com_ecc.key \
--reloadcmd "sv reload nginx"
if cert_exists "" || cert_exists "_ecc"; then
grep -q 'force_https' "/var/www/discourse/config/discourse.conf" || echo "force_https = 'true'" >> "/var/www/discourse/config/discourse.conf"
fi
/usr/sbin/nginx -c /etc/nginx/letsencrypt.conf -s stop
openssl x509 -in /var/discourse/shared/standalone/ssl/rpg-foren.com_ecc.cer -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:f0:89:90:30:4f:d5:9b:40:00:9e:96:9a:d7:d0:dc:78:d5
Signature Algorithm: ecdsa-with-SHA384
Issuer: C = US, O = Let's Encrypt, CN = E6
Validity
Not Before: Sep 23 15:23:00 2024 GMT
Not After : Dec 22 15:22:59 2024 GMT
Subject: CN = rpg-foren.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:3a:65:89:b0:9b:07:c2:ef:f7:43:f8:f7:2e:e5:
8e:f8:47:76:19:cc:e6:98:50:e4:18:b7:9b:e0:f0:
60:49:ed:06:5c:66:d0:7b:79:07:84:0f:75:36:4b:
70:98:1d:76:6b:15:20:8f:c5:6d:43:cc:b8:12:a1:
eb:5a:d8:0f:7f
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
7F:CC:80:95:73:18:45:96:CD:73:16:0D:69:CA:4F:5E:54:D4:C1:13
X509v3 Authority Key Identifier:
93:27:46:98:03:A9:51:68:8E:98:D6:C4:42:48:DB:23:BF:58:94:D2
Authority Information Access:
OCSP - URI:http://e6.o.lencr.org
CA Issuers - URI:http://e6.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:rpg-foren.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
Timestamp : Sep 23 16:21:30.838 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:F4:3A:0D:45:49:BE:EB:7D:9F:03:C1:
36:53:77:49:23:6F:E4:57:2B:68:01:5A:31:EB:DB:B4:
1D:1B:30:EA:44:02:21:00:A1:DA:11:1B:2B:59:BB:86:
BF:0B:DC:F6:45:9A:DB:77:DB:A4:DF:1B:4D:74:6A:51:
9A:2A:A0:80:CC:E8:F3:CF
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
Timestamp : Sep 23 16:21:30.896 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:0A:B1:11:58:B1:41:F3:B4:90:13:55:9C:
E2:AD:D1:B8:0B:E9:15:A1:C9:4C:5C:AC:CC:1D:22:46:
6F:FC:64:C4:02:20:4A:EA:C9:AD:99:E3:0A:86:6C:3E:
80:EF:21:D8:DE:A4:83:EA:B6:E6:27:96:C1:98:92:4A:
7B:F0:87:38:41:20
Signature Algorithm: ecdsa-with-SHA384
Signature Value:
30:66:02:31:00:89:8d:24:d5:88:52:bb:f8:9e:db:d8:4c:ef:
33:c6:ea:c0:92:60:5f:42:55:e9:47:4f:2c:07:02:94:6d:d0:
32:14:8a:46:6b:c9:b1:24:e4:ff:34:32:d1:0b:d3:7c:df:02:
31:00:8c:2f:42:67:62:c0:4c:63:9d:8e:52:21:9a:a8:76:e5:
7d:a3:27:22:f2:1b:25:07:d0:86:44:ae:26:33:8b:70:7b:b2:
cc:e5:85:30:a6:1c:8f:b1:51:d2:cf:d1:61:0d
openssl x509 -in /var/discourse/shared/standalone/ssl/rpg-foren.com.cer -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:c8:d5:4a:f1:f4:9b:4f:23:b0:17:be:25:27:97:9b:2c:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = R10
Validity
Not Before: Sep 23 15:22:54 2024 GMT
Not After : Dec 22 15:22:53 2024 GMT
Subject: CN = rpg-foren.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:c9:ac:0e:03:50:58:be:48:e5:57:4f:86:8c:2c:
01:da:4d:08:c2:1f:e2:02:c4:73:98:f6:e7:04:a2:
68:ce:44:21:3e:f8:d7:cb:f8:bd:1c:ba:8f:a4:8b:
11:61:c9:8e:49:ef:a1:88:15:f3:41:1a:41:7f:80:
6a:fb:48:64:b2:2e:d6:79:e2:d0:b1:a1:bc:6b:91:
ec:76:96:8a:37:f4:24:14:d9:e9:a4:89:2a:49:c1:
bb:f1:26:98:15:4f:8e:e9:20:5f:bb:64:02:f9:4f:
93:e2:35:45:15:a8:66:c0:a9:92:97:5f:7e:f8:bd:
65:86:dc:05:9f:46:c8:b7:59:e1:1f:cc:c7:8c:ad:
fa:e3:fb:27:1f:92:45:16:45:9d:ab:4d:5c:29:5d:
7b:96:cc:26:62:69:c3:44:42:e1:7f:de:e3:32:b9:
4e:d2:86:c7:a5:e0:c8:40:bf:b8:5d:d9:fc:6f:70:
23:7b:07:23:0b:88:6b:6f:07:3b:18:76:f9:45:8b:
31:4c:9c:7f:34:d7:36:1f:59:51:42:8a:d8:d7:08:
d9:6b:72:f2:d1:9e:44:16:dd:3b:07:48:ca:a9:ee:
7c:fd:98:b1:4c:99:a4:71:62:c4:eb:ee:bc:d8:46:
c6:39:7c:ce:a5:4c:1d:0d:9e:ca:9b:00:46:e3:46:
0a:14:2a:19:f9:2e:5a:3e:98:f8:81:ac:72:c9:d7:
17:08:0b:40:e7:14:26:dd:87:15:45:6d:58:c1:61:
d3:02:e8:4d:84:70:e8:73:ba:ea:ae:47:5b:fe:e4:
58:5d:43:c7:eb:d9:17:1c:bc:1d:77:85:ac:74:6c:
a5:4d:b3:58:98:22:be:cc:dc:cb:90:49:90:c6:d5:
9a:4b:dd:13:bf:71:2e:f7:f5:d3:67:e8:54:66:cf:
e4:d4:24:78:5f:87:d1:2a:c5:fa:1e:53:f8:d1:f0:
5b:29:d1:fb:0b:21:24:cf:4e:73:da:c3:0b:d2:b9:
cd:75:5a:70:12:ca:e5:fb:37:ca:07:46:7a:41:5d:
5f:3b:7b:e4:91:7a:3d:6f:1f:3a:90:a9:6d:47:3f:
27:3e:9b:a0:e5:da:d2:22:e5:71:37:69:8b:0c:c1:
42:05:2c:ba:70:d9:8e:d2:af:25:e1:64:4e:e2:3b:
2d:a1:a8:14:f1:bb:18:0e:17:83:8c:04:ee:67:34:
5f:bf:c1:00:53:3c:da:9d:74:9b:5b:69:6d:f5:dd:
d6:0a:4f:03:66:a2:25:79:8c:cb:8e:ed:0d:c3:06:
38:44:ad:36:60:07:19:7e:09:86:c1:d3:f2:08:e8:
72:ca:7d:c8:c7:48:2d:39:7b:17:5c:a8:b9:80:dd:
73:57:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
FE:E1:BC:4C:C3:11:44:83:80:48:E6:F4:AB:B8:DE:AE:93:4F:2E:8F
X509v3 Authority Key Identifier:
BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8
Authority Information Access:
OCSP - URI:http://r10.o.lencr.org
CA Issuers - URI:http://r10.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:rpg-foren.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Sep 23 16:21:24.622 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:BD:C6:D8:48:E3:CD:EA:A7:41:E4:27:
FE:34:0C:47:A6:1F:78:6F:61:70:4F:39:B5:BE:22:2F:
39:E1:41:CE:53:02:20:69:1E:20:E0:42:25:40:76:D4:
B0:66:08:15:D7:9C:CC:4F:BC:A4:A2:1E:C6:36:0E:0B:
25:F5:7B:2D:30:85:3A
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 3F:17:4B:4F:D7:22:47:58:94:1D:65:1C:84:BE:0D:12:
ED:90:37:7F:1F:85:6A:EB:C1:BF:28:85:EC:F8:64:6E
Timestamp : Sep 23 16:21:24.621 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:9E:CF:69:F9:27:E3:B0:4E:7D:DC:2D:
13:99:CD:8D:8C:B2:99:0B:B1:CA:82:83:07:2B:91:F7:
1B:71:EB:7B:ED:02:21:00:91:C6:62:90:C3:ED:ED:07:
62:1A:EC:43:02:C6:FE:F3:87:6A:0E:9C:C3:D7:54:1B:
69:3F:3F:FF:31:00:F6:6D
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
51:76:6c:49:3c:86:ea:b0:14:35:ca:85:63:27:de:76:ce:5c:
f2:17:83:28:f8:55:a3:31:f2:4a:32:ae:35:13:35:4b:95:54:
de:be:d7:b7:23:04:cf:2e:5b:e7:4f:cc:0b:90:58:fe:f8:14:
1a:16:a6:ec:1d:18:ec:36:e3:9a:dd:47:b6:e7:66:c9:6d:30:
cf:ab:d3:2d:9f:c6:c8:65:67:23:c1:3d:2e:b3:0c:c8:62:9c:
7a:ee:5d:f1:97:ea:b8:2e:a3:fb:3c:89:14:60:1e:e4:b7:9c:
8c:3c:af:18:aa:c2:68:06:aa:55:9b:cc:0c:5f:c4:ac:90:d1:
a2:c0:13:ed:71:0f:de:8d:0b:a8:1e:c1:1b:ea:38:b7:75:db:
66:b6:fc:68:16:7c:3c:11:5a:e6:f0:37:bc:26:83:ae:43:68:
68:71:d7:da:02:15:ef:50:5b:3e:6a:b3:6a:f7:7a:1f:a0:fc:
f3:f3:c7:43:2c:a2:e0:59:ba:1b:5c:7c:1b:03:7c:52:d1:6e:
2b:db:a2:dc:2d:69:9c:36:fe:b5:98:68:9f:67:8a:61:c8:8c:
6b:0e:b7:59:dc:92:92:d2:84:99:37:e7:ed:2f:47:a9:2a:a9:
b4:47:99:eb:64:8a:f2:57:09:16:d7:03:99:a9:fc:c2:1e:f8:
61:3a:a7:23
I have now created them again manually as described here.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.