当我在 Nginx 虚拟主机中设置 301 重定向时,LetsEncrypt Renewal 验证过程失败

问题描述 投票:0回答:1

在 Ubuntu Server 18.04.04、Nginx 1.14.0 上,通过 apt(而不是 snap)安装 LetsEncrypt certbot

当我设置 301 重定向到另一个域时,我收到以下消息:

Attempting to renew cert (domain1.fr) from /etc/letsencrypt/renewal/domain1.fr.conf produced an unexpected error: Failed authorization procedure. domain1.fr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: (MY IP): Invalid response from https://www.domaine2.fr/targetpage: "<!DOCTYPE html>\n    <!--[if lt IE 7]><html class=\"no-js lt-ie9 lt-ie8 lt-ie7\"> <![endif]-->\n    <!--[if IE 7]><html class=\"no-js". Skipping.

当我尝试使用以下方法进行更新模拟时:

sudo certbot renew --dry-run

然而,我的 LetsEncrypt 声明被放置在重定向指令之前。

下面是我的domain1.fr 虚拟主机配置:

server {
    server_name domain1.fr;
    listen 80;

    # Path for first deliverance of LE certificate, and renewal
        location /.well-known {
        alias /var/www/html/certbot/.well-known;
    }
    # Proxy params
        include /etc/nginx/conf.d/proxy_general_test;
        include /etc/nginx/conf.d/proxy_compression;
        include /etc/nginx/conf.d/errors_pages_new;

    # Redirect to HTTPS
    return 301 https://$server_name$request_uri;
}
server {
    server_name domain1.fr;
    listen 443 ssl;

    # Path for first deliverance of LE certificate, and renewal
        location /.well-known {
        alias /var/www/html/certbot/.well-known;
    }

    # Proxy params
    include /etc/nginx/conf.d/proxy_general_test;
    include /etc/nginx/conf.d/proxy_compression;
    include /etc/nginx/conf.d/errors_pages_new;

    # SSL LE
    ssl_certificate /etc/letsencrypt/live/domain1.fr/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/domain1.fr/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    # Redirect to another website
    return 301 https://www.domaine2.fr/targetpage;

    # ModSecurity
    modsecurity on;
    modsecurity_rules_file /etc/nginx/modsec/main.conf;

    # Logs

如何在保持重定向的同时管理 certbot-auto?

nginx http-redirect lets-encrypt http-status-code-301 certbot
1个回答
0
投票

return 301 ...
包裹在 
location / { ... }
块内,否则您的 
location /.well-known
块将无法工作。

这个答案是作为问题的评论发布的,当我在Nginx虚拟主机中设置301重定向时,LetsEncrypt Renewal failed authentication procedure (SOLVED) by Richard Smith under CC BY-SA 4.0.

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.