Answer the question
In order to leave comments, you need to log in
How to properly install Let's enycript on NGINX?
Created certificates for domains sitename.ru and *.sitename.ru on the site. Got 3 files:
http {
...
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
...
server {
...
ssl_certificate /etc/ssl/certs/sitename.ru/certificate.crt;
ssl_certificate_key /etc/ssl/certs/sitename.ru/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
...
}
Answer the question
In order to leave comments, you need to log in
It will be correct to put certbot which will configure nginx or apache for the necessary domains and will renew the certificate itself.
so cap, look here
1. put certificates
server {
######################################################################
## Server configuration
######################################################################
listen *:443 ssl http2;
server_name 3dpaneli.ru www.3dpaneli.ru ;
root /var/www/3dpaneli.ru/web;
######################################################################
## SSL configuration
######################################################################
# recommended but not manditory directive
# leave commented out unless you know what it is doing
#more_set_headers 'Strict-Transport-Security: max-age=15768000';
ssl on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1h;
ssl_protocols TLSv1.2 TLSv1.1;
add_header Strict-Transport-Security "max-age=15768000" always;
ssl_stapling on;
ssl_stapling_verify on;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK;
ssl_certificate /var/www/clients/client19/web26/ssl/3dpaneli.ru-le.crt;
ssl_certificate_key /var/www/clients/client19/web26/ssl/3dpaneli.ru-le.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
###################################################################
You have not fully installed the certificate, at least.
The ca_bundle file contains the root and intermediate certificates, which, together with your domain certificate, make up a complete chain of certificates.
Glue your certificate with the bundle and specify the resulting file as the certificate.
and port 80 is open on the server ?, plus in Yawebmaster, as far as I remember, you need to explicitly specify https://.
And he can swear because in the cache the site is without a certificate. try opening in incognito mode
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question