Firefox 安全連線失敗-之前轉換IP時,就發生過一次,Chrome與Safari都沒事,但是Firefox認為網站有問題,不給瀏覽的狀況,別問我IE…沒機器那種東西。這次應該是前幾天Webinoly自動更新SSL,但起來一切都沒事,門想到今天就有使用者回報網站進不去,來修吧~
內容目錄
Firefox 錯誤信息
只要是同一主機上的網站,都有一樣的狀況,主流瀏覽器沒事,Firefox就有問題,桌面上回應如下:
安全連線失敗
連線到 nubaby.cc 時發生錯誤。缺少必需的 TLS 功能。 錯誤碼: MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING
nubaby.cc 連不上
https://arthurlin.net 也無法用firefox連
Firefox手機版
手機版給的資訊真少,火狐你也太不友善了~還好我有電腦 哼
更新SSL
因為用Webinoly,所以用內建的SSL更新功能,其實用letsencrypt的指令也可以,當初換IP火狐不認認證時,就是用certbot更新的。
sudo site nubaby.cc -ssl=force-renewal
得到下面成功更新資訊
*************************************************************************************************
** Please, be careful with the number of intents or certificates you try to get. **
** Let’s Encrypt provides rate limits to ensure fair usage by as many people as possible. **
** **
** If you are getting errors or having issues when trying to get a new certificate **
** read about the Let's Encrypt rate limit - https://letsencrypt.org/docs/rate-limits/ **
*************************************************************************************************
Please, be sure that nubaby.cc and www.nubaby.cc are both currently pointing (DNS) to this server.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/nubaby.cc/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/nubaby.cc/privkey.pem
Your cert will expire on 2019-12-23. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
SSL Cert - nubaby.cc$ - has been Forced to Renew!
網站SSL正常囉~
只是我不能理解,為何更新 nubaby.cc 的SSL,結果不只 nubaby.cc正常了,連其他網站也都正常。
哎~反正能用就好,不追究!
Firefox手機版也正常
後記-前一天收到的E-mail
明明就說不用更新,也沒做啥事,不知道為何Firefox就是出事…..加上火狐用的人少,出事很難察覺的。
有人說要在apache設定裡加幾行設定,不過我用的是 nginx ,而且SSL測試也都通過,就這樣紀錄一下,有同樣問題的朋友,請更新SSL自動就會好。
Cron <root@arthur-server12> certbot renew --post-hook "service nginx restart"
The following certs are not due for renewal yet:
/etc/letsencrypt/live/arthurlin.net/fullchain.pem expires on 2019-12-11 (skipped)
/etc/letsencrypt/live/chickenflydoggyjump.com/fullchain.pem expires on 2019-10-25 (skipped)
/etc/letsencrypt/live/nubaby.cc/fullchain.pem expires on 2019-11-27 (skipped)
/etc/letsencrypt/live/nubaby.co/fullchain.pem expires on 2019-11-27 (skipped)
/etc/letsencrypt/live/nubaby.com.tw/fullchain.pem expires on 2019-11-27 (skipped)
/etc/letsencrypt/live/nubaby.org/fullchain.pem expires on 2019-11-27 (skipped)
/etc/letsencrypt/live/nubaby.tw/fullchain.pem expires on 2019-11-27 (skipped)
/etc/letsencrypt/live/nubabycare.com/fullchain.pem expires on 2019-11-27 (skipped)
/etc/letsencrypt/live/nubabynail.com/fullchain.pem expires on 2019-11-27 (skipped)
/etc/letsencrypt/live/nubabyonline.com/fullchain.pem expires on 2019-11-27 (skipped)
/etc/letsencrypt/live/nubabyspa.com/fullchain.pem expires on 2019-11-27 (skipped)
/etc/letsencrypt/live/nubabystore.com/fullchain.pem expires on 2019-11-27 (skipped)
/etc/letsencrypt/live/nubabyteach.com/fullchain.pem expires on 2019-11-27 (skipped)
No renewals were attempted.
No hooks were run.
20191111 更新資訊
有另一種解法,在nginx設定檔裡面,加一些OCSP設定,在我這邊測試也可以解決
sudo nano /etc/nginx/nginx.conf
在ssl的區塊中,加入以下設定值
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 1.1.1.1 valid=300s;
resolver_timeout 5s;
然後重啟nginx
sudo systemctl restart nginx
內部連結
- Firefox 安全連線失敗
- 巴丹鸚鵡-阿瓜 陽明山寫真
- YouTube版權警告 A copyright claim was created for content
- Breadcrumbs 加入GeneratePress 模板 2019
- 寵物友善指甲店 客人的貓貓 來陪做指甲
- Webinoly解決www-data無法sftp
- Facebook限時動態 粉絲團 如何新增 2019年
- 社群媒體圖片與影片大小
- ubuntu網路設定-18.04 在指令模式 修改網路設定
- 妮寶貝 指甲矯正 精油產品