dockerised nginx ssl fullchain.pem-无起始线：期望可信证书

如何解决dockerised nginx ssl fullchain.pem-无起始线：期望可信证书

我使用let-encrypt获得了用于dockerized Nginx部署的ssl证书。 privkey.pem可以工作，但是 fullchain.pem 文件无法访问，我在Nginx日志中看到这种类型的错误：

PEM_read_bio_X509_AUX（）失败（SSL：错误：0909006C：PEM例程：get_name：无起始行：期望：受信任的证书）

已使用openssl x509 -noout -text测试了证书，并且看来可以正常工作，例如：

Certificate:
Data:
    Version: 3 (0x2)
    Serial Number:
        04:1a:8d:15:9a:1e:78:f7:e7:34:01:62:4c:c4:9f:9b:03:43
    Signature Algorithm: sha256WithRSAEncryption
    Issuer: C = US,O = Let's Encrypt,CN = Let's Encrypt Authority X3
    Validity
        Not Before: Sep 24 03:26:11 2020 GMT
        Not After : Dec 23 03:26:11 2020 GMT

.. etc

和文字检查：

-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISBBqNFZoeePfnNAFiTMSfmwNDMA0GCSqGSIb3DQEBCwUA
...
CJdKuoNsWQgrCG3JHsYwq0KADH7UGRiZ/rISnEMwfEupxzen7ML0cpn2N5iixjw1
ngHluO91jwJo3W2ulQs=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
...
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

有人遇到解决方案吗？

注意，请参阅Nginx.conf（域为“ ex.co”）

    user  Nginx;
worker_processes  auto;
worker_rlimit_nofile 65535;
daemon off;

error_log  /var/log/Nginx/error.log warn;
pid        /var/run/Nginx.pid;

events {
    multi_accept on;
    worker_connections 65535;
}

http {
    charset              utf-8;
    sendfile             on;
    tcp_nopush           on;
    tcp_nodelay          on;
    server_tokens        off;
    log_not_found        off;
    types_hash_max_size  2048;
    client_max_body_size 16M;
    
    #ssl_certificate         /etc/letsencrypt/live/ex.co/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/ex.co/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/ex.co/chain.pem;

    ssl_ciphers         ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-poly1305:ECDHE-RSA-CHACHA20-poly1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_protocols       TLSv1.2 TLSv1.3;
    
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 1d;
    
    include       /etc/Nginx/mime.types;
    default_type  application/octet-stream;

    access_log  /var/log/Nginx/access.log;

    access_log /dev/stdout;
    error_log /dev/stderr;

    keepalive_timeout  65;
    
    include /etc/Nginx/conf.d/*.conf;
    include /etc/Nginx/sites-available/*.conf;

}

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。