Nginx/Certbot -来自域/.well-known的响应无效

pvabu6sv  于 2023-01-29  发布在  Nginx
关注(0)|答案(3)|浏览(346)

我正在尝试在我们的网页上设置https,该网页运行在Django 1.8上。我在这方面非常陌生,所以我使用Certbot。我按照说明操作,直到./path/to/certbot-auto certonly

您希望如何使用ACME CA进行身份验证?

  • 1:将文件放入webroot目录(webroot)
  • 2:启动临时Web服务器(独立)

我选了一。
然后它想要我的域名,下一步是:
选择www.example.com的网络根salix.sk:

>>> /home/django/salix

返回错误
正在等待验证...正在清除质询授权过程失败。www.example.com(http-01):urn:acme:错误:未授权::salix.sk来自http://salix.sk/.well-known/acme-challenge/some_code的响应无效:" Invalid response from http://salix.sk/.well-known/acme-challenge/some_code : "
页面不是"
重要说明:- 服务器报告了以下错误:
域名:www.example.com类型:未授权详细信息:salix.sk Type: unauthorized Detail: Invalid response from
http://salix.sk/.well-known/acme-challenge/some_code:"非页面"
要修复这些错误,请确保您的域名
输入正确,并且该域的DNS A记录
包含正确的IP地址。
我想我应该在我的项目中设置路径,但不知道如何设置。它在我的项目根目录中创建了一个文件夹.well-known,里面没有任何可见的文件。
你知道该怎么做吗?

    • 编辑:**我更改了etc/nginx/sites-available/default,将其添加到服务器部分:
location ~ /.well-known {
                    allow all;
            }

因此:

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /usr/share/nginx/html;
    index index.html index.htm;

    # Make site accessible from http://localhost/
    server_name localhost;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
        # Uncomment to enable naxsi on this location
        # include /etc/nginx/naxsi.rules
    }

    # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
    #location /RequestDenied {
    #   proxy_pass http://127.0.0.1:8080;    
    #}

    #error_page 404 /404.html;

    # redirect server error pages to the static page /50x.html
    #
    #error_page 500 502 503 504 /50x.html;
    #location = /50x.html {
    #   root /usr/share/nginx/html;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #   fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #   # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    #
    #   # With php5-cgi alone:
    #   fastcgi_pass 127.0.0.1:9000;
    #   # With php5-fpm:
    #   fastcgi_pass unix:/var/run/php5-fpm.sock;
    #   fastcgi_index index.php;
    #   include fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #   deny all;
    #}
    location ~ /.well-known {
                allow all;
        }
}

但也没什么用。

de90aj5v

de90aj5v1#

在我的例子中,nginx的这种配置工作得很好:

location ^~ /.well-known {
        if ($request_uri ~* /.well-known/acme-challenge/(.*)) {
        set $tmp $1.ZzFvB6sHz7artk-kNCGMNtB_adt6f5K2tuL8Mf8uL1c;
    }
    return 200 $tmp;

在这里,我从request_uri的末尾获取$1 - first元素,添加一个字符串,该字符串是certbot在certbot renew命令执行期间生成的。
但我不确定下一次会不会成功。

4smxwvx5

4smxwvx52#

删除IPv6地址的AAAA记录-为我修复

nr9pn0ug

nr9pn0ug3#

试试看:

  1. apt更新,apt升级
    1.将时区和日期/时间更改为实际值
    1.删除IPv6地址的AAAA记录

相关问题