Recently, the small program development and test environment has been changing to not requesting the interface. iOS can be accessed normally, but Android cannot be accessed. The prompt: request:fail -2:net::ERR_FAILED After checking, it is found that the middleman certificate is not configured. Because of the test environment, we used acme to apply for let's encrypt pan-domain certificate.
Since our DNS resolution is hosted in DNSPOD, it can be used
export DP_Id="43211" #DNSPOD APP_ID
export DP_Key="123123ss123112e21e332e432e32e" #DNSPOD KEY
acme.sh --issue --dns dns_dp -d abc.cn -d *.m.abc.cn -d *.abc.cn #域名,这里生成 abc.cn *.abc.cn *.t.abc.cn的泛影证书
And the analysis hosted on Alibaba Cloud is
export Ali_Key="kkkkkkeeeeeyyyyyyyyy"
export Ali_Secret="ssssseeeeeccccrrrrreeeeetttttt"
acme.sh --issue --dns dns_ali -d xyz.cn -d *.xyz.cn
It can be generated.
In the ~/.acme directory, the corresponding certificate directory is generated. For
example, if my domain name is abc.cn, there is
ca.cer fullchain.cer abc.cn.cer abc in the ~/.acme/abc.cn directory . cn.conf abc.cn.csr abc.cn.csr.conf abc.cn.key
corresponding file, before I used abc.cn.cer and abc.cn.key
The configuration of nginx is
#ssl_certificate host/keys/abc.cn.cer; #使用这个文件小程序无法使用
ssl_certificate host/keys/fullchain.cn.cer; #使用这个正常访问
ssl_certificate_key host/keys/abc.cn.key;
But after that, it was found that the small program was not working, and the fullchain.cer certificate must be used.
We can see that fullchain.cer and abc.cn.cer are missing a ca.cer
Of course, if you don’t know what your ca.cer is, you can go to https://www.myssl.cn/tools/downloadchain.html and copy your certificate file into it to know your middleman certificate.