【发布时间】:2022-01-08 05:49:03
【问题描述】:
我有一个带有 docker compose + nginx + certbot 的测试服务器(从 let's encript 获取证书)。
Nginx 配置:
server {
listen [::]:80;
listen 80;
server_name testdomain.com www.testdomain.com;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/certbot;
}
server_tokens off;
# redirect http to https www
return 301 https://www.testdomain.com$request_uri;
}
#other server configs
certbot 在日志中说:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: testdomain.com
Type: connection
Detail: Fetching http://testdomain.com/.well-known/acme-challenge/vXDwOBgMA9DEq2IvxqUxxxxxxxxxx: Connection refused
Domain: www.testdomain.com
Type: connection
Detail: Fetching http://www.testdomain.com/.well-known/acme-challenge/shRZla5V7iFXB6D__xxxxx: Connection refused
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
我已将一个临时文件放入/.well-known/acme-challenge/(http) 但无法下载(如果我尝试打开 mydomain.com/index.html - 工作正常,但会重定向到 https 版本)。
我认为问题出在事实上,我的配置也尝试将 certbot 请求重定向到 https。你知道如何让/.well-known/acme-challenge/脱离https规则吗?
【问题讨论】:
-
如果您还没有为 HTTPS 正确配置服务器,则需要禁用它才能使用 certbot。但是,错误消息显示连接被拒绝。如果您的站点将 HTTP 重定向到 HTTPS,请将其关闭。删除此行 return 301 testdomain.com$request_uri; 提示。测试时使用临时重定向而不是永久重定向。
标签: nginx-config certbot