Let's Encrypt续费证书异常报错解决

Let's Encrypt续费证书异常报错解决

在续费免费证书时出现错误，这里小记一下。

现象

#certbot certonly --webroot -w /usr/share/nginx/html -d gh.wqyfchina.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for gh.wqyfchina.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: gh.wqyfchina.com
Type: unauthorized
Detail: 61.xx.xx.214: Invalid response from http://gh.wqyfchina.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxx: 502

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbotwith -v for more details.

 

 

分析

根据报错信息可以定位到 /.well-known的配置有问题检查Nginx location的 /.well-known配置正确后再次续订成功。

解决

检查下面localtion配置确认可以访问到

       # Load configuration files for the default server block.
          location /.well-known {
                  index index.html;
          }