配置Nginx以回复http://my-domain.com/.well-known/acme-challenge/XXXX

时间:2017-09-16 02:09:05

标签: nginx lets-encrypt certbot

我无法让nginx返回我放入/var/www/letsencrypt的文件。

的nginx /位点可用/ mydomain.conf

server {
  listen 80 default_server;
  listen [::]:80 default_server ipv6only=on;
  server_name my-real-domain.com;

  include /etc/nginx/snippets/letsencrypt.conf;

  root /var/www/mydomain;
  index index.html;
  location / {
    try_files $uri $uri/ =404;
  }
}

nginx的/代码段/ letsencrypt.conf

location ^~ /.well-known/acme-challenge/ {
  default_type "text/plain";
  root /var/www/letsencrypt;
}

我运行此命令: certbot certonly --webroot -w / var / www / letsencrypt / -d my-real-domain.com

但是certbot尝试访问的页面始终是404.

调试

$ echo hi > /var/www/letsencrypt/hi
$ chmod 644 /var/www/letsencrypt/hi

现在我应该能够curl localhost/.well-known/acme-challenge/hi,但这不起作用。仍然是404.知道我缺少什么吗?

1 个答案:

答案 0 :(得分:2)

选项root /var/www/letsencrypt/;告诉nginx“这是基本目录”,因此最终路径为/var/www/letsencrypt/.well-known/acme-challenge/

所以,你有两个选择:

  1. 更改路径,例如改为

    $ echo hi > /var/www/letsencrypt/.well-known/acme-challenge/hi
    
  2. 更改nginx的行为,因此nginx会将其视为别名:

    location ^~ /.well-known/acme-challenge/ {
      default_type "text/plain";
      rewrite /.well-known/acme-challenge/(.*) /$1 break;
      root /var/www/letsencrypt;
    }
    
  3. 不要忘记make killall -1 nginx重新加载配置