Estou procurando ajuda para diagnosticar e resolver esse problema. Que etapas posso seguir para solucionar o motivo pelo qual meu servidor não está acessível por HTTPS após ativar o SSL com Certbot? Há alguma armadilha ou configuração comum que eu possa ter perdido?
Qualquer ajuda ou orientação para resolver este problema de SSL seria muito apreciada.
eu usei este comando certbot comando sudo certbot --nginx e a sintaxe foi bem-sucedida após o comando certbot não consigo acessar meu servidor, ele está funcionando em http, mas não funciona em https
este é o arquivo em sites disponíveis. nome de arquivo padrão
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
#listen 443;
#listen [::]:443;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html/waste-management-dev/public;
# Add index.php to the list if you are using PHP
index index.php;
server_name yourdomain.in;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param SCRIPT_NAME $fastcgi_script_name;
#include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/yourserver.in/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/yourserver.in/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
server {
if ($host = yourserver.in) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name myserver;
return 404; # managed by Certbot
}
Responder1
Como você basicamente postou apenas informações secundárias, com base nisso, a configuração pode funcionar:
# Default server configuration
# which means its a catch all for these that are not configured, if you use only one site, for this server you dont need a specific host
# /etc/nginx/sites-enabled/default
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
location ~ \.cgi$ {
gzip off;
include fastcgi.conf;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
#### NEW FILE !!!!!!
#### /etc/nginx/sites-enabled/unwaste.in
##start file
server {
server_name unwaste.in;
listen 80;
return 307 https://$host$request_uri;
}
server {
# enable http2 support - if module if avaible
listen 443 ssl http2;
listen [::]:443 ssl http2;
# enable http1.1 support - if module if avaible
# listen 443 ssl;
# listen [::]:443 ssl;
root /var/www/html/waste-management-dev/public;
# Add index.php to the list if you are using PHP
index index.php;
server_name unwaste.in;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param SCRIPT_NAME $fastcgi_script_name;
#include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
ssl_certificate /etc/letsencrypt/live/unwaste.in/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/unwaste.in/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
#EOF
Lembre-se de que /etc/nginx/sites-enabled pode usar vários arquivos e, portanto, você deve fazer isso, e não tocar no nginx.conf. A maioria dos sistemas baseados em Debian, como Ubuntu e companhia, têm o mesmo comportamento.
se o(s) arquivo(s) não for(em) carregado(s), você deverá pegar no final do nginx para:
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
E, por favor, primeiro discuta em vez de votar negativamente, obrigado;)