【问题标题】:404 error on letsencrypt renew certificateletsencrypt 续订证书时出现 404 错误
【发布时间】:2022-12-18 11:50:04
【问题描述】:

每次我尝试更新我的 letsencrypt 证书时,它都会失败并出现 404 错误,使用 nginx 和 certbot。我设法通过将配置文件修改为基本配置文件来修复它,但这会阻止证书自动更新,因此我必须每 3 个月重复一次操作。你能帮我找出问题出在哪里吗?

我的实际域 conf (acuar.io.conf) -- 此代码用于操作网站但不用于更新

# Odoo servers
upstream odoo {
 server 127.0.0.1:8069;
}

upstream odoochat {
 server 127.0.0.1:8072;
}

# HTTP -> HTTPS
server {
    listen 80;
    server_name www.acuar.io acuar.io;

    include snippets/letsencrypt.conf;
    return 301 https://acuar.io$request_uri;
}

# WWW -> NON WWW
server {
    listen 443 ssl http2;
    server_name www.acuar.io;

    ssl_certificate /etc/letsencrypt/live/acuar.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/acuar.io/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/acuar.io/chain.pem;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;

    return 301 https://acuar.io$request_uri;
}

server {
    listen 443 ssl http2;
    server_name acuar.io;

    proxy_read_timeout 720s;
    proxy_connect_timeout 720s;
    proxy_send_timeout 720s;

    # Proxy headers
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;

    # SSL parameters
    ssl_certificate /etc/letsencrypt/live/acuar.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/acuar.io/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/acuar.io/chain.pem;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;

    # log files
    access_log /var/log/nginx/odoo.access.log;
    error_log /var/log/nginx/odoo.error.log;

    # Handle longpoll requests
    location /longpolling {
        proxy_pass http://odoochat;
    }

    # Handle / requests
    location / {
       proxy_redirect off;
       proxy_pass http://odoo;
    }

    # Cache static files
    location ~* /web/static/ {
        proxy_cache_valid 200 90m;
        proxy_buffering on;
        expires 864000;
        proxy_pass http://odoo;
    }

    # Gzip
    gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
    gzip on;
}

我必须设置的代码才能使证书续订工作:

server {
  listen 80;
  server_name acuar.io www.acuar.io;

  include snippets/letsencrypt.conf;
}

非常感谢您的帮助

【问题讨论】:

    标签: linux ssl lets-encrypt certbot


    【解决方案1】:

    经过多次尝试,我设法做出了解决方法,我相信可能有更好的选择,但至少它有效:

    我评论了代码将 HTTP 重定向到 HTTPS 的行:

    # HTTP -> HTTPS server {
        listen 80;
        server_name www.acuar.io acuar.io;
    
        include snippets/letsencrypt.conf;
    #   return 301 https://acuar.io$request_uri; 
    }
    

    据我了解,问题是 Certbot 需要以 HTTP 访问服务器,但服务器已经强制所有流量都到 HTTP。

    如果有人有更好的方法来做到这一点,我非常感谢您的帮助。无论如何,我希望这能帮助像我一样犯同样错误的人。

    谢谢

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2020-08-17
      • 1970-01-01
      • 2017-12-04
      • 1970-01-01
      相关资源
      最近更新 更多