前些时间服务器配置了 ipv6 拜访,起初就收到了 let’s encrypt 的邮件说域名 ssl 证书过期。但问题是 certbot 会应该是自动更新证书才对啊。
登上服务器手动更新证书试下,提醒 404 谬误:
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: gwlin.com
Type: unauthorized
Detail: Invalid response from
http://gwlin.com/.well-known/acme-challenge/eHOBoFPw4Uz5vM9Xzk9D91nsm292bxSNyuePVerQRMY
[2600:3c01::f03c:92ff:fee2:491b]: "<html>rn<head><title>404 Not
Found</title></head>rn<body bgcolor="white">rn<center><h1>404
Not Found</h1></center>rn<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
于是谷歌一顿,但文章都在说是 well-known 目录的配置问题,于是查看了 nginx 配置,查看了网站根目录的权限,齐全没用。
在 stackoverflow 上有一个 0 赞的答案说到应该查看 ipv6 是否开启了,如果开启了就要加上 [::]:80。
一言惊醒梦中人啊,忽然想起前端工夫的确启用了 ipv6。于是关上 gwlin.com 的 nginx 配置文件,加上:
{
//...
server_name gwlin.com;
listen 80;
listen [::]:80; // 加这个
//...
}
而后 certbot 更新证书,搞定。
参考文章:
https://stackoverflow.com/questions/42269107/using-certbot-to-apply-lets-encrypt-certificate-failed-authorization-procedure
集体博客:https://www.gwlin.com/posts/5942