nginx – Let’s Encrypt的中间证书

Nginx 前端之家
前端之家收集整理的这篇文章主要介绍了nginx – Let’s Encrypt的中间证书前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我在我的服务器上设置了Let’s Encrypt加密,然后在同一台服务器(带有Nginxubuntu服务器16.04)上设置邮件服务器(dovecot和postfix)的教程.在此过程中,我还为该域创建了两个电子邮件地址,我希望通过邮件客户端Mail使用该地址.但是,我收到错误“无法验证帐户名或密码”,并在http://www.checktls.com/perl/TestReceiver.pl我收到以下错误

  1. [001.075]       Cert NOT VALIDATED: unable to get local issuer certificate
  2. [001.075]       this may help: What Is An Intermediate Certificate
  3. [001.075]       So email is encrypted but the domain is not verified
  4. [001.075]   ssl : scheme=ldap cert=140396633026752
  5. : identity=mail.mysite.com cn=mysite.com alt=2 mysite.com 2 www.mysite.com
  6. [001.075]       Cert Hostname DOES NOT VERIFY (mail.mysite.com != mysite.com)
  7. [001.076]       So email is encrypted but the host is not verified

整个报告:

  1. seconds     test stage and result
  2. [000.123]       Connected to server
  3. [000.437]   <-- 220 ubuntu-512mb-fra1-01.mysite.com ESMTP Postfix (Ubuntu)
  4. [000.437]       We are allowed to connect
  5. [000.438]   --> EHLO checktls.com
  6. [000.558]   <-- 250-ubuntu-512mb-fra1-01.mysite.com
  7. 250-PIPELINING
  8. 250-SIZE 10240000
  9. 250-VRFY
  10. 250-ETRN
  11. 250-STARTTLS
  12. 250-ENHANCEDSTATUSCODES
  13. 250-8BITMIME
  14. 250 DSN
  15. [000.558]       We can use this server
  16. [000.559]       TLS is an option on this server
  17. [000.559]   --> STARTTLS
  18. [000.679]   <-- 220 2.0.0 Ready to start TLS
  19. [000.680]       STARTTLS command works on this server
  20. [000.947]   ssl : new ctx 140396633279344
  21. : start handshake
  22. : ssl handshake not started
  23. : not using SNI because hostname is unknown
  24. : set socket to non-blocking to enforce timeout=30
  25. : call Net::SSLeay::connect
  26. : done Net::SSLeay::connect -> -1
  27. : ssl handshake in progress
  28. : waiting for fd to become ready: SSL wants a read first
  29. : socket ready,retrying connect
  30. : call Net::SSLeay::connect
  31. : ok=0 [0] /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3/CN=mysite.com
  32. : ok=0 [0] /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3/CN=mysite.com
  33. : ok=0 [0] /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3/CN=mysite.com
  34. : done Net::SSLeay::connect -> -1
  35. : ssl handshake in progress
  36. : waiting for fd to become ready: SSL wants a read first
  37. : socket ready,retrying connect
  38. : call Net::SSLeay::connect
  39. : done Net::SSLeay::connect -> 1
  40. : ssl handshake done
  41. [000.949]       SSLVersion in use: TLSv1.2
  42. [000.949]       Cipher in use: ECDHE-RSA-AES128-SHA256
  43. [000.950]       Connection converted to SSL
  44. [000.979]       
  45. Certificate 1 of 3 in chain:
  46. Certificate:
  47.   Data:
  48.     Version: 3 (0x2)
  49.     Serial Number:
  50.       03:bf:0b:67:c3:bd:f6:98:ed:66:b4:86:11:5c:44:22:e2:1b
  51.   Signature Algorithm: sha256WithRSAEncryption
  52.     Issuer:
