浏览器访问报如下错误:
ERR_TOO_MANY_REDIRECTS
SSH curl 链接报错:
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none More details here: curl.haxx.se/docs/sslcer…
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
最后原因:
cloudflare-->mytest.com # SSL/TLS 没有选择严格
Full (strict)
Encrypts end-to-end, but requires a trusted CA or Cloudflare Origin CA certificate on the server
另外:
developers.cloudflare.com/ssl/origin-…
页面中(下方)第二步可能是多余的,不清楚作用是什么。
总之## Nginx: Creating Your CSR with OpenSSL 这个生成里,我填的都是test,除了二级域名之外。然后去服务器站点目录下创建了一个tmp目录,再执行的ssl命令。应该是没有用上。
2. Install Origin CA certificate on origin server
================
其实对于cloudflare,只需要在mytest.com下设置即可。
SSL/TLS
Edge Certificates
将Always Use HTTPS 以及 Automatic HTTPS Rewrites 勾选上即可。
笔记:经过实测,开启Automatic HTTPS Rewrites后,会影响查英方文献。