close

原本nginx 加了 ....強制轉向到 https

server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}

 

發生了自動換 key 時

Checking expiration date for www.test.com...
The certificate for www.test.com is about to expire soon. Starting webroot renewal script...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.test.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.test.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.test.com/.well-known/acme-challenge/VKcVMVQ8mMhtovoPoheU6PcVF5kb3MwS7sizRNUWzwk: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.test.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.test.com/.well-known/acme-challenge/VKcVMVQ8mMhtovoPoheU6PcVF5kb3MwS7sizRNUWzwk:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

 

當然砍到重取 ...用 --standalone 也可 ....

不會每次到期就砍掉 .....擺爛的方法 .......

不砍掉用 --standalone  會出現 ......archive directory exists for www.test.com

找到方法了 nginx 設定只要 URL 不是 .well-known 就去轉向到 https 

server {
        listen 80 default_server;
        server_name _;

    location ~ /\.well-known\/acme-challenge {
        root /var/www/html;
        allow all;
    }
    if ($request_uri !~ /\.well-known) {
        return 301 https://$host$request_uri;
    }
}

這樣就 OK 了

Checking expiration date for www.test.com...
The certificate for www.test.com is about to expire soon. Starting webroot renewal script...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.test.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/www.test.com-0001/fullchain.pem. Your cert
   will expire on 2017-09-13. To obtain a new or tweaked version of
   this certificate in the future, simply run letsencrypt-auto again.
   To non-interactively renew *all* of your certificates, run
   "letsencrypt-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
Reloading nginx
Renewal process finished for domain www.test.com

 

arrow
arrow
    全站熱搜

    echochio 發表在 痞客邦 留言(0) 人氣()