我正在尝试通过 Nginx 在 Bigbluebutton 安装上安装 Let's Encrypt。我将其添加到我的 SSL 服务器 block 中:
location ~ /.well-known {
allow all;
}
接下来是有趣的部分。
我的网站 root 在 /var/www/bigbluebutton-default/ 中配置,所以我开始安装过程:
certbot-auto certonly -a webroot --webroot-path=/var/www/bigbluebutton-default
然后我明白了:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel):myurl.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for myurl.com
Using the webroot path /var/www/bigbluebutton-default for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. myurl.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://myurl.com/.well-known/acme-challenge/QbxahZ29q3KrJDeT6QTNqlw57_CwO-W6AmfLDSyHlRQ: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: myurl.com
Type: unauthorized
Detail: Invalid response from
http://myurl.com/.well-known/acme-challenge/QbxahZ29q3KrJDeT6QTNqlw57_CwO-W6AmfLDSyHlRQ:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
我检查了我所有的 DNS 设置,一切正常。所以我检查了我的 bigbluebutton-error.log,这就是我得到的:
2017/01/27 14:29:44 [error] 1213#0: *33 open() "/usr/share/nginx/html/.well-known/acme-challenge/QbxahZ29q3KrJDeT6QTNqlw57_CwO-W6AmfLDSyHlRQ" failed (2: No such file or directory), client: 172.28.105.8, server: myurl.com, request: "GET /.well-known/acme-challenge/QbxahZ29q3KrJDeT6QTNqlw57_CwO-W6AmfLDSyHlRQ HTTP/1.1", host: "myurl.com"
如您所见,它的目标是 /usr/share/nginx/html/,我没有在任何地方声明它。
最佳答案
制作文件http://myurl.com/.well-known/acme-challenge/test.txt ,然后转到您的控制台并使用 wget 获取它。如果您收到 404,请仔细检查您的 DNS 设置,如果您使用的是外部 DNS,请不要错过将您的域添加到 hosts 文件。但是如果你得到一个 403,这意味着 Nginx 配置阻止了“.file”(覆盖),因为这是一种常见的做法(检查你的整个配置文件)。
另一种方法是 --manual 参数:
... certonly --manual -d example.com
它将制作一个挑战文件,您必须手动上传。
关于ssl - webroot 不会检测 Let's Encrypt 证书创建的根路径,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41901836/