letsencrypt 续订证书时出现 404 错误
[英]404 error on letsencrypt renew certificate
问题描述
Every time I try to renew my letsencrypt certificate it fails with a 404 error using nginx and certbot.
每次我尝试更新我的 letsencrypt 证书时,它都会失败并出现 404 错误,使用 nginx 和 certbot。 I managed to fix it by modifying the configuration file to a basic one, but this prevents the certificate from auto-renewing, so every 3 months I have to repeat the operation.我设法通过将配置文件修改为基本配置文件来修复它,但这会阻止证书自动更新,因此我必须每 3 个月重复一次操作。 Could you help me to find out where the problem is?你能帮我找出问题出在哪里吗?
My actual domain conf (acuar.io.conf) -- This code is working to operate the website but not for renewal我的实际域 conf (acuar.io.conf) -- 此代码用于操作网站但不用于续订
# Odoo servers
upstream odoo {
server 127.0.0.1:8069;
}
upstream odoochat {
server 127.0.0.1:8072;
}
# HTTP -> HTTPS
server {
listen 80;
server_name www.acuar.io acuar.io;
include snippets/letsencrypt.conf;
return 301 https://acuar.io$request_uri;
}
# WWW -> NON WWW
server {
listen 443 ssl http2;
server_name www.acuar.io;
ssl_certificate /etc/letsencrypt/live/acuar.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/acuar.io/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/acuar.io/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
return 301 https://acuar.io$request_uri;
}
server {
listen 443 ssl http2;
server_name acuar.io;
proxy_read_timeout 720s;
proxy_connect_timeout 720s;
proxy_send_timeout 720s;
# Proxy headers
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
# SSL parameters
ssl_certificate /etc/letsencrypt/live/acuar.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/acuar.io/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/acuar.io/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
# log files
access_log /var/log/nginx/odoo.access.log;
error_log /var/log/nginx/odoo.error.log;
# Handle longpoll requests
location /longpolling {
proxy_pass http://odoochat;
}
# Handle / requests
location / {
proxy_redirect off;
proxy_pass http://odoo;
}
# Cache static files
location ~* /web/static/ {
proxy_cache_valid 200 90m;
proxy_buffering on;
expires 864000;
proxy_pass http://odoo;
}
# Gzip
gzip_types text/css text/less text/plain text/xml application/xml application/json application/javascript;
gzip on;
}
The code I have to setup to get certificate renewal working:我必须设置的代码才能使证书续订工作:
server {
listen 80;
server_name acuar.io www.acuar.io;
include snippets/letsencrypt.conf;
}
Thank you very much for your help非常感谢您的帮助
1 个解决方案
解决方案1
0 已采纳 2022-12-07 10:02:15
After a lot of tries i managed to make a workaround, I'm sure there may be better options but at least it works:经过多次尝试,我设法做出了解决方法,我相信可能有更好的选择,但至少它有效:
I commented the line where the code redirects HTTP to HTTPS:我评论了代码将 HTTP 重定向到 HTTPS 的行:
# HTTP -> HTTPS server { listen 80; server_name www.acuar.io acuar.io; include snippets/letsencrypt.conf; # return 301 https://acuar.io$request_uri; }
The problem, as long as I understood was Cerbot needs to access the server in HTTP but the server was already forcing all trafic to HTTP.据我了解,问题是 Cerbot 需要访问 HTTP 中的服务器,但服务器已经强制所有流量到 HTTP。
If anyone have a better way to make this i really apreciate the help.如果有人有更好的方法来做到这一点,我真的很感激帮助。 In any case I hope this will help someone in the same error like me.无论如何,我希望这能帮助像我一样犯同样错误的人。
Thanks谢谢
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.