  53.       countryName         = US
  54.       organizationName      = Let's Encrypt
  55.       commonName        = Let's Encrypt Authority X3
  56.     Validity
  57.       Not Before: Oct 29 10:33:00 2016 GMT
  58.       Not After : Jan 27 10:33:00 2017 GMT
  59.     Subject:
  60.       commonName        = mysite.com
  61.     Subject Public Key Info:
  62.       Public Key Algorithm: rSAEncryption
  63.         Public-Key: (2048 bit)
  64.         Modulus:
  65.           00:dd:1e:5b:b8:0e:b6:06:f3:b5:8d:55:42:b8:d1:
  66.           f5:91:fd:74:03:f5:f5:5d:6e:8d:84:47:19:d7:28:
  67.           77:3d:47:33:50:bd:70:7a:bf:bf:97:fe:9a:bb:af:
  68.           31:71:db:d5:8b:dc:5a:22:11:4a:b9:c0:c7:2c:ba:
  69.           22:11:52:3d:f8:35:0b:f3:d8:f5:c5:a3:5d:0f:70:
  70.           df:d6:02:38:dd:a7:43:22:b2:ae:96:7a:a6:17:de:
  71.           70:89:e3:74:16:c6:ee:eb:04:37:99:44:f0:2c:10:
  72.           95:21:20:75:f9:b3:c8:d2:4a:c0:04:97:6d:fa:82:
  73.           10:a5:e7:9a:37:82:95:99:e3:d4:c2:65:1a:d0:60:
  74.           ef:18:8a:39:6c:0a:13:9e:00:a4:bd:57:03:55:ea:
  75.           11:33:61:29:41:99:32:9b:85:7d:76:b8:b3:99:46:
  76.           75:33:bf:de:10:52:ce:32:69:9a:36:3d:8b:5b:d1:
  77.           67:ff:66:ef:43:ea:8f:07:77:41:55:f5:f6:ba:6d:
  78.           e2:8f:4e:04:e4:c7:f1:fe:3b:6c:9c:8c:b2:b5:a8:
  79.           24:57:c8:50:eb:37:6c:ea:a4:59:d5:17:dd:31:c3:
  80.           ee:16:df:a4:3a:56:25:ea:38:3c:ab:d2:7f:2b:73:
  81.           7d:2e:d5:ca:ff:b9:e7:d2:d3:18:6b:60:14:f9:e8:
  82.           03:45
  83.         Exponent: 65537 (0x10001)
  84.     X509v3 extensions:
  85.       X509v3 Key Usage: critical
  86.         Digital Signature,Key Encipherment
  87.       X509v3 Extended Key Usage: 
  88.         TLS Web Server Authentication,TLS Web Client Authentication
  89.       X509v3 Basic Constraints: critical
  90.         CA:FALSE
  91.       X509v3 Subject Key Identifier: 
  92.         D9:81:23:A5:47:07:33:95:ED:67:F4:1C:79:48:64:EF:64:93:31:96
  93.       X509v3 Authority Key Identifier: 
  94.         keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
  95.       Authority Information Access: 
  96.         OCSP - URI:http://ocsp.int-x3.letsencrypt.org/
  97.         CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
  98.       X509v3 Subject Alternative Name: 
  99.         DNS:mysite.com,DNS:www.mysite.com
  100.       X509v3 Certificate Policies: 
  101.         Policy: 2.23.140.1.2.1
  102.         Policy: 1.3.6.1.4.1.44947.1.1.1
  103.           CPS: http://cps.letsencrypt.org
  104.           User Notice:
  105.           Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
  106.   Signature Algorithm: sha256WithRSAEncryption
  107.      75:54:a8:af:38:1e:79:64:5c:89:b7:43:5f:81:fd:20:cf:83:
  108.      41:f4:f3:4c:53:45:5c:4b:4f:52:41:22:59:76:14:eb:41:30:
  109.      46:d2:2a:0e:e3:f8:0a:5b:03:fb:a1:77:b5:95:05:b9:cd:2e:
  110.      4a:d7:10:c1:d4:5d:fc:92:fa:30:c3:52:e4:35:02:f8:aa:c2:
