165 lines
3.4 KiB
Markdown
165 lines
3.4 KiB
Markdown
|
# SSL证书配置完成报告
|
|||
|
|
|
|||
|
|
**配置时间:** 2025年1月28日
|
|||
|
|
**域名:** www.ruilaizipj.com
|
|||
|
|
**服务器IP:** 101.43.95.130
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## ✅ 已完成的配置
|
|||
|
|
|
|||
|
|
### 1. SSL证书已更新
|
|||
|
|
|
|||
|
|
- **证书文件:** `/www/server/panel/vhost/cert/101.43.95.130/fullchain.pem`
|
|||
|
|
- **私钥文件:** `/www/server/panel/vhost/cert/101.43.95.130/privkey.pem`
|
|||
|
|
- **证书域名:** `www.ruilaizipj.com` 和 `ruilaizipj.com`
|
|||
|
|
- **证书有效期:** 2026-01-28 至 2026-04-27(90天)
|
|||
|
|
|
|||
|
|
### 2. Nginx配置已更新
|
|||
|
|
|
|||
|
|
- **配置文件:** `/www/server/panel/vhost/nginx/101.43.95.130.conf`
|
|||
|
|
- **SSL证书路径:** 已正确配置
|
|||
|
|
- **Nginx配置:** 测试通过,已重载
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## ⚠️ 当前状态
|
|||
|
|
|
|||
|
|
### 证书配置
|
|||
|
|
✅ 证书文件已正确部署
|
|||
|
|
✅ 证书格式验证通过
|
|||
|
|
✅ Nginx配置正确
|
|||
|
|
|
|||
|
|
### HTTPS访问
|
|||
|
|
⚠️ 443端口可能未开放(需要检查安全组)
|
|||
|
|
⚠️ 需要等待DNS解析生效(如果使用域名访问)
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 🔧 需要检查的事项
|
|||
|
|
|
|||
|
|
### 1. 安全组配置
|
|||
|
|
|
|||
|
|
确保腾讯云安全组已开放443端口:
|
|||
|
|
|
|||
|
|
1. 登录腾讯云控制台
|
|||
|
|
2. 进入云服务器 → 安全组
|
|||
|
|
3. 检查入站规则,确保443端口已开放
|
|||
|
|
4. 协议:TCP
|
|||
|
|
5. 端口:443
|
|||
|
|
6. 源:0.0.0.0/0(或您的IP)
|
|||
|
|
|
|||
|
|
### 2. 防火墙配置
|
|||
|
|
|
|||
|
|
检查服务器防火墙:
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
# 检查防火墙状态
|
|||
|
|
systemctl status firewalld
|
|||
|
|
|
|||
|
|
# 如果防火墙开启,添加443端口
|
|||
|
|
firewall-cmd --permanent --add-port=443/tcp
|
|||
|
|
firewall-cmd --reload
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
### 3. DNS解析
|
|||
|
|
|
|||
|
|
确保域名解析正确:
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
# 检查DNS解析
|
|||
|
|
nslookup www.ruilaizipj.com
|
|||
|
|
# 应该返回:101.43.95.130
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 📋 验证步骤
|
|||
|
|
|
|||
|
|
### 1. 检查证书
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
openssl x509 -in /www/server/panel/vhost/cert/101.43.95.130/fullchain.pem -noout -subject -dates
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
应该显示:
|
|||
|
|
- Subject: CN=www.ruilaizipj.com
|
|||
|
|
- 有效期:2026-01-28 至 2026-04-27
|
|||
|
|
|
|||
|
|
### 2. 检查Nginx配置
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
nginx -t
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
应该显示:`syntax is ok` 和 `test is successful`
|
|||
|
|
|
|||
|
|
### 3. 测试HTTPS访问
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
curl -k -I https://www.ruilaizipj.com
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
或
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
curl -k -I https://101.43.95.130
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
### 4. 浏览器访问
|
|||
|
|
|
|||
|
|
访问:`https://www.ruilaizipj.com`
|
|||
|
|
|
|||
|
|
应该看到:
|
|||
|
|
- ✅ 绿色锁图标
|
|||
|
|
- ✅ 地址栏显示"安全"
|
|||
|
|
- ✅ 无证书警告
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 🎯 下一步操作
|
|||
|
|
|
|||
|
|
### 如果HTTPS无法访问
|
|||
|
|
|
|||
|
|
1. **检查安全组**:确保443端口已开放
|
|||
|
|
2. **检查防火墙**:确保443端口未被阻止
|
|||
|
|
3. **检查DNS**:确保域名解析正确
|
|||
|
|
4. **等待生效**:配置更改后可能需要几分钟生效
|
|||
|
|
|
|||
|
|
### 如果证书过期
|
|||
|
|
|
|||
|
|
证书有效期90天,到期前需要续期:
|
|||
|
|
|
|||
|
|
1. 在腾讯云重新申请证书
|
|||
|
|
2. 下载新证书
|
|||
|
|
3. 替换证书文件
|
|||
|
|
4. 重载nginx
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## 📝 证书文件位置
|
|||
|
|
|
|||
|
|
- **证书文件:** `/www/server/panel/vhost/cert/101.43.95.130/fullchain.pem`
|
|||
|
|
- **私钥文件:** `/www/server/panel/vhost/cert/101.43.95.130/privkey.pem`
|
|||
|
|
- **备份文件:**
|
|||
|
|
- `/www/server/panel/vhost/cert/101.43.95.130/www.ruilaizipj.com_bundle.crt`
|
|||
|
|
- `/www/server/panel/vhost/cert/101.43.95.130/www.ruilaizipj.com.key`
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
## ✅ 配置总结
|
|||
|
|
|
|||
|
|
| 项目 | 状态 | 说明 |
|
|||
|
|
|------|------|------|
|
|||
|
|
| 证书文件 | ✅ 已部署 | 新证书已替换旧证书 |
|
|||
|
|
| 证书格式 | ✅ 正确 | 验证通过 |
|
|||
|
|
| Nginx配置 | ✅ 正确 | 测试通过 |
|
|||
|
|
| 证书有效期 | ✅ 有效 | 至2026-04-27 |
|
|||
|
|
| HTTPS访问 | ⚠️ 需检查 | 需要确认443端口 |
|
|||
|
|
|
|||
|
|
---
|
|||
|
|
|
|||
|
|
**配置完成时间:** 2025年1月28日
|
|||
|
|
**配置人员:** AI助手
|
|||
|
|
**服务器IP:** 101.43.95.130
|