Certbot未创建.well-known / acme-challenges文件

时间:2018-11-09 13:36:27

标签: lets-encrypt certbot

我的域是:

monxas.ninja

我运行了以下命令:

sudo certbot --apache --debug-challenges

它产生了以下输出:

   Obtaining a new certificate
/usr/lib/python3/dist-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
  signer = key.signer(self.padding, self.hash)
Performing the following challenges:
http-01 challenge for monxas.ninja
Waiting for verification...

-------------------------------------------------------------------------------
Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
challenges.
-------------------------------------------------------------------------------
Press Enter to Continue
/usr/lib/python3/dist-packages/josepy/jwa.py:107: CryptographyDeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
  signer = key.signer(self.padding, self.hash)
Cleaning up challenges
Failed authorization procedure. monxas.ninja (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://monxas.ninja/.well-known/acme-challenge/Wt_CvapZhIJt3EDdoIjop4Lun7V4B_JpWmnpyMxz7es: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: monxas.ninja
   Type:   unauthorized
   Detail: Invalid response from
   http://monxas.ninja/.well-known/acme-challenge/Wt_CvapZhIJt3EDdoIjop4Lun7V4B_JpWmnpyMxz7es:
   "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

我的Web服务器是(包括版本):

Apache version 2.4.25   

我的Web服务器运行的操作系统是(包括版本):

Raspbian GNU/Linux 9

我可以登录到计算机上的root shell(是或否,或者我不知道):

yes

我正在使用控制面板来管理我的网站(否,或提供控制面板的名称和版本):

no

dns记录是

A *.monxas.ninja 83.56.8.166 300

A monxas.ninja 83.56.8.166 300

我不使用AAAA

此外,您可以手动创建众所周知的路径,如下所示:

http://monxas.ninja/.well-known/acme-challenge/

1 个答案:

答案 0 :(得分:1)

我想我可能已经找到了解决方案。反正这是我的解决方法...

我倾向于查看续订文件,并在其中找到了解决方案。我不知道如何或为什么创建此错误,但是两台服务器上的续订文件中的webroot错误。更正后,两个续订都按预期完成。

/etc/letsencrypt/renewal/www.server.com.conf

在[[webroot_map]]下查找条目

我希望这对某人有帮助。我花了两天时间挠头,然后才考虑查看续订文件。