nginx常见报错_unable to communicate securely with peer: requeste

1 (51) Unable to communicate securely with peer: requested domain name does not match the server’s certificate.

请求的域名与服务器的证书不匹配
域名校验不同，可关闭

1.1 curl

忽略方式
一种是添加临时域名解析缓存的方式，保证对外域名可以直接解析到内网IP–resolve subdomain.example.com:443:10.0.0.100；
另外一种是直接关闭域名校验–insecure

# 手工指定域名DNS解析结果，比如把subdomain.example.com:443解析到10.0.0.100:443
curl -v --resolve subdomain.example.com:443:10.0.0.100 https://subdomain.example.com/

# 禁止domain校验
curl -v --insecure https://subdomain.example.com/
1
2
3
4
5

1.2 wget

增加参数–no-check-certificate

wget 'https://subdomain.example.com/goods.json' --no-check-certificate
1

1.3 OkHttp

错误内容
javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.0.0.100 not verified
忽略方式：自定义HostnameVerifier

OkHttpClient client = new OkHttpClient.Builder()
.readTimeout(READ_TIMEOUT, TimeUnit.SECONDS)
.writeTimeout(WRITE_TIMEOUT, TimeUnit.SECONDS)
.connectTimeout(CONNECT_TIMEOUT, TimeUnit.SECONDS)
//设置自定义的hostname校验类，默认返回true
.hostnameVerifier((hostname, session) -> true)
.build();

2 nginx: [warn] the “ssl” directive is deprecated, use the “listen … ssl” directive instead…

注掉了“ssl on;”这行!这是错误的根源。并且我在多次试验中都重复了这个操作，直到深夜的一次试验中决定保留那个警告看看，结果就神奇的成功了。

但是在nginx 1.15以上的版本中会有警告：nginx: [warn] the “ssl” directive is deprecated, use the “listen … ssl” directive instead in /usr/local/nginx/conf/servers/www.xxxx.com:
nginx1.15后不支持ssl on配置