问题: 宝塔不能获取到证书
宝塔自己的无法创建了
所以需要自己创建证书,配置到本地环境
- 我因为已经安装git, 所以不用单独安装openssl
$ git config --list | grep http.sslbackend
http.sslbackend=openssl
- 进入 git bash 使用
openssl生成证书;
openssl req -x509 -newkey rsa:2048 -nodes -keyout 2key.pem -out 2cert.pem -days 365
Country Name (2 letter code) [AU]: CN
State or Province Name (full name) [Some-State]: Beijing
Locality Name (eg, city) []: Beijing
Organization Name (eg, company) []: Wozewo Inc.
Organizational Unit Name (eg, section) []: Dev
Common Name (e.g. server FQDN or YOUR name) []: www.wozewo.com //关键点
Email Address []: test@wozewo.com
注意:Common Name 是指定的域名 ip 映射填写自定义的域名
生成的文件 2key.pem 和 2cert.pem 自己在磁盘中找一下
- 配置证书
配置好宝塔和ip映射 就可以访问了
报错:
- 如果自行安装的要在openssl目录中创建证书, 或者配置好openssl的环境变量 cmd -> openssl req -x509 -newkey rsa:2048 -nodes -keyout 2key.pem -out 2cert.pem -days 365
C:\Users\ZP>openssl req -x509 -newkey rsa:2048 -nodes -keyout 3key.pem -out 3cert.pem -days 365
Can't open "C:\Program Files\Common Files\ssl/openssl.cnf" for reading, No such file or directory
08750000:error:80000003:system library:BIO_new_file:No such process:crypto\bio\bss_file.c:67:calling fopen(C:\Program Files\Common Files\ssl/openssl.cnf, r)
08750000:error:10000080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:75:
SAN
openssl req -x509 -newkey rsa:2048 -nodes -keyout agrinexus.key -out agrinexus.crt -days 3650 -addext "subjectAltName=DNS:agrinexus.com,DNS:*.agrinexus.com"
// 关键点 DNS和域名
- "subjectAltName=DNS:agrinexusfeed.com"
- Common Name (e.g. server FQDN or YOUR name) []: www.wozewo.com
生成证书
openssl req -x509 -newkey rsa:2048 -nodes -keyout 2key.pem -out 2cert.pem -days 365
openssl req -x509 -newkey rsa:2048 -nodes -keyout agrinexusfeed.key -out agrinexusfeed.crt -days 3650 -addext "subjectAltName=DNS:agrinexusfeed.com,DNS:*.agrinexusfeed.com"
openssl req -x509 -newkey rsa:2048 -nodes -keyout agrinexus.key -out agrinexus.crt -days 36500 -addext "subjectAltName=DNS:agrinexus.com,DNS:*.agrinexus.com"
openssl req -x509 -newkey rsa:2048 -nodes -keyout chat.agrinexus.key -out chat.agrinexus.crt -days 3650 -addext "subjectAltName=DNS:chat.agrinexus.com"
验证
export NODE_TLS_REJECT_UNAUTHORIZED=0
node -e "fetch('https://api.agrinexusfeed.com/index.php?s=/index/index/getGlobalData').then(r=>r.text()).then(console.log)"
node -e "fetch('https://chat.agrinexusfeed.com').then(r=>r.text()).then(console.log)"
配置 hosts
vim /etc/hosts
配置证书
root@ping:~# curl https://api.agrinexusfeed.com
curl: (60) SSL certificate problem: self-signed certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
代码处理
// 仅测试环境可用
if (process.server) {
process.env.NODE\_TLS\_REJECT\_UNAUTHORIZED = "0";
}
添加ThinkPhp的证书到测试系统
- 把你的自签名 CA 加入系统信任链 或者有pem的备份直接第二步骤
cp /www/server/panel/vhost/cert/agrinexusfeed.com/fullchain.pem
cd /www/server/panel/vhost/cert/agrinexusfeed.com/
2. 拷贝到系统 CA 目录
sudo cp fullchain.pem /usr/local/share/ca-certificates/agrinexusfeed.crt
3. 更新系统信任库
sudo update-ca-certificates
你应该看到类似输出:
1 added, 0 removed
sudo -i exit
