配置Nginx回复http://my-domain.com/.well-known/acme-challenge/XXXX

问题描述 投票:0回答:3

我无法让 nginx 返回我放入的文件

/var/www/letsencrypt

nginx/sites-available/mydomain.conf

server {
  listen 80 default_server;
  listen [::]:80 default_server ipv6only=on;
  server_name my-real-domain.com;

  include /etc/nginx/snippets/letsencrypt.conf;

  root /var/www/mydomain;
  index index.html;
  location / {
    try_files $uri $uri/ =404;
  }
}

nginx/snippets/letsencrypt.conf

location ^~ /.well-known/acme-challenge/ {
  default_type "text/plain";
  root /var/www/letsencrypt;
}

我运行这个命令: certbot certonly --webroot -w /var/www/letsencrypt/-d my-real-domain.com

但是 certbot 尝试访问的页面始终是 404。

调试

$ echo hi > /var/www/letsencrypt/hi
$ chmod 644 /var/www/letsencrypt/hi

现在我应该能够

curl localhost/.well-known/acme-challenge/hi
,但这不起作用。还是 404。知道我错过了什么吗?

nginx lets-encrypt certbot
3个回答
27
投票

选项

root /var/www/letsencrypt/;
告诉nginx“这是基本目录”,所以最终路径将是
/var/www/letsencrypt/.well-known/acme-challenge/

所以,你有2个选择:

  1. 更改您的路径,例如

    $ echo hi > /var/www/letsencrypt/.well-known/acme-challenge/hi
    
  2. 更改 nginx 的行为,因此 nginx 会将其视为别名:

    location ^~ /.well-known/acme-challenge/ {
      default_type "text/plain";
      rewrite /.well-known/acme-challenge/(.*) /$1 break;
      root /var/www/letsencrypt;
    }
    

不要忘记 make

killall -1 nginx
重新加载配置


1
投票

Synology Nginx 配置现在似乎有 acme-challenge 规则。将文件放入

/var/lib/letsencrypt/.well-known/acme-challenge
中,无需重新加载 Nginx,因为配置保持不变。

详情请参阅

/etc/nginx/nginx.conf


0
投票

这是因为您使用的是 root 而不是别名,我将此作为工作解决方案:

            listen       80;
                    location /.well-known/acme-challenge {
                            alias /var/www/acme;
                    }
                    location / {
                            return 301 https://$host$request_uri;
                    }
© www.soinside.com 2019 - 2024. All rights reserved.