Lets Encrypt 403 - 客户端缺少足够的授权。 Drupal 7 网站
Lets Encrypt 403 - The client lacks sufficient authorization. Drupal 7 Site
尝试生成 LetsEncript 证书时,我收到以下 403。
[ec2-user@myip html]$ /opt/letsencrypt/letsencrypt-auto certonly
--webroot -w /var/www/html -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --agree-tos Checking for new version... Requesting root privileges to run letsencrypt... sudo
/home/ec2-user/.local/share/letsencrypt/bin/letsencrypt certonly
--webroot -w /var/www/html/myroot -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --agree-tos
Version: 1.1-20080819 Version: 1.1-20080819 Failed authorization
procedure. mydomain.com (http-01): urn:acme:error:unauthorized :: The
client lacks sufficient authorization :: Invalid response from
http://example.com/.well-known/acme-challenge/IDug1d_rT8rZNPQQfdsgfdgsdfBKRJaHMTa3kulh4HnQ
[52.30.98.10]: 403
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mydomain.com Type: unauthorized Detail: Invalid
response from http://example.com/.well-known/acme-
challenge/IDug1d_rT8rZNPQQkjsdgfdgdfggdfajhsTa3kulh4HnQ
[52.30.98.101]: 403
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
事实证明,Drupal 的 .htaccess 文件(确实如此)不允许访问隐藏文件。我暂时将 .htaccess 文件重命名为 .temphtaccess 并且授权有效。
/opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/html/myroot -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --agree -tos
正在检查新版本...
请求 运行 letsencrypt 的 root 权限...
sudo /home/ec2-user/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/html/myroot -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --同意协议
版本:1.1-20080819
版本:1.1-20080819
重要说明:
- 恭喜!您的证书和链已保存在
/etc/letsencrypt/live/example.com/fullchain.pem。您的证书将
于 2016 年 7 月 17 日到期。获取新版本的证书
未来,只需 运行 Let's Encrypt again。
- 如果您喜欢 Let's Encrypt,请考虑通过以下方式支持我们的工作:
捐赠给 ISRG / Let's Encrypt:https://letsencrypt.org/donate
捐赠给 EFF:https://eff.org/donate-le
如何在 Drupal 上配置 Let's Encrypt
为了使您的 Drupal 站点与 Let's Encrypt 一起工作,以下是 htaccess 文件中需要的更改。
这一行:
<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
被这条线交换:
<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
而且,这一行:
RewriteRule "(^|/)\." - [F]
被这条线交换:
RewriteRule "(^|/)\.(?!well-known)" - [F]
来源:
https://support.cloudways.com/configure-drupal-lets-encrypt/
尝试生成 LetsEncript 证书时,我收到以下 403。
[ec2-user@myip html]$ /opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/html -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --agree-tos Checking for new version... Requesting root privileges to run letsencrypt... sudo /home/ec2-user/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/html/myroot -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --agree-tos Version: 1.1-20080819 Version: 1.1-20080819 Failed authorization procedure. mydomain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/IDug1d_rT8rZNPQQfdsgfdgsdfBKRJaHMTa3kulh4HnQ [52.30.98.10]: 403
IMPORTANT NOTES: - The following errors were reported by the server:
Domain: mydomain.com Type: unauthorized Detail: Invalid response from http://example.com/.well-known/acme-
challenge/IDug1d_rT8rZNPQQkjsdgfdgdfggdfajhsTa3kulh4HnQ
[52.30.98.101]: 403To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
事实证明,Drupal 的 .htaccess 文件(确实如此)不允许访问隐藏文件。我暂时将 .htaccess 文件重命名为 .temphtaccess 并且授权有效。
/opt/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/html/myroot -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --agree -tos 正在检查新版本... 请求 运行 letsencrypt 的 root 权限... sudo /home/ec2-user/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/html/myroot -d example.com -d www.example.com --config /etc/letsencrypt/config.ini --同意协议 版本:1.1-20080819 版本:1.1-20080819
重要说明: - 恭喜!您的证书和链已保存在 /etc/letsencrypt/live/example.com/fullchain.pem。您的证书将 于 2016 年 7 月 17 日到期。获取新版本的证书 未来,只需 运行 Let's Encrypt again。 - 如果您喜欢 Let's Encrypt,请考虑通过以下方式支持我们的工作:
捐赠给 ISRG / Let's Encrypt:https://letsencrypt.org/donate 捐赠给 EFF:https://eff.org/donate-le
如何在 Drupal 上配置 Let's Encrypt
为了使您的 Drupal 站点与 Let's Encrypt 一起工作,以下是 htaccess 文件中需要的更改。
这一行:
<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
被这条线交换:
<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
而且,这一行:
RewriteRule "(^|/)\." - [F]
被这条线交换:
RewriteRule "(^|/)\.(?!well-known)" - [F]
来源: https://support.cloudways.com/configure-drupal-lets-encrypt/