Hello,I want to add HTTPS certificates to my project, My server project is on aliyun Aliyun has provided Suggestions on configuration, and mendix also has the configuration documentation for nginx, but now my configuration has been failing, I want to ask how to solve this problem Certificate type:FREE Certificate signing algorithm:SHA2 (SHA256WithRSA+RSA) Certificate of the brand:Symantec Free SSL -------------------------- 1.The following is the configuration requirement for aliyun server { listen 443; server_name localhost; ssl on; root html; index index.html index.htm; ssl_certificate cert/214588027970708.pem; ssl_certificate_key cert/214588027970708.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } } 2.This is the nginx configuration file that my server tried and failed gzip_static on; gzip_proxied any; gzip_types application/json; proxy_read_timeout 15m; proxy_http_version 1.1; # Provide some extra information to the Mendix Runtime about the # end user connection proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; # This is an important one, make sure to hint the mendix runtime # whether https is used to the end user, so the secure flag on # session cookies gets set (Mendix >= 3.3.3, 4.2.2) proxy_set_header X-Forwarded-Scheme $scheme; # Restrict usage of IFrames add_header X-Frame-Options SAMEORIGIN; # Tell the browser to always use https add_header Strict-Transport-Security "max-age=31536000;"; # Random bots scanning the internet end up here # Also see the section about the catch-all server declaration below # When specifically accessing our application URL we end up here upstream application { server 127.0.0.1:8000; keepalive 8; } server { listen [::]:80 default ipv6only=on; listen 0.0.0.0:80 default; server_name _; return 301 https://$host$request_uri; } server { listen [::]:443 default_server ipv6only=on ssl; listen 0.0.0.0:443 default_server ssl; server_name www.chinarai.cn chinarai.cn; ssl_certificate /etc/nginx/cert/214588027970708.pem; ssl_certificate_key /etc/nginx/cert/214588027970708.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl on; # All static content is served directly from the project location root /opt/mendix/application/web/; location / { # Instruct the browser to never cache the first login page, since # it would prevent us from seeing updates after a change if ($request_uri ~ ^/((index[\w-]*|login)\.html)?$) { add_header Cache-Control "no-cache"; add_header X-Frame-Options "SAMEORIGIN"; } # Agressively cache these files, since they use a cache bust if ($request_uri ~ ^/(.*\.(css|js)|(css|img|js|lib|mxclientsystem|pages|widgets)/.*)\?[0-9]+$) { expires 1y; } # By default first look if the requests points to static content. # If not, proxy it to the runtime process. try_files $uri $uri/ @runtime; } location @runtime { proxy_pass 127.0.0.1:8000; allow all; } location = /file { proxy_pass 127.0.0.1:8000; # Be generous about the size of things that can be uploaded client_max_body_size 1G; # Never buffer uploads or downloads, directly stream them proxy_buffering off; proxy_request_buffering off; } location = /xas/ { proxy_pass 127.0.0.1:8000; } # Never expose the -doc paths on a public application instance location ~ ^/\w+-doc/ { deny all; } } can u help me, thank you so much.