[{"data":1,"prerenderedAt":183},["ShallowReactive",2],{"navigation":3,"post-\u002Fposts\u002F2017\u002Fwxapp-ssl-error":20,"surroundPosts-\u002Fposts\u002F2017\u002Fwxapp-ssl-error":170},[4,8,12,16],{"title":5,"path":6,"stem":7},"首页","\u002F","00.index",{"title":9,"path":10,"stem":11},"文章","\u002Fposts","01.posts",{"title":13,"path":14,"stem":15},"动态","\u002Fmoments","02.moments",{"title":17,"path":18,"stem":19},"关于","\u002Fabout","09.about",{"id":21,"title":22,"body":23,"class":151,"cover":151,"coverSize":151,"date":152,"description":29,"draft":153,"extension":154,"hideComments":153,"location":151,"meta":155,"navigation":156,"path":157,"readingTime":158,"seo":163,"sitemap":164,"stem":165,"tags":166,"time":151,"weather":151,"__hash__":169},"posts\u002Fposts\u002F2017\u002F20171116.wxapp-ssl-error.md","微信小程序在安卓上 SSL 报错的问题",{"type":24,"value":25,"toc":148},"minimark",[26,30,48,55,58,68,77,88,91,144],[27,28,29],"p",{},"开发工具上和 iOS 真机上访问 api 都是正常的，在安卓上提示如下错误：",[31,32,37],"pre",{"className":33,"code":34,"language":35,"meta":36,"style":36},"language-log shiki shiki-themes material-theme-lighter github-light github-dark","request:fail ssl hand shake error\n","log","",[38,39,40],"code",{"__ignoreMap":36},[41,42,45],"span",{"class":43,"line":44},"line",1,[41,46,34],{"class":47},"su5hD",[27,49,50,51,54],{},"尝试在安卓的浏览器中访问 api 地址，提示“",[38,52,53],{},"该证书并非来自可信的授权中心","”，于是感觉应该是 SSL 证书的问题。",[27,56,57],{},"SSL 证书是通过 Let's Encrypt 申请的，部署在阿里云 SLB 上。",[27,59,60,61,67],{},"通过",[62,63,64],"a",{"href":64,"rel":65},"https:\u002F\u002Fwww.ssllabs.com\u002Fssltest\u002Findex.html",[66],"nofollow"," 测试，TLS1.0、TLS1.1、TLS1.2 都是支持的，但有如下提示",[31,69,71],{"className":33,"code":70,"language":35,"meta":36,"style":36},"This server's certificate chain is incomplete. Grade capped to B.\n",[38,72,73],{"__ignoreMap":36},[41,74,75],{"class":43,"line":44},[41,76,70],{"class":47},[27,78,79,80,83,84,87],{},"于是重新查看了下 Let's Encrypt 生成的证书文件，想起来在阿里云 SLB 的证书填写的是",[38,81,82],{},"cert.pem","的内容，没有包含中间证书。于是重新填写",[38,85,86],{},"fullchain.pem","里的内容，问题解决。",[27,89,90],{},"下面是 Let's Encrypt 生成的证书文件及其内容：",[92,93,94],"scrollable-table",{},[95,96,97,110],"table",{},[98,99,100],"thead",{},[101,102,103,107],"tr",{},[104,105,106],"th",{},"文件名",[104,108,109],{},"内容",[111,112,113,121,129,136],"tbody",{},[101,114,115,118],{},[116,117,82],"td",{},[116,119,120],{},"服务端证书",[101,122,123,126],{},[116,124,125],{},"chain.pem",[116,127,128],{},"浏览器需要的所有证书但不包括服务端证书，比如根证书和中间证书",[101,130,131,133],{},[116,132,86],{},[116,134,135],{},"包括了 cert.pem 和 chain.pem 的内容",[101,137,138,141],{},[116,139,140],{},"privkey.pem",[116,142,143],{},"证书的私钥",[145,146,147],"style",{},"html pre.shiki code .su5hD, html code.shiki .su5hD{--shiki-light:#90A4AE;--shiki-default:#24292E;--shiki-dark:#E1E4E8}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":36,"searchDepth":149,"depth":149,"links":150},2,[],null,"2017-11-16",false,"md",{},true,"\u002Fposts\u002F2017\u002Fwxapp-ssl-error",{"text":159,"minutes":160,"time":161,"words":162},"2 min read",1.2,72000,240,{"title":22,"description":29},{"loc":157},"posts\u002F2017\u002F20171116.wxapp-ssl-error",[167,168],"技术","前端","OJ4ttgQOk0mUu8qLcQvEH9tsqn4vc1dma_uHLfP5yM4",[171,177],{"title":172,"path":173,"stem":174,"date":175,"description":176,"children":-1},"2018 年伊始","\u002Fposts\u002F2018\u002Fstart-of-2018","posts\u002F2018\u002F20180101.start-of-2018","2018-01-01","2018 年的第一天，下午，地铁 4 号线。",{"title":178,"path":179,"stem":180,"date":181,"description":182,"children":-1},"Ghost 博客迁移至阿里云 Docker","\u002Fposts\u002F2017\u002Ftransfer-blog-to-aliyun-docker","posts\u002F2017\u002F20171102.transfer-blog-to-aliyun-docker","2017-11-02","刚刚，将 Ghost 博客迁移到了阿里云 Docker 上。",1777580281387]