我知道這個問題已被多次詢問,但我需要一些特定的幫助,因爲我一直在從其他幾個線程接受建議,而且沒有任何工作到這一點。certbot-auto:客戶端缺乏足夠的授權
我試圖在Ubuntu 14.04中使用certbot-auto renew
續訂我的SSL證書,並且我運行的是Apache2服務器和nginx。我得到以下輸出certbot-auto renew
:
[email protected]:/# sudo certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/my-domain.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for my-domain.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/my-domain.com.conf produced an unexpected error: Failed authorization procedure. my-domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://my-domain.com/.well-known/acme-challenge/ailNmgZADpb4QBipKM57sOi9w3PwNkwBwVFiRYs7i40: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/my-domain.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: my-domain.com
Type: unauthorized
Detail: Invalid response from
http://my-domain.com/.well-known/acme-challenge/ailNmgZADpb4QBipKM57sOi9w3PwNkwBwVFiRYs7i40:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
我保證了.well-known
文件夾位於/var/www/my-domain.com/public_html
,當我在我的瀏覽器瀏覽到http://my-domain.com/.well-known/
,我能看到目錄的內容。我還在.well-known
中添加了一個acme-challenge
文件夾,其中包含一個用於測試的test.txt
文件;我能夠訪問我的瀏覽器中的目錄和文本文件。
我發現在運行certbot-auto
命令時未創建acme-challenge
文件夾,因此它似乎是權限問題。我正在運行certbot-auto
作爲根目錄,但也給和acme-challenge
文件夾(root和www-data用戶正在運行apache2和nginx進程)上的www-data
用戶提供了寫入權限。
即使在授予寫入權限後,我仍然收到上面詳述的404錯誤。
我也有一個自動化的證書更新過程,通過crontab
運行,我有輸出記錄到本地文件。在該日誌文件中,我看到續訂請求似乎正常工作,直到certbot-auto
從0.9.3升級到0.10.1。以下是升級發生時日誌文件的示例:
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/offensively-bad.com.conf
-------------------------------------------------------------------------------
The following certs are not due for renewal yet:
/etc/letsencrypt/live/offensively-bad.com/fullchain.pem (skipped)
No renewals were attempted.
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/offensively-bad.com.conf
-------------------------------------------------------------------------------
The following certs are not due for renewal yet:
/etc/letsencrypt/live/offensively-bad.com/fullchain.pem (skipped)
No renewals were attempted.
Upgrading certbot-auto 0.9.3 to 0.10.1...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/offensively-bad.com.conf
-------------------------------------------------------------------------------
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/offensively-bad.com/fullchain.pem (failure)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: offensively-bad.com
Type: unauthorized
Detail: Invalid response from
http://offensively-bad.com/.well-known/acme-challenge/tkSc8l-r1XVPIF5TosTbEXiYMa8sQnoXEjAEgAwRoqI:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
您可以看到,升級後,進程開始失敗,出現404消息。
我試過所有的建議,我可以在網上找到,並完全難倒,所以任何幫助將不勝感激。提前致謝!