  111.      ea:9a:a5:81:9f:1e:82:ae:d4:0f:d1:ff:ab:a2:56:66:3c:7d:
  112.      6c:55:87:c3:88:73:03:1a:c3:35:50:0a:7c:5d:c2:e6:fe:85:
  113.      80:29:8b:57:a2:42:4f:db:b9:d0:2e:5f:27:fb:11:bb:cf:86:
  114.      d5:97:17:2d:80:85:11:a1:27:c8:b9:98:fd:3c:a0:6d:d8:b9:
  115.      54:28:1c:70:ea:6c:04:bd:01:26:0c:ac:05:7d:0e:8b:cf:30:
  116.      10:a3:06:fa:62:86:35:a4:85:bb:c8:bc:c1:d7:b1:24:a4:95:
  117.      cb:9b:51:88:62:02:42:d0:43:b4:85:59:57:2c:19:4c:29:6c:
  118.      56:5b:f5:8d:b2:08:29:05:b1:61:5a:4b:91:dc:d0:51:8b:a8:
  119.      31:dc:ee:84:0a:e6:2f:84:eb:8a:f8:db:b7:ba:40:ce:12:5a:
  120.      af:c3:26:a3:27:d2:c1:d6:48:80:d2:2a:dc:82:70:8c:0e:04:
  121.      36:7e:d3:1e
  122. -----BEGIN CERTIFICATE-----
  123. MIIFDjCCA/agAwIBAgISA78LZ8O99pjtZrSGEVxEIuIbMA0GCSqGSIb3DQEBCwUA
  124. MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
  125. ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMjkxMDMzMDBaFw0x
  126. NzAxMjcxMDMzMDBaMBcxFTATBgNVBAMTDGhleW1vbmRheS5zZTCCASIwDQYJKoZI
  127. hvcNAQEBBQADggEPADCCAQoCggEBAN0eW7gOtgbztY1VQrjR9ZH9dAP19V1ujYRH
  128. Gdcodz1HM1C9cHq/v5f+mruvMXHb1YvcWiIRSrnAxyy6IhFSPfg1C/PY9cWjXQ9w
  129. 39YCON2nQyKyrpZ6phfecInjdBbG7usEN5lE8CwQlSEgdfmzyNJKwASXbfqCEKXn
  130. mjeClZnj1MJlGtBg7xiKOWwKE54ApL1XA1XqETNhKUGZMpuFfXa4s5lGdTO/3hBS
  131. zjJpmjY9i1vRZ/9m70Pqjwd3QVX19rpt4o9OBOTH8f47bJyMsrWoJFfIUOs3bOqk
  132. WdUX3THD7hbfpDpWJeo4PKvSfytzfS7Vyv+559LTGGtgFPnoA0UCAwEAAaOCAh8w
  133. ggIbMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
  134. AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU2YEjpUcHM5XtZ/QceUhk72STMZYw
  135. HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBi
  136. MC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
  137. LzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y
  138. Zy8wKQYDVR0RBCIwIIIMaGV5bW9uZGF5LnNlghB3d3cuaGV5bW9uZGF5LnNlMIH+
  139. BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEF
  140. BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGe
  141. DIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBS
  142. ZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBD
  143. ZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5v
  144. cmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAHVUqK84HnlkXIm3Q1+B
  145. /SDPg0H080xTRVxLT1JBIll2FOtBMEbSKg7j+ApbA/uhd7WVBbnNLkrXEMHUXfyS
  146. +jDDUuQ1AviqwuqapYGfHoKu1A/R/6uiVmY8fWxVh8OIcwMawzVQCnxdwub+hYAp
  147. i1eiQk/budAuXyf7EbvPhtWXFy2AhRGhJ8i5mP08oG3YuVQoHHDqbAS9ASYMrAV9
  148. DovPMBCjBvpihjWkhbvIvMHXsSSklcubUYhiAkLQQ7SFWVcsGUwpbFZb9Y2yCCkF
  149. sWFaS5Hc0FGLqDHc7oQK5i+E64r427e6QM4SWq/DJqMn0sHWSIDSKtyCcIwOBDZ+
  150. 0x4=
  151. -----END CERTIFICATE-----                                                                                                                      
  152. [001.005]       
  153. Certificate 2 of 3 in chain:
  154. Certificate:
  155.   Data:
  156.     Version: 3 (0x2)
  157.     Serial Number:
  158.       03:bf:0b:67:c3:bd:f6:98:ed:66:b4:86:11:5c:44:22:e2:1b
  159.   Signature Algorithm: sha256WithRSAEncryption
  160.     Issuer:
  161.       countryName         = US
  162.       organizationName      = Let's Encrypt
  163.       commonName        = Let's Encrypt Authority X3
  164.     Validity
  165.       Not Before: Oct 29 10:33:00 2016 GMT
  166.       Not After : Jan 27 10:33:00 2017 GMT
  167.     Subject:
  168.       commonName        = mysite.com
  169.     Subject Public Key Info:
  170.       Public Key Algorithm: rSAEncryption
  171.         Public-Key: (2048 bit)
  172.         Modulus:
  173.           00:dd:1e:5b:b8:0e:b6:06:f3:b5:8d:55:42:b8:d1:
  174.           f5:91:fd:74:03:f5:f5:5d:6e:8d:84:47:19:d7:28:
  175.           77:3d:47:33:50:bd:70:7a:bf:bf:97:fe:9a:bb:af:
  176.           31:71:db:d5:8b:dc:5a:22:11:4a:b9:c0:c7:2c:ba:
  177.           22:11:52:3d:f8:35:0b:f3:d8:f5:c5:a3:5d:0f:70:
  178.           df:d6:02:38:dd:a7:43:22:b2:ae:96:7a:a6:17:de:
  179.           70:89:e3:74:16:c6:ee:eb:04:37:99:44:f0:2c:10:
  180.           95:21:20:75:f9:b3:c8:d2:4a:c0:04:97:6d:fa:82:
  181.           10:a5:e7:9a:37:82:95:99:e3:d4:c2:65:1a:d0:60:
  182.           ef:18:8a:39:6c:0a:13:9e:00:a4:bd:57:03:55:ea:
  183.           11:33:61:29:41:99:32:9b:85:7d:76:b8:b3:99:46:
  184.           75:33:bf:de:10:52:ce:32:69:9a:36:3d:8b:5b:d1:
  185.           67:ff:66:ef:43:ea:8f:07:77:41:55:f5:f6:ba:6d:
  186.           e2:8f:4e:04:e4:c7:f1:fe:3b:6c:9c:8c:b2:b5:a8:
  187.           24:57:c8:50:eb:37:6c:ea:a4:59:d5:17:dd:31:c3:
  188.           ee:16:df:a4:3a:56:25:ea:38:3c:ab:d2:7f:2b:73:
  189.           7d:2e:d5:ca:ff:b9:e7:d2:d3:18:6b:60:14:f9:e8:
  190.           03:45
  191.         Exponent: 65537 (0x10001)
  192.     X509v3 extensions:
  193.       X509v3 Key Usage: critical
  194.         Digital Signature,DNS:www.mysite.com
  195.       X509v3 Certificate Policies: 
  196.         Policy: 2.23.140.1.2.1
  197.         Policy: 1.3.6.1.4.1.44947.1.1.1
  198.           CPS: http://cps.letsencrypt.org
  199.           User Notice:
  200.           Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
  201.   Signature Algorithm: sha256WithRSAEncryption
  202.      75:54:a8:af:38:1e:79:64:5c:89:b7:43:5f:81:fd:20:cf:83:
  203.      41:f4:f3:4c:53:45:5c:4b:4f:52:41:22:59:76:14:eb:41:30:
  204.      46:d2:2a:0e:e3:f8:0a:5b:03:fb:a1:77:b5:95:05:b9:cd:2e:
  205.      4a:d7:10:c1:d4:5d:fc:92:fa:30:c3:52:e4:35:02:f8:aa:c2:
  206.      ea:9a:a5:81:9f:1e:82:ae:d4:0f:d1:ff:ab:a2:56:66:3c:7d:
  207.      6c:55:87:c3:88:73:03:1a:c3:35:50:0a:7c:5d:c2:e6:fe:85:
  208.      80:29:8b:57:a2:42:4f:db:b9:d0:2e:5f:27:fb:11:bb:cf:86:
  209.      d5:97:17:2d:80:85:11:a1:27:c8:b9:98:fd:3c:a0:6d:d8:b9:
  210.      54:28:1c:70:ea:6c:04:bd:01:26:0c:ac:05:7d:0e:8b:cf:30:
  211.      10:a3:06:fa:62:86:35:a4:85:bb:c8:bc:c1:d7:b1:24:a4:95:
  212.      cb:9b:51:88:62:02:42:d0:43:b4:85:59:57:2c:19:4c:29:6c:
  213.      56:5b:f5:8d:b2:08:29:05:b1:61:5a:4b:91:dc:d0:51:8b:a8:
  214.      31:dc:ee:84:0a:e6:2f:84:eb:8a:f8:db:b7:ba:40:ce:12:5a:
