nginx-使用certbot应用“加密证书:授权过程失败”

我正在使用certbot申请“让我们加密”证书,
我的服务器是centos 7.2和Nginx 1.11.9.
下面是什么意思?

[root@test ~]# certbot certonly --webroot -w /var/www/www.example.com -d example.com -d www.example.com

Failed authorization procedure. example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-ch
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>",www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.com/.well-known/acme-challenge/k
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

IMPORTANT NOTES:
 - If you lose your account credentials,you can recover through
   e-mails sent to example@example.com.
 - The following errors were reported by the server:

   Domain: example.com
   Type:   unauthorized
   Detail: Invalid response from
   http://example.com/.well-known/acme-challenge/wGNv57IGJjHQ9wyzzALktpNaPzfnTtN3m7u3QuO4p40:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   Domain: www.example.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.example.com/.well-known/acme-challenge/kFJ0CSuKOdgcT2xmciB4GGNCcnUPoIbpQmA9jOII_Bk:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors,please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

我可以访问example.com和www.example.com,并且在文档中有一条注释:https://certbot.eff.org/#centosrhel7-nginx

Note:
To use the webroot plugin,your server must be configured to serve files from hidden directories. If /.well-known is treated specially by your webserver configuration,you might need to modify the configuration to ensure that files inside /.well-known/acme-challenge are served by the webserver.

那是原因吗?
如何修改配置?

最佳答案
这是一个非常普遍的问题,但是幸运的是应该很容易解决.让我们加密必须能够从.well-known目录读取,以验证您的服务器是否实际托管了您想要证书的域.

首先,请确保您在网站根目录中有一个.well-known目录.设置您的权限,以便从外部可以读取它; 775应该是完美的.

然后,将此片段添加Nginx中的虚拟主机文件中:

    location ~ /.well-known {
            allow all;
    }

这将允许对我们刚刚创建的.well-known目录的任何请求.现在,尝试再次请求证书,看看它是否有效.

相关文章

一、Linux下Nginx的安装 1.去官网&#160;http://nginx.org/download/下载对应的Nginx安装包,推荐使...
一、空格:默认匹配、普通匹配 location / { root /home; } 二、= :精确匹配(表示匹配到 /home/resou...
``` nginx -c 配置文件路径 ``` ``` /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.con...
前言 nginx可所谓是如今最好用的软件级别的负载均衡了。通过nginx的高性能,并发能力强,占用内存下的特...
1.ngnix概念 Nginx是一款高性能的http 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器。由俄...
博客园从今天上午就开始报502错误 , 他的原因还不知道 , 暂时先说下我们遇到502的排查情况 最大的可能性...