我正在尝试使用Nginx在Ubuntu 16.04上安装letsencrypt证书。
我正在运行以下命令:
sudo certbot certonly -m info@example.com -a webroot --webroot-path=/var/www/example -d example.com -d www.example.com
我收到以下错误:
将调试日志保存到/var/log/letsencrypt/letsencrypt.log插件 选中:Authenticator webroot,Installer无启动新的HTTPS connection(1):acme-v01.api.letsencrypt.org获得一个新的 证书执行以下挑战:http-01挑战 example.com http:01挑战www.example.com使用webroot 所有不匹配域的路径/ var / www / example。等待 验证...清理挑战授权程序失败。 www.example.com(http-01):urn:acme:错误:unauthorized ::客户端 缺乏足够的授权::来自的响应无效 http://www.example.com/.well-known/acme-challenge/9npZ6yfqmspymVXZACgV8-HQgo1TosDkIRG0gjV-Ryk [35.170.249.71]:404,example.com(http-01): urn:acme:错误:未经授权::客户端缺乏足够的 authorization ::来自的响应无效 http://example.com/.well-known/acme-challenge/fPXrxa2iFerFZBfaGQRtBY19rY9ZJkwB8Z-S4kpcVb0 [35.170.249.71]:404
重要说明: - 服务器报告了以下错误:
域名:www.example.com类型:未授权详情:无效 来自的回应 http://www.example.com/.well-known/acme-challenge/9npZ6yfqmspymVXZACgV8-HQgo1TosDkIRG0gjV-Ryk [35.170.249.71]:404
域名:example.com类型:未授权详细信息:无效 来自的回应 http://example.com/.well-known/acme-challenge/fPXrxa2iFerFZBfaGQRtBY19rY9ZJkwB8Z-S4kpcVb0 [35.170.249.71]:404
要解决这些错误,请确保您的域名为
正确输入该域名的DNS A / AAAA记录 包含正确的IP地址。
我的网站配置文件:
server {
listen 80;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/ssl/certs/example.com.crt;
ssl_certificate_key /etc/ssl/private/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
root /var/www/example;
server_name example.com www.example.com;
location / {
proxy_pass http://localhost:5000;
#try_files $uri $uri/ =404;
}
location ~ /.well-known {
proxy_pass http://localhost:5000;
allow all;
}
}