2

I'm trying to set up https on our web page which runs on Django 1.8. I'm very new in this area so I use Certbot. I followed the instructions until ./path/to/certbot-auto certonly.

How would you like to authenticate with the ACME CA?

  • 1: Place files in webroot directory (webroot)
  • 2: Spin up a temporary webserver (standalone)

I've chosen 1.

Then it wants my domain and the next step is:

Select the webroot for salix.sk:

>>> /home/django/salix

which returns error

Waiting for verification... Cleaning up challenges Failed authorization procedure. salix.sk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://salix.sk/.well-known/acme-challenge/some_code: "
Page not"

IMPORTANT NOTES: - The following errors were reported by the server:

Domain: salix.sk Type: unauthorized Detail: Invalid response from
http://salix.sk/.well-known/acme-challenge/some_code: " Page not"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

I think that I should somehow set the path in my project but can't figure out how. It created a folder .well-known inside the root of my project without any visible files inside.

Do you know what to do?

EDIT: I've changed etc/nginx/sites-available/default adding into server section:

location ~ /.well-known {
                    allow all;
            }

So:

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /usr/share/nginx/html;
    index index.html index.htm;

    # Make site accessible from http://localhost/
    server_name localhost;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
        # Uncomment to enable naxsi on this location
        # include /etc/nginx/naxsi.rules
    }

    # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
    #location /RequestDenied {
    #   proxy_pass http://127.0.0.1:8080;    
    #}

    #error_page 404 /404.html;

    # redirect server error pages to the static page /50x.html
    #
    #error_page 500 502 503 504 /50x.html;
    #location = /50x.html {
    #   root /usr/share/nginx/html;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #   fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #   # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    #
    #   # With php5-cgi alone:
    #   fastcgi_pass 127.0.0.1:9000;
    #   # With php5-fpm:
    #   fastcgi_pass unix:/var/run/php5-fpm.sock;
    #   fastcgi_index index.php;
    #   include fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #   deny all;
    #}
    location ~ /.well-known {
                allow all;
        }
}

Which didn't help too.

4

2 回答 2

0

就我而言,这种 nginx 配置运行良好:

location ^~ /.well-known {
        if ($request_uri ~* /.well-known/acme-challenge/(.*)) {
        set $tmp $1.ZzFvB6sHz7artk-kNCGMNtB_adt6f5K2tuL8Mf8uL1c;
    }
    return 200 $tmp;

在这里,我得到 $1 - request_uri 末尾的第一个元素,添加一个字符串,由 certbot 在certbot renew命令执行期间生成。

但我不确定下次它会起作用。

在此处输入图像描述

于 2021-11-25T13:24:39.800 回答
-1

尝试:

  1. apt更新,apt升级

  2. 将时区和日期/时间更改为实际

  3. 删除 IPv6 地址的 AAAA 记录

于 2021-03-15T11:07:37.037 回答