  215.      af:c3:26:a3:27:d2:c1:d6:48:80:d2:2a:dc:82:70:8c:0e:04:
  216.      36:7e:d3:1e
  217. -----BEGIN CERTIFICATE-----
  218. MIIFDjCCA/agAwIBAgISA78LZ8O99pjtZrSGEVxEIuIbMA0GCSqGSIb3DQEBCwUA
  219. MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
  220. ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMjkxMDMzMDBaFw0x
  221. NzAxMjcxMDMzMDBaMBcxFTATBgNVBAMTDGhleW1vbmRheS5zZTCCASIwDQYJKoZI
  222. hvcNAQEBBQADggEPADCCAQoCggEBAN0eW7gOtgbztY1VQrjR9ZH9dAP19V1ujYRH
  223. Gdcodz1HM1C9cHq/v5f+mruvMXHb1YvcWiIRSrnAxyy6IhFSPfg1C/PY9cWjXQ9w
  224. 39YCON2nQyKyrpZ6phfecInjdBbG7usEN5lE8CwQlSEgdfmzyNJKwASXbfqCEKXn
  225. mjeClZnj1MJlGtBg7xiKOWwKE54ApL1XA1XqETNhKUGZMpuFfXa4s5lGdTO/3hBS
  226. zjJpmjY9i1vRZ/9m70Pqjwd3QVX19rpt4o9OBOTH8f47bJyMsrWoJFfIUOs3bOqk
  227. WdUX3THD7hbfpDpWJeo4PKvSfytzfS7Vyv+559LTGGtgFPnoA0UCAwEAAaOCAh8w
  228. ggIbMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
  229. AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU2YEjpUcHM5XtZ/QceUhk72STMZYw
  230. HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBi
  231. MC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
  232. LzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y
  233. Zy8wKQYDVR0RBCIwIIIMaGV5bW9uZGF5LnNlghB3d3cuaGV5bW9uZGF5LnNlMIH+
  234. BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEF
  235. BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGe
  236. DIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBS
  237. ZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBD
  238. ZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5v
  239. cmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAHVUqK84HnlkXIm3Q1+B
  240. /SDPg0H080xTRVxLT1JBIll2FOtBMEbSKg7j+ApbA/uhd7WVBbnNLkrXEMHUXfyS
  241. +jDDUuQ1AviqwuqapYGfHoKu1A/R/6uiVmY8fWxVh8OIcwMawzVQCnxdwub+hYAp
  242. i1eiQk/budAuXyf7EbvPhtWXFy2AhRGhJ8i5mP08oG3YuVQoHHDqbAS9ASYMrAV9
  243. DovPMBCjBvpihjWkhbvIvMHXsSSklcubUYhiAkLQQ7SFWVcsGUwpbFZb9Y2yCCkF
  244. sWFaS5Hc0FGLqDHc7oQK5i+E64r427e6QM4SWq/DJqMn0sHWSIDSKtyCcIwOBDZ+
  245. 0x4=
  246. -----END CERTIFICATE-----                                                                                                                        
  247. [001.074]       
  248. Certificate 3 of 3 in chain:
  249. Certificate:
  250.   Data:
  251.     Version: 3 (0x2)
  252.     Serial Number:
  253.       03:bf:0b:67:c3:bd:f6:98:ed:66:b4:86:11:5c:44:22:e2:1b
  254.   Signature Algorithm: sha256WithRSAEncryption
  255.     Issuer:
  256.       countryName         = US
  257.       organizationName      = Let's Encrypt
  258.       commonName        = Let's Encrypt Authority X3
  259.     Validity
  260.       Not Before: Oct 29 10:33:00 2016 GMT
  261.       Not After : Jan 27 10:33:00 2017 GMT
  262.     Subject:
  263.       commonName        = mysite.com
  264.     Subject Public Key Info:
  265.       Public Key Algorithm: rSAEncryption
  266.         Public-Key: (2048 bit)
  267.         Modulus:
