在 Ubuntu Server 18.04.04、Nginx 1.14.0 上,通过 apt(而不是 snap)安装 LetsEncrypt certbot
当我设置 301 重定向到另一个域时,我收到以下消息:
Attempting to renew cert (domain1.fr) from /etc/letsencrypt/renewal/domain1.fr.conf produced an unexpected error: Failed authorization procedure. domain1.fr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: (MY IP): Invalid response from https://www.domaine2.fr/targetpage: "<!DOCTYPE html>\n <!--[if lt IE 7]><html class=\"no-js lt-ie9 lt-ie8 lt-ie7\"> <![endif]-->\n <!--[if IE 7]><html class=\"no-js". Skipping.
当我尝试使用以下方法进行更新模拟时:
sudo certbot renew --dry-run
然而,我的 LetsEncrypt 声明被放置在重定向指令之前。
下面是我的domain1.fr 虚拟主机配置:
server {
server_name domain1.fr;
listen 80;
# Path for first deliverance of LE certificate, and renewal
location /.well-known {
alias /var/www/html/certbot/.well-known;
}
# Proxy params
include /etc/nginx/conf.d/proxy_general_test;
include /etc/nginx/conf.d/proxy_compression;
include /etc/nginx/conf.d/errors_pages_new;
# Redirect to HTTPS
return 301 https://$server_name$request_uri;
}
server {
server_name domain1.fr;
listen 443 ssl;
# Path for first deliverance of LE certificate, and renewal
location /.well-known {
alias /var/www/html/certbot/.well-known;
}
# Proxy params
include /etc/nginx/conf.d/proxy_general_test;
include /etc/nginx/conf.d/proxy_compression;
include /etc/nginx/conf.d/errors_pages_new;
# SSL LE
ssl_certificate /etc/letsencrypt/live/domain1.fr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain1.fr/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Redirect to another website
return 301 https://www.domaine2.fr/targetpage;
# ModSecurity
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
# Logs
如何在保持重定向的同时管理 certbot-auto?
将
return 301 ...
包裹在 location / { ... }
块内,否则您的 location /.well-known
块将无法工作。
这个答案是作为问题的评论发布的,当我在Nginx虚拟主机中设置301重定向时,LetsEncrypt Renewal failed authentication procedure (SOLVED) by Richard Smith under CC BY-SA 4.0.