Question

我试图用我的数字海洋服务器和nginx配置ssl但是我遇到了问题。我在同一台服务器上有4个网站，3个运行良好，但最后一个似乎是反复无常的。要设置我的证书（使用ssl启用https），请遵循本教程（使用letsencrypt）： https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

我确切地知道我在4个网站上使用相同的证书。运行此命令时出现问题

sudo letsencrypt certonly -a webroot --webroot-path=/projects/mysite/staging/backend -d staging.backend.mysite.com -d www.staging.backend.mysite.com

它返回给我这个错误：

Failed authorization procedure. staging.backend.mysite.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://staging.backend.mysite.com/.well-known/acme-challenge/jyYxmJYByVQS_HPf7at04LZkirwKe3rOHCeMYcNk1XA: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>", www.staging.backend.mysite.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.staging.backend.mysite.com/.well-known/acme-challenge/-CPeTAThAt2XBMP28LiJmaJxhWDgtU6ysRvgfVv3o5s: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: staging.backend.mysite.com
   Type:   unauthorized
   Detail: Invalid response from http://staging.backend.mysite.com
   /.well-known/acme-
   challenge/jyYxmJYByVQS_HPf7at04LZkirwKe3rOHCeMYcNk1XA: "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   Domain: www.staging.backend.mysite.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.staging.backend.mysite.com/.well-known/acme-
   challenge/-CPeTAThAt2XBMP28LiJmaJxhWDgtU6ysRvgfVv3o5s: "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

当我尝试使用Chrome访问http://staging.backend.mysite.com/时，它会返回此错误：

NET::ERR_CERT_COMMON_NAME_INVALID

这是我的nginx配置：

server {
    listen 80;
    listen [::]:80;
    server_name staging.backend.mysite.com www.staging.backend.mysite.com;

    location / {
        proxy_pass http://127.0.0.1:8900/;
    }
}


server {
    listen 8900;
    server_name my.site.ip.adresse;

    location = /favicon.ico {
        access_log off;
        log_not_found off;
    }

    location /static/ {
        root /projects/mysite/staging/backend;
    }

    location /media/ {
        root /projects/mysite/staging/backend;
    }

    location ~ /.well-known {
        allow all;
    }

    location / {
        proxy_pass http://unix:/projects/mysite/staging/backend/run/mysite.sock;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Host $http_host;
        proxy_redirect off;
    }
}

正如您所看到的，服务器块上没有ssl配置，因为教程说稍后会添加它。它适用于其他3个站点。我的配置有问题吗？

Answer 1

我通过在nginx中禁用代理并确保.well-known在我的http根目录中来解决这个问题（你在8900服务器块中没有root指令，添加一个作为temp。这个必须指向文件系统中的目录，根据您给letsencrypt命令的webroot路径，它将是/projects/mysite/staging/backend/.well-known。

确保您可以从浏览器访问sample.com/.well-known，运行“让我们加密”安装，然后重新启用代理。

您的.well-已知区块不是必需的。也不确定为什么你在nginx中同时服务于80和8900。为什么不直接代理80到您的套接字并跳过8900服务？

letsencrypt和nginx 404错误

1 个答案: