运行
certbot renewCertbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: example.com
Type: unauthorized
Detail: During secondary validation: 2a06:98c1:3120::1: Invalid response from http:// example.com/.well-known/acme-challenge/funkylettersandnumbers: 403
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -F
sudo iptables -X
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 969 -j ACCEPT
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -j DROP
sudo iptables -A FORWARD -j DROP
sudo ip6tables -P INPUT ACCEPT
sudo ip6tables -P FORWARD ACCEPT
sudo ip6tables -P OUTPUT ACCEPT
sudo ip6tables -t nat -F
sudo ip6tables -t mangle -F
sudo ip6tables -F
sudo ip6tables -X
sudo ip6tables -A INPUT -i lo -j ACCEPT
sudo ip6tables -A OUTPUT -o lo -j ACCEPT
sudo ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo ip6tables -A INPUT -p tcp --dport 969 -j ACCEPT
sudo ip6tables -A INPUT -j DROP
sudo ip6tables -A FORWARD -j DROP
<VirtualHost *:8080>
<Directory /home/username/example>
Deny from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin [email protected]
Alias /static /home/username/example/example/static
Alias /media /home/username/example/example/example/static/example/img
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =example.com [OR]
#RewriteCond %{SERVER_NAME} =www.example.com
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
Alias /static /home/username/example/example/static
Alias /media /home/username/example/example/example/static/example/img
<Directory /home/username/example/example/static>
Require all granted
AllowOverride All
Options -Indexes -MultiViews +SymLinksIfOwnerMatch
</Directory>
<Directory /home/username/example/example/example/static/example/img>
Require all granted
AllowOverride All
Options -Indexes -MultiViews +SymLinksIfOwnerMatch
</Directory>
<Directory /home/username/example/example>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess example.com python-home=/home/username/example/example-env python-path=/home/username/example/example
WSGIProcessGroup example.com
WSGIScriptAlias / /home/username/example/example/example/wsgi.py
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
我一直在与 ChatGPT 合作解决这个问题,但它只是让我陷入困境。我已尝试以各种可能的方式授予此网址的权限,但我对此感到非常困惑。 ChatGPT 说我不需要让 Django 管理这个 url,因为 Certbot 将使用 Apache 处理这个问题。但这对我来说听起来不对。看来我应该以某种方式在 Django 中创建这个 .well-known/acme-challenge/ 但我不知道如何让 Certbot 与它交互来提供挑战。
使用命令尝试
sudo certbot certonly --manual --preferred-challenges=dns -d domain.com.
通过添加在 dns 配置上手动给出的 TXT 记录进行验证,并等待添加和传播 TXT 记录,等待应取决于您的域和 dns 提供商。验证通过保存的记录
https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.domain.com.
Certbot 应验证 TXT 记录,如果成功,将颁发证书。
将
domain.com我希望这能解决问题。 如果没有尝试重新安装新证书。