我刚刚从Let's Encrypt收到一封电子邮件,指出:
Beginning June 1, 2020, we will stop allowing new domains to validate using
the ACMEv1 protocol. You should upgrade to an ACMEv2 compatible client before
then, or certificate issuance will fail. For most people, simply upgrading to
the latest version of your existing client will suffice.
我在Debian 9上进行了以下升级:
在空运行中,我遇到了以下几个错误(由于我不确定是否在此处发布敏感信息,我已经将某些项目删除了:]
Attempting to renew cert (mail.example.com) from /etc/letsencrypt/renewal/mail.example.com.conf produced an unexpected error: Failed authorization procedure. mail.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.example.com/.well-known/acme-challenge/REDACTED_STRING_EXAMPLE [REDACTED HEXADECIMAL ADDRESS]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p". Skipping.
和
The following errors were reported by the server:
Domain: mail.example.com
Type: unauthorized
Detail: Invalid response from
http://mail.example.com/.well-known/acme-challenge/REDACTED CODE
[REDACTED HEXADECIMAL ADDRESS]: "<!DOCTYPE HTML PUBLIC
\"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
是什么引起此问题?我的根Web目录中没有.well-known目录。这是我需要添加的新要求吗?如果是这样,我该怎么做才能修复我的certbot,以便我可以正确地更新我的证书?
所以,当我看到您正在使用Apache时,我认为它的配置错误,无法正确应对ACME Challenge。
certbot
所做的是创建.well-known/acme-challenge/
文件夹,然后将其添加到网站的Apache配置中(此处为mail.example.com
)。所以我的猜测是:
mail.example.com
)中是否具有/etc/apache2
配置。您可以使用apachectl -t -D DUMP_VHOSTS
之类的内容转储当前所有活动的配置。mail.example.com
配置,尤其是:80
将要尝试插入代码的certbot
部分。我认为您在这里遇到问题,因为certbot
无法使.well-known
文件夹可用(通过HTTP,端口80
<Directory>
标签,以了解Apache将您的流量重定向到何处。