由于DNS A / AAAA记录,更新letencrypt证书失败

时间:2020-07-10 19:51:47

标签: nginx lets-encrypt linode

我使用nginx和pm2在Linode上托管了Next.JS应用。

当我尝试续订证书时,我运行以下命令:

sudo letsencrypt certonly -a webroot --webroot-path=/var/www/project -d example.com -d www.example.com

但这会导致某些挑战失败,特别是以下错误:

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: example.com
   Type:   unauthorized
   Detail: Invalid response from
   https://example.com/.well-known/acme-challenge/tdrjf7xqYmTEcZUGxfpDQ179XVA55wcaV6de30nMlJE
   [2a01:7e01::f03c:92ff:fefb:29]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body>\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>nginx/1.16.1 (Ub"

   Domain: www.example.com
   Type:   unauthorized
   Detail: Invalid response from
   https://example.com/.well-known/acme-challenge/AlIotwMFT_m-mlPvlg30Ya2r4sFm6qxLjZxjnBmmOJA
   [2a01:7e01::f03c:92ff:fefb:29]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body>\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>nginx/1.16.1 (Ub"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

现在,我不确定是否需要在Linode中配置其他配置或其他配置。有人知道我需要做什么吗?

这是我的Nginx设置:

# redirect http to https
server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name example.com www.example.com;
  return 301 https://$server_name$request_uri;
}

server {
  # listen on *:443 -> ssl; instead of *:80
  listen 443 ssl http2 default_server;
  listen [::]:443 ssl http2 default_server;

  server_name example.com;

  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  include snippets/ssl-params.conf;

  location / {
    # reverse proxy for next server
    proxy_pass http://localhost:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;

    # we need to remove this 404 handling
    # because next's _next folder and own handling
    # try_files $uri $uri/ =404;
  }

  location ~ /.well-known {
    allow all;
  }
}

1 个答案:

答案 0 :(得分:0)

我建议您去检查您的 nginx 站点可用文件。

在 server_name 行中,我们总是附加子域(如果有)和父域。

<块引用>

父域:example.com

<块引用>

子域:api.example.com

在您的情况下,您只需更新 example.com 的证书,而不是 www.example.com

此外,如果您有不同的主机管理域 example.com,并且您在不同的服务器上有一个应用程序,请说 digitalocean droplet(就像我的情况)请确认 example.com DNS 指向您的服务器。< /p>

同样,在您的服务器中,声明域 example.com 的 A 和 NS 的 DNS 记录已配置为指向您的 Droplet。

相关问题
最新问题