  268.           00:dd:1e:5b:b8:0e:b6:06:f3:b5:8d:55:42:b8:d1:
  269.           f5:91:fd:74:03:f5:f5:5d:6e:8d:84:47:19:d7:28:
  270.           77:3d:47:33:50:bd:70:7a:bf:bf:97:fe:9a:bb:af:
  271.           31:71:db:d5:8b:dc:5a:22:11:4a:b9:c0:c7:2c:ba:
  272.           22:11:52:3d:f8:35:0b:f3:d8:f5:c5:a3:5d:0f:70:
  273.           df:d6:02:38:dd:a7:43:22:b2:ae:96:7a:a6:17:de:
  274.           70:89:e3:74:16:c6:ee:eb:04:37:99:44:f0:2c:10:
  275.           95:21:20:75:f9:b3:c8:d2:4a:c0:04:97:6d:fa:82:
  276.           10:a5:e7:9a:37:82:95:99:e3:d4:c2:65:1a:d0:60:
  277.           ef:18:8a:39:6c:0a:13:9e:00:a4:bd:57:03:55:ea:
  278.           11:33:61:29:41:99:32:9b:85:7d:76:b8:b3:99:46:
  279.           75:33:bf:de:10:52:ce:32:69:9a:36:3d:8b:5b:d1:
  280.           67:ff:66:ef:43:ea:8f:07:77:41:55:f5:f6:ba:6d:
  281.           e2:8f:4e:04:e4:c7:f1:fe:3b:6c:9c:8c:b2:b5:a8:
  282.           24:57:c8:50:eb:37:6c:ea:a4:59:d5:17:dd:31:c3:
  283.           ee:16:df:a4:3a:56:25:ea:38:3c:ab:d2:7f:2b:73:
  284.           7d:2e:d5:ca:ff:b9:e7:d2:d3:18:6b:60:14:f9:e8:
  285.           03:45
  286.         Exponent: 65537 (0x10001)
  287.     X509v3 extensions:
  288.       X509v3 Key Usage: critical
  289.         Digital Signature,DNS:www.mysite.com
  290.       X509v3 Certificate Policies: 
  291.         Policy: 2.23.140.1.2.1
  292.         Policy: 1.3.6.1.4.1.44947.1.1.1
  293.           CPS: http://cps.letsencrypt.org
  294.           User Notice:
  295.           Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
  296.   Signature Algorithm: sha256WithRSAEncryption
  297.      75:54:a8:af:38:1e:79:64:5c:89:b7:43:5f:81:fd:20:cf:83:
  298.      41:f4:f3:4c:53:45:5c:4b:4f:52:41:22:59:76:14:eb:41:30:
  299.      46:d2:2a:0e:e3:f8:0a:5b:03:fb:a1:77:b5:95:05:b9:cd:2e:
  300.      4a:d7:10:c1:d4:5d:fc:92:fa:30:c3:52:e4:35:02:f8:aa:c2:
  301.      ea:9a:a5:81:9f:1e:82:ae:d4:0f:d1:ff:ab:a2:56:66:3c:7d:
  302.      6c:55:87:c3:88:73:03:1a:c3:35:50:0a:7c:5d:c2:e6:fe:85:
  303.      80:29:8b:57:a2:42:4f:db:b9:d0:2e:5f:27:fb:11:bb:cf:86:
  304.      d5:97:17:2d:80:85:11:a1:27:c8:b9:98:fd:3c:a0:6d:d8:b9:
  305.      54:28:1c:70:ea:6c:04:bd:01:26:0c:ac:05:7d:0e:8b:cf:30:
  306.      10:a3:06:fa:62:86:35:a4:85:bb:c8:bc:c1:d7:b1:24:a4:95:
  307.      cb:9b:51:88:62:02:42:d0:43:b4:85:59:57:2c:19:4c:29:6c:
  308.      56:5b:f5:8d:b2:08:29:05:b1:61:5a:4b:91:dc:d0:51:8b:a8:
  309.      31:dc:ee:84:0a:e6:2f:84:eb:8a:f8:db:b7:ba:40:ce:12:5a:
  310.      af:c3:26:a3:27:d2:c1:d6:48:80:d2:2a:dc:82:70:8c:0e:04:
  311.      36:7e:d3:1e
  312. -----BEGIN CERTIFICATE-----
  313. MIIFDjCCA/agAwIBAgISA78LZ8O99pjtZrSGEVxEIuIbMA0GCSqGSIb3DQEBCwUA
  314. MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
  315. ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMjkxMDMzMDBaFw0x
  316. NzAxMjcxMDMzMDBaMBcxFTATBgNVBAMTDGhleW1vbmRheS5zZTCCASIwDQYJKoZI
  317. hvcNAQEBBQADggEPADCCAQoCggEBAN0eW7gOtgbztY1VQrjR9ZH9dAP19V1ujYRH
  318. Gdcodz1HM1C9cHq/v5f+mruvMXHb1YvcWiIRSrnAxyy6IhFSPfg1C/PY9cWjXQ9w
