0

我已将Let's Encrypt 扩展配置到 Azure Web 应用程序中。当我尝试为自定义域生成 SSL 证书时,出现以下错误:

The Lets Encrypt ACME server was probably unable to reach http://www.holzlauf.ch/.well-known/acme-challenge/hyDaCURuFoJGi9ASuJdNppayYcjIRpqp3vMLTKbA-hA view error report from Lets Encrypt at https://acme-staging.api.letsencrypt.org/acme/authz/YnGjTUHQa5upTAajCNPOLX_aLLlmRQiRP6uj3a0vAm8 for more information

源错误:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

堆栈跟踪

[Exception: The Lets Encrypt ACME server was probably unable to reach http://www.holzlauf.ch/.well-known/acme-challenge/hyDaCURuFoJGi9ASuJdNppayYcjIRpqp3vMLTKbA-hA view error report from Lets Encrypt at https://acme-staging.api.letsencrypt.org/acme/authz/YnGjTUHQa5upTAajCNPOLX_aLLlmRQiRP6uj3a0vAm8 for more information]
   LetsEncrypt.Azure.Core.Services.<Authorize>d__5.MoveNext() in D:\a\1\s\LetsEncrypt.SiteExtension.Core\Services\BaseHttpAuthorizationChallengeProvider.cs:121
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +26
   LetsEncrypt.Azure.Core.Services.<Authorize>d__5.MoveNext() in D:\a\1\s\LetsEncrypt.SiteExtension.Core\Services\BaseHttpAuthorizationChallengeProvider.cs:131
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   LetsEncrypt.Azure.Core.Services.<RequestCertificate>d__5.MoveNext() in D:\a\1\s\LetsEncrypt.SiteExtension.Core\Services\AcmeService.cs:44
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   LetsEncrypt.Azure.Core.<RequestInternalAsync>d__16.MoveNext() in D:\a\1\s\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:231
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   LetsEncrypt.Azure.Core.<RequestAndInstallInternalAsync>d__17.MoveNext() in D:\a\1\s\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:244
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   LetsEncrypt.SiteExtension.Controllers.<Install>d__7.MoveNext() in D:\a\1\s\LetsEncrypt-SiteExtension\Controllers\HomeController.cs:250
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   System.Web.Mvc.Async.TaskAsyncActionDescriptor.EndExecute(IAsyncResult asyncResult) +97
   System.Web.Mvc.Async.<>c__DisplayClass8_0.<BeginInvokeAsynchronousActionMethod>b__1(IAsyncResult asyncResult) +17
   System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
   System.Web.Mvc.Async.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0() +58
   System.Web.Mvc.Async.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2() +228
   System.Web.Mvc.Async.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult) +10
   System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
   System.Web.Mvc.Async.<>c__DisplayClass3_6.<BeginInvokeAction>b__4() +35
   System.Web.Mvc.Async.<>c__DisplayClass3_1.<BeginInvokeAction>b__1(IAsyncResult asyncResult) +100
   System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
   System.Web.Mvc.<>c.<BeginExecuteCore>b__152_1(IAsyncResult asyncResult, ExecuteCoreState innerState) +11
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +29
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +45
   System.Web.Mvc.<>c.<BeginExecute>b__151_2(IAsyncResult asyncResult, Controller controller) +13
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +22
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +26
   System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
   System.Web.Mvc.<>c.<BeginProcessRequest>b__20_1(IAsyncResult asyncResult, ProcessRequestState innerState) +28
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +29
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +28
   System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
   System.Web.CallHandlerExecutionStep.InvokeEndHandler(IAsyncResult ar) +152
   System.Web.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar) +126
4

1 回答 1

0

此错误意味着letsencrypt 无法验证您是否真正拥有您尝试为其创建证书的域。它正在尝试访问 URL:

http://www.holzlauf.ch/.well-known/acme-challenge/hyDaCURuFoJGi9ASuJdNppayYcjIRpqp3vMLTKbA-hA

但是,letsencrypt 服务器无法到达该位置。

所以,让我们退后一步。通常,letsencrypt 的工作方式是您的certbot(或您使用的任何 acme 客户端)创建一个可访问的端点http://www.example.com/.well-known/<some-hash>,然后请求服务器访问它。如果 HTTP 结果是 200,那么 Letsencrypt ACME 服务器认为这是成功的并颁发证书。如果结果为 400 或更多,则这是失败并返回类似上述错误。

众所周知的位置的确切创建方式取决于您使用的 certbot 插件。例如:

  • webroot 插件会将文件放置在文件系统中您在配置中指定的位置
  • nginx 插件将更新您的nginx 配置,以便获取资源将返回 HTTP 状态代码 200
  • DNS 插件将更新您的DNS 记录,以类似的方式进行证明。

所以,考虑到所有这些,我不知道这里到底是什么问题,但看起来你没有正确配置插件。希望,尽管这为您提供了足够的信息来修复。如果没有,请在下面发表评论并说明您正在使用哪个插件以及配置是什么。

编辑

如果你去这里: https ://acme-staging.api.letsencrypt.org/acme/authz/YnGjTUHQa5upTAajCNPOLX_aLLlmRQiRP6uj3a0vAm8

您可以看到收到的错误的详细说明。

响应是 403 Forbidden。这意味着您的网络服务器已阻止访问该 URL。您需要确保您的网络服务器(IIS、apache、nginx)允许访问。解决此问题的精确方法取决于您使用的 DNS 插件。请参阅文档以获取列表。单击链接并按照说明进行操作。

于 2019-04-14T18:58:17.350 回答