ssl - webroot 不会检测 Let's Encrypt 证书创建的根路径

标签 ssl nginx encryption ssl-certificate lets-encrypt

我正在尝试通过 Nginx 在 Bigbluebutton 安装上安装 Let's Encrypt。我将其添加到我的 SSL 服务器 block 中:

location ~ /.well-known {
                allow all;
        }

接下来是有趣的部分。

我的网站 root/var/www/bigbluebutton-default/ 中配置,所以我开始安装过程:

certbot-auto certonly -a webroot --webroot-path=/var/www/bigbluebutton-default

然后我明白了:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel):myurl.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for myurl.com
Using the webroot path /var/www/bigbluebutton-default for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. myurl.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://myurl.com/.well-known/acme-challenge/QbxahZ29q3KrJDeT6QTNqlw57_CwO-W6AmfLDSyHlRQ: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: myurl.com
   Type:   unauthorized
   Detail: Invalid response from
   http://myurl.com/.well-known/acme-challenge/QbxahZ29q3KrJDeT6QTNqlw57_CwO-W6AmfLDSyHlRQ:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

我检查了我所有的 DNS 设置,一切正常。所以我检查了我的 bigbluebutton-error.log,这就是我得到的:

2017/01/27 14:29:44 [error] 1213#0: *33 open() "/usr/share/nginx/html/.well-known/acme-challenge/QbxahZ29q3KrJDeT6QTNqlw57_CwO-W6AmfLDSyHlRQ" failed (2: No such file or directory), client: 172.28.105.8, server: myurl.com, request: "GET /.well-known/acme-challenge/QbxahZ29q3KrJDeT6QTNqlw57_CwO-W6AmfLDSyHlRQ HTTP/1.1", host: "myurl.com"

如您所见,它的目标是 /usr/share/nginx/html/,我没有在任何地方声明它。

最佳答案

制作文件http://myurl.com/.well-known/acme-challenge/test.txt ,然后转到您的控制台并使用 wget 获取它。如果您收到 404,请仔细检查您的 DNS 设置,如果您使用的是外部 DNS,请不要错过将您的域添加到 hosts 文件。但是如果你得到一个 403,这意味着 Nginx 配置阻止了“.file”(覆盖),因为这是一种常见的做法(检查你的整个配置文件)。

另一种方法是 --manual 参数:

... certonly --manual -d example.com

它将制作一个挑战文件,您必须手动上传。

关于ssl - webroot 不会检测 Let's Encrypt 证书创建的根路径,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41901836/

相关文章:

docker - ssl 证书或 nginx 代理服务器不工作

iphone - RSA中加密字符串的长度由什么决定?

.net - 单点触控 : How to protect my application

android - OkHttp + Retrofit libssl 在两种方式的 SSL 身份验证中崩溃

java - Jetty Websocket 连接 - 忽略自签名证书

nginx - 使用 Nginx 和 uWSGI 服务器发送事件

php - 通知 : Undefined index: args

java - 没有这样的算法 : AES for provider BC

google-chrome - Google Chrome 在 ubuntu 上显示 "your connection to this site is not secure",可以安全使用吗?

php - 访问 Controller 时 nginx 上的 Codeigniter 出现 404 错误