  319. 39YCON2nQyKyrpZ6phfecInjdBbG7usEN5lE8CwQlSEgdfmzyNJKwASXbfqCEKXn
  320. mjeClZnj1MJlGtBg7xiKOWwKE54ApL1XA1XqETNhKUGZMpuFfXa4s5lGdTO/3hBS
  321. zjJpmjY9i1vRZ/9m70Pqjwd3QVX19rpt4o9OBOTH8f47bJyMsrWoJFfIUOs3bOqk
  322. WdUX3THD7hbfpDpWJeo4PKvSfytzfS7Vyv+559LTGGtgFPnoA0UCAwEAAaOCAh8w
  323. ggIbMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
  324. AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU2YEjpUcHM5XtZ/QceUhk72STMZYw
  325. HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBi
  326. MC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
  327. LzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y
  328. Zy8wKQYDVR0RBCIwIIIMaGV5bW9uZGF5LnNlghB3d3cuaGV5bW9uZGF5LnNlMIH+
  329. BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEF
  330. BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGe
  331. DIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBS
  332. ZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBD
  333. ZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5v
  334. cmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAHVUqK84HnlkXIm3Q1+B
  335. /SDPg0H080xTRVxLT1JBIll2FOtBMEbSKg7j+ApbA/uhd7WVBbnNLkrXEMHUXfyS
  336. +jDDUuQ1AviqwuqapYGfHoKu1A/R/6uiVmY8fWxVh8OIcwMawzVQCnxdwub+hYAp
  337. i1eiQk/budAuXyf7EbvPhtWXFy2AhRGhJ8i5mP08oG3YuVQoHHDqbAS9ASYMrAV9
  338. DovPMBCjBvpihjWkhbvIvMHXsSSklcubUYhiAkLQQ7SFWVcsGUwpbFZb9Y2yCCkF
  339. sWFaS5Hc0FGLqDHc7oQK5i+E64r427e6QM4SWq/DJqMn0sHWSIDSKtyCcIwOBDZ+
  340. 0x4=
  341. -----END CERTIFICATE-----                                                                                                                          
  342. [001.075]       Cert NOT VALIDATED: unable to get local issuer certificate
  343. [001.075]       this may help: What Is An Intermediate Certificate
  344. [001.075]       So email is encrypted but the domain is not verified
  345. [001.075]   ssl : scheme=ldap cert=140396633026752
  346. : identity=mail.mysite.com cn=mysite.com alt=2 mysite.com 2 www.mysite.com
  347. [001.075]       Cert Hostname DOES NOT VERIFY (mail.mysite.com != mysite.com)
  348. [001.076]       So email is encrypted but the host is not verified
  349. [001.076]   ~~> EHLO checktls.com
  350. [001.077]   ssl write_all VM at entry=vm_unknown
  351. at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 554.
  352. partial `EHLO checktls.com
  353. '
  354. at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 557.
  355. written so far 19:19 bytes (VM=vm_unknown)
  356. at blib/lib/Net/SSLeay.pm (autosplit into blib/lib/auto/Net/SSLeay/ssl_write_all.al) line 676.
  357. [001.197]   <~~ 250-ubuntu-512mb-fra1-01.mysite.com
  358. 250-PIPELINING
  359. 250-SIZE 10240000
  360. 250-VRFY
  361. 250-ETRN
  362. 250-AUTH PLAIN LOGIN
  363. 250-ENHANCEDSTATUSCODES
  364. 250-8BITMIME
  365. 250 DSN
  366. [001.198]       TLS successfully started on this server
  367. [001.198]   ~~> MAIL FROM:40396633279344 open=140396633279344
  368. : free ctx 140396633279344 callback

