今天在服务器上为另一个域名添加ssl,结果出现了http://xxx/.well-known/… 404 not found的错误
[root@fungli myxhs]# sudo certbot certonly --webroot -w /webser/www/myxhs -d xxx.xxx.cn -m xxxx@outlook.com --agree-tos
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxx.xxx.cn
Using the webroot path /webser/www/myxhs for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. xxx.xxx.cn (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://xxx.xxx.cn/.well-known/acme-challenge/5vo0TVEuIagsjJ5Z3o0s9Kpvbi2I4Mz21hyg3SB3y2c: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: xxx.xxx.cn
Type: unauthorized
Detail: Invalid response from
http://xxx.xxx.cn/.well-known/acme-challenge/5vo0TVEuIagsjJ5Z3o0s9Kpvbi2I4Mz21hyg3SB3y2c:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
后发现是nginx配置的错误,我的项目是基于Laravel5开发的,需要在nginx配置中加上一段:
#myxhs 是我项目的根目录,而站点的解析目录需要指定到/var/www/html/myxhs/public下。
location ~ /.well-known {
root /var/www/html/myxhs;
allow all;
}
.well-known是什么文件夹?
.well-known 文件夹是申请SSL时自动生成的,删除不影响SSL工作,但是当SSL过期续期后会再次自动生成