我正在使用 certbot 申请 Let's Encrypt证书,
我的服务器是centos 7.2和 nginx 1.11.9 .
这在下面是什么意思?
[root@test ~]# certbot certonly --webroot -w /var/www/www.example.com -d example.com -d www.example.com
Failed authorization procedure. example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-ch
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>", www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.com/.well-known/acme-challenge/k
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to example@example.com.
- The following errors were reported by the server:
Domain: example.com
Type: unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/wGNv57IGJjHQ9wyzzALktpNaPzfnTtN3m7u3QuO4p40:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
Domain: www.example.com
Type: unauthorized
Detail: Invalid response from
http://www.example.com/.well-known/acme-challenge/kFJ0CSuKOdgcT2xmciB4GGNCcnUPoIbpQmA9jOII_Bk:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
我可以访问
example.com和 www.example.com ,并且在文档中有一个注释:https://certbot.eff.org/#centosrhel7-nginxNote: To use the webroot plugin, your server must be configured to serve files from hidden directories. If /.well-known is treated specially by your webserver configuration, you might need to modify the configuration to ensure that files inside /.well-known/acme-challenge are served by the webserver.
是这个原因吗?
如何修改配置?
最佳答案
这是一个很常见的问题,但幸运的是应该很容易解决。 Let's Encrypt 必须能够读取 .well-known 目录,以验证您的服务器是否实际托管了您想要证书的域。
首先,确保您的网站根目录中有一个 .well-known 目录。设置您的权限,使其可以从外部读取; 775应该是完美的。
然后,将此代码段添加到 Nginx 中的虚拟主机文件中:
location ~ /.well-known {
allow all;
}
这将允许对我们刚刚创建的 .well-known 目录的任何请求。现在,再次尝试请求证书,看看它是否有效。
关于nginx - 使用 certbot 申请 Let's Encrypt 证书 : Failed authorization procedure,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42269107/