Let's Encrypt续费证书异常报错解决
Let's Encrypt续费证书异常报错解决
在续费免费证书时出现错误,这里小记一下。
现象
#certbot certonly --webroot -w /usr/share/nginx/html -d gh.wqyfchina.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for gh.wqyfchina.com Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: gh.wqyfchina.com Type: unauthorized Detail: 61.xx.xx.214: Invalid response from http://gh.wqyfchina.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxx: 502 Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. Some challenges have failed.Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbotwith -v for more details.
分析
根据报错信息可以定位到 /.well-known的配置有问题检查Nginx location的 /.well-known配置正确后再次续订成功。
解决
检查下面localtion配置确认可以访问到
# Load configuration files for the default server block. location /.well-known { index index.html; }