据我所知,问题在于证书的实施.我可以采取哪些步骤来解决这个问题?

最佳答案
看着

not using SNI because hostname is unknown

在看到测试连接的主机名之后

ubuntu-512mb-fra1-01.mysite.com

commonName = mysite.com 

  1. **X509v3 Subject Alternative Name: 
  2.     DNS:mysite.com,DNS:www.mysite.com**

….我注意到:CN和连接服务器主机名是不同的

其次,链中的所有证书都是相同的

  1.      -----BEGIN CERTIFICATE-----
  2. MIIFDjCCA/agAwIBAgISA78LZ8O99pjtZrSGEVxEIuIbMA0GCSqGSIb3DQEBCwUA
  3. MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
  4. ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjEwMjkxMDMzMDBaFw0x
  5. NzAxMjcxMDMzMDBaMBcxFTATBgNVBAMTDGhleW1vbmRheS5zZTCCASIwDQYJKoZI
  6. hvcNAQEBBQADggEPADCCAQoCggEBAN0eW7gOtgbztY1VQrjR9ZH9dAP19V1ujYRH
  7. Gdcodz1HM1C9cHq/v5f+mruvMXHb1YvcWiIRSrnAxyy6IhFSPfg1C/PY9cWjXQ9w
  8. 39YCON2nQyKyrpZ6phfecInjdBbG7usEN5lE8CwQlSEgdfmzyNJKwASXbfqCEKXn
  9. mjeClZnj1MJlGtBg7xiKOWwKE54ApL1XA1XqETNhKUGZMpuFfXa4s5lGdTO/3hBS
  10. zjJpmjY9i1vRZ/9m70Pqjwd3QVX19rpt4o9OBOTH8f47bJyMsrWoJFfIUOs3bOqk
  11. WdUX3THD7hbfpDpWJeo4PKvSfytzfS7Vyv+559LTGGtgFPnoA0UCAwEAAaOCAh8w
  12. ggIbMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
  13. AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU2YEjpUcHM5XtZ/QceUhk72STMZYw
  14. HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBi
  15. MC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
  16. LzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0Lm9y
  17. Zy8wKQYDVR0RBCIwIIIMaGV5bW9uZGF5LnNlghB3d3cuaGV5bW9uZGF5LnNlMIH+
  18. BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEF
  19. BQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGe
  20. DIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBS
  21. ZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBD
  22. ZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5v
  23. cmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAHVUqK84HnlkXIm3Q1+B
  24. /SDPg0H080xTRVxLT1JBIll2FOtBMEbSKg7j+ApbA/uhd7WVBbnNLkrXEMHUXfyS
  25. +jDDUuQ1AviqwuqapYGfHoKu1A/R/6uiVmY8fWxVh8OIcwMawzVQCnxdwub+hYAp
  26. i1eiQk/budAuXyf7EbvPhtWXFy2AhRGhJ8i5mP08oG3YuVQoHHDqbAS9ASYMrAV9
  27. DovPMBCjBvpihjWkhbvIvMHXsSSklcubUYhiAkLQQ7SFWVcsGUwpbFZb9Y2yCCkF
  28. sWFaS5Hc0FGLqDHc7oQK5i+E64r427e6QM4SWq/DJqMn0sHWSIDSKtyCcIwOBDZ+
  29. 0x4=
  30. -----END CERTIFICATE-----

这就是验证失败的原因.

dovecotdovecot

猜你在找的Nginx相关文章

Nginx基础知识学习(安装/进程模型/事件处理机制/详细配置/定时切割日志)
一、Linux下Nginx的安装 1.去官网&#160;http://nginx.org/download/下载对应的Nginx安...
Nginx配置文件nginx.conf中location的匹配原则
一、空格:默认匹配、普通匹配 location / { root /home; } 二、= :精确匹配(表示匹配到...
nginx指定配置文件启动
``` nginx -c 配置文件路径 ``` ``` /usr/local/nginx/sbin/nginx -c /usr/local/nginx/co...
你真的了解负载均衡中间件nginx吗?
前言 nginx可所谓是如今最好用的软件级别的负载均衡了。通过nginx的高性能,并发能力强,占...
Ngnix负载均衡安装及配置
1.ngnix概念 Nginx是一款高性能的http 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理...
[Linux] nginx的try_files指令实现隐藏index.php的重写
1.nginx的try_files指令 ,核心功能是替代rewrite,并且比rewrite更强大的是可以按顺序查找...
[日常] 前端资源测试机上忽略版本号的的nginx配置
利用nginx的rewrite的指令,可以实现url的重新跳转,rewrtie有四种不同的flag,分别是redi...
[Nginx] 1.17.9中的更改日志
1. 不允许多个Host请求头 2. 忽略额外的Transfer-Encoding请求头 3.修复在HTTP/2时的socke...
[Linux] 解决nginx: [emerg] directive "rewrite" is not terminated by ";"
解决nginx: [emerg] directive &quot;rewrite&quot; is not terminated by &q...
[Nginx] location与rewrite配合处理项目的重写和路径问题
某个项目中路由是通过$_SERVER[&#39;REQUEST_URI&#39;]来进行的匹配处理 , 并且隐...
LinuxWindowsCentOSUbuntuNginxWebServiceScalaMemcacheApacheRedisDockerBashAzureTomcatLNMPShell数据结构服务器运维网络安全
xebugnodemondocker-copydcoselasticsearcwindows-contdocker-windodocker-awsamazon-cloudenvoyproxyhashicorp-vaswisscomdevkafka-pythonzscalerphoton-osdocker-swarmkamongoogle-cloudconcoursewso2-ampersistent-vapi-managerprocess-manamanjarojenkins-workhypriotremoteapikeystonejsbitcoindbitcoin-test