合併憑證
Nginx需要將憑證與中繼憑證合併:
cat your_domain.crt intermediate.crt > combined.crtNginx設定
server {\n listen 443 ssl http2;\n server_name www.example.com;\n root /var/www/html;\n \n ssl_certificate /etc/nginx/ssl/combined.crt;\n ssl_certificate_key /etc/nginx/ssl/your_domain.key;\n \n ssl_protocols TLSv1.2 TLSv1.3;\n ssl_ciphers HIGH:!aNULL:!MD5;\n ssl_prefer_server_ciphers on;\n \n ssl_session_cache shared:SSL:10m;\n ssl_session_timeout 10m;\n \n add_header Strict-Transport-Security "max-age=31536000" always;\n}\n\nserver {\n listen 80;\n server_name www.example.com;\n return 301 https://$server_name$request_uri;\n}OCSP Stapling
ssl_stapling on;\nssl_stapling_verify on;\nssl_trusted_certificate /etc/nginx/ssl/intermediate.crt;\nresolver 8.8.8.8 8.8.4.4 valid=300s;測試重啟
sudo nginx -t\nsudo systemctl reload nginx