Firefox-startssl

nginx的default文件：

server {

listen 80 default_server;

server_name  www.luanfu.com;

#强制使用https连接

rewrite ^(.*) https://$server_name$1 permanent;

}

server {

listen 443 ssl;

root /usr/share/nginx/html;

index index.html index.php index.htm;

# Make site accessible from http://localhost/

server_name luanfu.com www.luanfu.com;

ssl_certificate /etc/nginx/ssl/luanfu.crt;

ssl_certificate_key /etc/nginx/ssl/luanfu.key;

#所有链接redirect到https:

error_page 497 https://$host$uri?$args;

location / {

# First attempt to serve request as file, then

# as directory, then fall back to displaying a 404.

try_files $uri $uri/ /index.html;

# Uncomment to enable naxsi on this location

# include /etc/nginx/naxsi.rules

}

error_page 404 /404.html;

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root /usr/share/nginx/html;

}

location ~ \.php$ {

try_files $uri =404;

fastcgi_pass unix:/var/run/php5-fpm.sock;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

include fastcgi_params;

}

} firefox提示正式问题的解决办法是：

wget http://cert.startssl.com/certs/ca.pem

wget http://cert.startssl.com/certs/sub.class1.server.ca.pem

然后添加到域名crt文件中： cat sub.class1.server.ca.pem ca.pem >> luanfu.crt

接着重启nginx，如果重启fail，查看下luanfu.crt，很有可能是-END CERTIFICATE--BEGIN CERTIFICATE-占了一整行，在中间添加回车即可.