nginx
在/etc/nginx/conf.d/RussianChurchVancouver.ca.conf
配置中有这个主机:
server {
listen 80;
server_name RussianChurchVancouver.ca www.RussianChurchVancouver.ca;
...
root<strong i="18">@deb96</strong>:/var/www/RussianChurchVancouver.ca/web# certbot -m [email protected] --agree-tos --nginx -d RussianChurchVancouver.ca -d www.RussianChurchVancouver.ca
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for russianchurchvancouver.ca
http-01 challenge for www.russianchurchvancouver.ca
nginx: [warn] conflicting server name "www.russianchurchvancouver.ca" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "russianchurchvancouver.ca" on 0.0.0.0:80, ignored
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. russianchurchvancouver.ca (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://russianchurchvancouver.ca/.well-known/acme-challenge/b4vlj_zIdB4H_a94FlltJWx2JBGBDS_ihAFWrpJSl5U: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n", www.russianchurchvancouver.ca (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.russianchurchvancouver.ca/.well-known/acme-challenge/B8e0i1p0jhjNtfV1Dd36rlE8eh4K2bpefVvABc6Na48: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
在进行故障排除时,我发现 certbot 将 acme-challenge 添加到此配置文件中:
Writing nginx conf tree to /etc/nginx/conf.d/default.conf
这是错误。 这就是为什么我在日志中有conflicting server name
(当我在default.conf
和RussianChurchVancouver.ca.conf
都有russianchurchvancouver.ca
时,certbot 创建的情况
预计,它将向此文件添加 acme-challenge:
/etc/nginx/conf.d/RussianChurchVancouver.ca.conf
在这一点上,我开始怀疑,certbot 这样做是因为我在配置文件中的域不是小写的。
所以,我把它们小写了:
server_name russianchurchvancouver.ca www.russianchurchvancouver.ca;
并且 certbot 正常工作:
root<strong i="37">@deb96</strong>:/etc/nginx/conf.d# certbot -m [email protected] --agree-tos --nginx -d russianchurchvancouver.ca,www.russianchurchvancouver.ca
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.russianchurchvancouver.ca
http-01 challenge for russianchurchvancouver.ca
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/RussianChurchVancouver.ca.conf
Deploying Certificate to VirtualHost /etc/nginx/conf.d/RussianChurchVancouver.ca.conf
...
Congratulations! You have successfully enabled https://russianchurchvancouver.ca
and https://www.russianchurchvancouver.ca
感谢您的报告,这肯定是一个错误! 你是对的,现在的修复是确保将案例与配置文件中写入的内容相匹配。
自从这个问题被打开以来,我们对 Certbot 做了很多更改。 如果您在使用最新版本的 Certbot 时仍然遇到此问题,能否添加评论让我们知道? 这有助于我们更好地了解哪些问题仍在影响我们的用户。 如果在接下来的 30 天内没有活动,此问题将自动关闭。
这仍然是一个错误。