有很多类似的问题,但我根本不明白为什么我的 nginx 配置没有为 acme 挑战返回任何内容。该问题的域名已更改为 example.com。
我的配置如下:
server {
listen 443 ssl;
server_name example.com;
server_tokens off;
ssl_certificate /opt/bitnami/letsencrypt/certificates/example.com.crt;
ssl_certificate_key /opt/bitnami/letsencrypt/certificates/example.com.key;
location / {
proxy_pass http://localhost:9000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}}
server {
listen 80;
server_name example.com;
location ^~ /.well-known/acme-challenge/ {
alias /opt/bitnami/apps/letsencrypt/.well-known/acme-challenge/;
}
return 301 https://$server_name$request_uri;
}
实际的更新脚本给了我这个输出:
$ sudo /opt/bitnami/letsencrypt/lego --path /opt/bitnami/letsencrypt --email="[email protected]" --http --http-timeout 30 --http.webroot /opt/bitnami/apps/letsencrypt --domains=example.com --user-agent bitnami-bncert/2.0.0 renew2024/09/21
15:06:04 [INFO] [example.com] acme: Trying renewal with 64 hours remaining2024/09/21
15:06:04 [INFO] [example.com] acme: Obtaining bundled SAN certificate2024/09/21
15:06:05 [INFO] [example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/4065531866462024/09/21
15:06:05 [INFO] [example.com] acme: Could not find solver for: tls-alpn-012024/09/21
15:06:05 [INFO] [example.com] acme: use http-01 solver2024/09/21
15:06:05 [INFO] [example.com] acme: Trying to solve HTTP-012024/09/21
15:06:13 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/4065531866462024/09/21
15:06:13 error: one or more domains had a problem:[example.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 13.53.80.234: Invalid response from https://example.com/.well-known/acme-challenge/7yobUqAmxObbYyWqgWq8znLTEbiRfSNsurCP8WxjVVA: 404
我想知道最后一行,特别是它是 https。我认为服务器不会为该 URL 的 http 版本返回任何内容,因此会重定向到 https,然后找不到任何内容。
我在
/opt/bitnami/apps/letsencrypt/.well-known/acme-challenge/test.htmlhttp://example.com/.well-known/acme-challenge/test.html问题是 acme-challange 目录中没有写入任何内容,还是 nginx http 的设置?
问题在于
returnlocationreturn解决方案是将
returnlocation例如:
server {
listen 80;
server_name example.com;
location ^~ /.well-known/acme-challenge/ {
root /opt/bitnami/apps/letsencrypt/;
}
location {
return 301 https://$server_name$request_uri;
}
}