使用Apache Server的Ubuntu 18.04计算机上的Letsencrypt证书续订问题

时间:2019-05-02 12:37:33

标签: django apache ubuntu lets-encrypt

我正在使用Apache服务器托管Django(v2.1)应用程序。我已经为HTTPS安装了Letsencrypt证书。现在,续订的时间到了,这给了我一些未经授权的访问错误。

当我运行sudo certbot命令时,得到以下输出。

/usr/lib/python3/dist-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.23) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: noppera.tk
2: www.noppera.tk
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.noppera.tk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.noppera.tk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.noppera.tk/.well-known/acme-challenge/U0D416-6zOf7YRW0jAVIG8oiLthmpy_xmewRdUlwrQM [34.240.58.158]: 400

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.noppera.tk
   Type:   unauthorized
   Detail: Invalid response from
   http://www.noppera.tk/.well-known/acme-challenge/U0D416-6zOf7YRW0jAVIG8oiLthmpy_xmewRdUlwrQM
   [34.240.58.158]: 400

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

如果我在选项1上运行此命令,也会遇到相同的错误。 (如果您愿意,我也可以粘贴该日志)

我已经尝试过以下操作:

  • 已经安装了django-letsencrypt==3.0.1
  • letsencrypt中添加了settings.py
  • urls.py url(r'^\.well-known/', include('letsencrypt.urls')),
    • 中添加了以下行

现在可以使用HTTPS访问该站点。谁能帮我续签证书?

编辑1

选项1日志:

/usr/lib/python3/dist-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.23) or chardet (3.0.4) doesn't match a supported version!
  RequestsDependencyWarning)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: noppera.tk
2: www.noppera.tk
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for noppera.tk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. noppera.tk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://noppera.tk/.well-known/acme-challenge/y6dj0WW9qDgZiBnDTmXmA5FTSusyjabeE3dZs5eEGpI [34.240.58.158]: "\n\n<html>\n<head>\n  <script src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js\"></script>\n\n\n\n\n\n\n\n<style>\n    /*"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: noppera.tk
   Type:   unauthorized
   Detail: Invalid response from
   https://noppera.tk/.well-known/acme-challenge/y6dj0WW9qDgZiBnDTmXmA5FTSusyjabeE3dZs5eEGpI
   [34.240.58.158]: "\n\n<html>\n<head>\n  <script
   src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js\"></script>\n\n\n\n\n\n\n\n<style>\n
   /*"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

选项1(noppera.tk)的Django日志 

Invalid HTTP_HOST header: '{{HOST IP}}'. You may need to add '{{HOST IP}}' to ALLOWED_HOSTS.
Bad Request: /console/login/LoginForm.jsp
Not Found: /.well-known/acme-challenge/WRiDAIe3JPBlZXVWduKBYKrmYKbyS3I2eetsth0YBD0

选项2(www.noppera.tk)的Django登录 

Invalid HTTP_HOST header: 'www.noppera.tk'. You may need to add 'www.noppera.tk' to ALLOWED_HOSTS.
Bad Request: /.well-known/acme-challenge/GTX3_zQ6XPymDUn1WVZ_27vO_XtYxPClBD5uA8Y1nhM

现在ALLOWED_HOSTS = ["*"]

编辑2

将选项2的ALLOWED_HOSTS = ["*"]更改为ALLOWED_HOSTS = ["www.noppera.tk", "*"],但有相同的错误。

1 个答案:

答案 0 :(得分:0)

我找到了解决方案。发布以帮助他人。

问题出在apache2/sites-available文件夹中重复的conf。我的网站有2个默认配置和2个自定义配置(每个http和https)。因此,我要做的是禁用默认配置并使用sudo a2dissite default-ssl.confsudo a2dissite 000-default.conf重新加载Apache

此后,我执行了sudo certbot,它成功地更新了证书。

以下有用的资源很少:

  1. https://www.jbarrett.me/blog/items/4/setting-ssl-django-app-lets-encrypt-ubuntu-apache-and-mod_wsgi

  2. https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-ubuntu-18-04#step-5-%E2%80%94-setting-up-virtual-hosts-(recommended)

相关问题
最新问题