let's encrypt ipv6下更新ssl证书404问题

/ 0 评 / 阅读 768

前些时间服务器配置了ipv6访问,后来就收到了let's encrypt的邮件说域名ssl证书过期。但问题是certbot应该会自动更新证书才对啊。

登上服务器手动更新证书试下,提示404错误:

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: gwlin.com
   Type:   unauthorized
   Detail: Invalid response from
   http://gwlin.com/.well-known/acme-challenge/eHOBoFPw4Uz5vM9Xzk9D91nsm292bxSNyuePVerQRMY
   [2600:3c01::f03c:92ff:fee2:491b]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

于是谷歌一顿,但文章都在说是well-known目录的配置问题,检查了nginx配置,检查了网站根目录的权限,完全没用。

在stackoverflow上有一个0赞的答案说到应该检查ipv6是否开启了,如果开启了就要加上 [::]:80 。

一言惊醒梦中人啊,突然想起前端时间确实启用了ipv6。于是打开gwlin.com的nginx配置文件,加上:

{
  //...
  server_name gwlin.com;
  listen 80;
  listen [::]:80; // 加这个
  //...
}

然后certbot更新证书,搞定。

参考文章:

https://stackoverflow.com/questions/42269107/using-certbot-to-apply-lets-encrypt-certificate-failed-authorization-procedure

发表评论

电子邮件地址不会被公开。 必填项已用*标注