在 nginx 服务器上安装 Let's Encrypt 时出错

【问题标题】:Error installing Let's Encrypt on nginx server在 nginx 服务器上安装 Let's Encrypt 时出错
【发布时间】:2019-05-01 09:50:13
【问题描述】:

我正在尝试在四个站点上安装 Let's Encrypt SSL 证书: mysite.com es.mysite.com fr.mysite.com de.mysite.com

我运行了以下命令:certbot --nginx -d mysite.com -d www.mysite.com,它适用于 mysite.com、es.mysite.com、fr.mysite.com。当我运行sudo certbot --nginx -d de.mysite.com 时出现以下错误:

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: de.mysite.com
   Type:   unauthorized
   Detail: Invalid response from
   https://de.mysite.com/.well-known/acme-challenge/te29XBKAQdQBbQxvzPTgfgaFpzM_OUj6b4gSuiuPvOI
   [MY IP ADDRESS]: "\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML
   1.0 Transitional//EN\"
   \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

然后我尝试使用以下代码手动安装证书:certbot certonly --manual -d de.mysite.com。然后有人问我Are you ok with your IP being loggged? 我选择了 Y 并按 Enter。然后我按照这一步:

Create a file containing just this data:

SJpIiQET8X0vehhTjmcPBrm3zsbS1p8f9Mf2oKE5l5w.SkXszSMjtmN2-3gN7kkDhgSElerR3H1MgUc9N8z70n4

And make it available on your web server at this URL:

http://de.mysite.com/.well-known/acme-challenge/SJpIiQET8X0vehhTjmcPBrm3zsbS1p8f9Mf2oKE5l5w

我按 Enter 继续,然后得到同样的错误:

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: de.mysite.com
   Type:   unauthorized
   Detail: Invalid response from
   https://de.mysite.com/.well-known/acme-challenge/SJpIiQET8X0vehhTjmcPBrm3zsbS1p8f9Mf2oKE5l5w
   [MY IP ADDRESS]: "\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML
   1.0 Transitional//EN\"
   \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

谁能建议如何解决此错误并成功安装 Let's Encrypt SSL 证书?

谢谢。

【问题讨论】:

  • 首先,您应该尝试从浏览器访问第二块 (de.mysite.com/.well-known/acme-challenge/…) 中的 acme 挑战的链接,并查看内容是否与请求的数据完全一致。看起来它正在被转换为 HTML,这使得验证失败。我建议为此目的使用 curl,这样您就可以在没有任何格式的情况下看到确切的响应。

标签: nginx ssl-certificate lets-encrypt manual


【解决方案1】:

我设法解决了我的问题。我必须首先在我的 nginx 配置中包含以下内容:

   location ~ /.well-known {
      allow all;
   }

   location ^~ /.well-known/acme-challenge/ {
      default_type "text/plain";
      root         /data/wordpress/mysite/;
   }

   location = /.well-known/acme-challenge/ {
      return 404;
   }

然后我必须通过运行certbot certonly --manual -d de.mysite.com 手动安装 Let's Encrypt SSL 证书,并按照步骤成功安装证书。

【讨论】:

    猜你喜欢
    • 2023-03-11
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2023-03-15
    • 2018-07-13
    • 1970-01-01
    • 2019-05-18
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode