我的域名是https://www.liuquanhao.com
,但是我访问https://www.lzj666.com
却访问到我的站,而且证书都是我的,但是http://www.lzj666.com
却是他自己的站。我这个是什么情况?我问客服,他说是正常显现。。
以下是客服回复:
您好,久等了,联系后端核实,这个不是镜像,是由于您使用的是共享虚拟主机,共享主机都是共有一个 ip 地址的,所以部署了 https 后,其他站点也可以通过 https 访问到,但其他网站访问 https 会出现证书不授信,这个不影响的,如果您介意,建议你最好将共享主机升级到独享主机部署 https,使用独立 ip 就不会出现这个问题了,谢谢
但实际 ip 并不同:
liuxu@liuxu-TM1612:~$ dig +noall +answer www.liuquanhao.com
www.liuquanhao.com. 213 IN A 139.129.155.148
liuxu@liuxu-TM1612:~$ dig +noall +answer www.lzj666.com
www.lzj666.com. 1 IN A 139.129.155.150
而且有一堆邻居是一样的情况:
以下是 curl 信息:
liuxu@liuxu-TM1612:~$ curl -L --insecure -I -v https://www.liuquanhao.com
* Rebuilt URL to: https://www.liuquanhao.com/
* Trying 139.129.155.148...
* TCP_NODELAY set
* Connected to www.liuquanhao.com (139.129.155.148) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Client hello (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / AES256-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=www.liuquanhao.com
* start date: Sep 30 00:00:00 2018 GMT
* expire date: Sep 30 12:00:00 2019 GMT
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Encryption Everywhere DV TLS CA - G1
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> HEAD / HTTP/1.1
> Host: www.liuquanhao.com
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Thu, 04 Oct 2018 02:43:49 GMT
Date: Thu, 04 Oct 2018 02:43:49 GMT
< Server: Apache
Server: Apache
< Last-Modified: Tue, 02 Oct 2018 13:27:02 GMT
Last-Modified: Tue, 02 Oct 2018 13:27:02 GMT
< ETag: "12c0aab-5636-5773ee0860a46"
ETag: "12c0aab-5636-5773ee0860a46"
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Content-Length: 22070
Content-Length: 22070
< Vary: Accept-Encoding,User-Agent
Vary: Accept-Encoding,User-Agent
< Content-Type: text/html
Content-Type: text/html
< X-Pad: avoid browser bug
X-Pad: avoid browser bug
<
* Connection #0 to host www.liuquanhao.com left intact
liuxu@liuxu-TM1612:~$ curl -L --insecure -I -v https://www.lzj666.com
* Rebuilt URL to: https://www.lzj666.com/
* Trying 139.129.155.150...
* TCP_NODELAY set
* Connected to www.lzj666.com (139.129.155.150) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Client hello (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / AES256-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=www.liuquanhao.com
* start date: Sep 30 00:00:00 2018 GMT
* expire date: Sep 30 12:00:00 2019 GMT
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Encryption Everywhere DV TLS CA - G1
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> HEAD / HTTP/1.1
> Host: www.lzj666.com
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Thu, 04 Oct 2018 02:44:07 GMT
Date: Thu, 04 Oct 2018 02:44:07 GMT
< Server: Apache
Server: Apache
< Last-Modified: Tue, 02 Oct 2018 13:27:02 GMT
Last-Modified: Tue, 02 Oct 2018 13:27:02 GMT
< ETag: "12c0aab-5636-5773ee0860a46"
ETag: "12c0aab-5636-5773ee0860a46"
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Content-Length: 22070
Content-Length: 22070
< Vary: Accept-Encoding,User-Agent
Vary: Accept-Encoding,User-Agent
< Content-Type: text/html
Content-Type: text/html
< X-Pad: avoid browser bug
X-Pad: avoid browser bug
<
* Connection #0 to host www.lzj666.com left intact
ssl 的原因是因为共用一个/etc/ssl/certs/ca-certificates.crt
?可域名访问串呢。。。
据我所知,访问域名时 nginx 的server_name
会拒绝其他域名访问的,与listen 443 ssl
并无关。。
1
luminous 2018-10-04 11:07:08 +08:00 via Android
别人的那个站没配置 https 呗 返回的就是默认证书
|
3
luminous 2018-10-04 11:14:06 +08:00 via Android
@liuxu 这个可能这 ip 只有你们两个人用 nginx 对 ip 返回的默认证书似乎取决于配置文件的顺序 我觉得商家针对这种情况应该自行设置一个自己的证书
|
4
jessynt 2018-10-04 11:28:35 +08:00
关键词:SNI
|
5
LukeChien 2018-10-04 11:33:16 +08:00 via Android
htaccess 文件给他禁掉
|