1. 首頁
  2. 問答
  3. 使用certbot申請讓我們加密證書:失敗的授權程序

使用certbot申請讓我們加密證書:失敗的授權程序

2017-02-16 353 views
2

我使用certbot申請Let's Encrypt證書, 我的服務器是centos 7.2和nginx 1.11.9。 這是什麼意思?使用certbot申請讓我們加密證書:失敗的授權程序

[[email protected] ~]# certbot certonly --webroot -w /var/www/www.example.com -d example.com -d www.example.com 

Failed authorization procedure. example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-ch 
<head><title>404 Not Found</title></head> 
<body bgcolor="white"> 
<center><h1>404 Not Found</h1></center> 
<hr><center>", www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.com/.well-known/acme-challenge/k 
<head><title>404 Not Found</title></head> 
<body bgcolor="white"> 
<center><h1>404 Not Found</h1></center> 
<hr><center>" 

IMPORTANT NOTES: 
- If you lose your account credentials, you can recover through 
    e-mails sent to [email protected] 
- The following errors were reported by the server: 

    Domain: example.com 
    Type: unauthorized 
    Detail: Invalid response from 
    http://example.com/.well-known/acme-challenge/wGNv57IGJjHQ9wyzzALktpNaPzfnTtN3m7u3QuO4p40: 
    "<html> 
    <head><title>404 Not Found</title></head> 
    <body bgcolor="white"> 
    <center><h1>404 Not Found</h1></center> 
    <hr><center>" 

    Domain: www.example.com 
    Type: unauthorized 
    Detail: Invalid response from 
    http://www.example.com/.well-known/acme-challenge/kFJ0CSuKOdgcT2xmciB4GGNCcnUPoIbpQmA9jOII_Bk: 
    "<html> 
    <head><title>404 Not Found</title></head> 
    <body bgcolor="white"> 
    <center><h1>404 Not Found</h1></center> 
    <hr><center>" 

    To fix these errors, please make sure that your domain name was 
    entered correctly and the DNS A record(s) for that domain 
    contain(s) the right IP address. 
- Your account credentials have been saved in your Certbot 
    configuration directory at /etc/letsencrypt. You should make a 
    secure backup of this folder now. This configuration directory will 
    also contain certificates and private keys obtained by Certbot so 
    making regular backups of this folder is ideal.

我可以訪問example.comwww.example.com,並且在文檔的說明:https://certbot.eff.org/#centosrhel7-nginx

注: 要使用Webroot公司的插件,您的服務器必須被配置爲從隱藏的目錄服務文件。如果您的web服務器配置專門處理/.well-known,則可能需要修改配置以確保Web服務器爲/.well-known/acme-challenge內的文件提供服務。

這是原因嗎? 如何修改配置?

來源

2017-02-16 zwl1619

回答

2

這是一個相當普遍的問題,但幸運的是應該是一個簡單的修復。讓我們加密必須能夠從.well-known目錄中讀取,以驗證您的服務器實際上託管了您想要證書的域。

首先,確保您的網站根目錄中有一個.well-known目錄。設置您的權限,以便從外部可讀; 775應該是完美的。

然後,這個片段添加到您的虛擬主機文件的Nginx:

location ~ /.well-known { 
      allow all; 
    }

這將允許我們剛剛創建的。好了已知目錄的任何請求。現在,請嘗試再次申請證書,看看它是否有效。

來源

2017-02-21 06:29:06 Arnon

+0

這個答案是%100正確的。 –

相關問題

 相關問題