配置Nginx回复http://my-domain.com/.well-known/acme-challenge/XXXX
Configure Nginx to reply to http://my-domain.com/.well-known/acme-challenge/XXXX
我无法让 nginx 访问 return 我放入 /var/www/letsencrypt 的文件。
nginx/sites-available/mydomain.conf
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name my-real-domain.com;
include /etc/nginx/snippets/letsencrypt.conf;
root /var/www/mydomain;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
nginx/snippets/letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/letsencrypt;
}
我运行这个命令:
certbot certonly --webroot -w /var/www/letsencrypt/ -d my-real-domain.com
但是 certbot 尝试访问的页面始终是 404。
调试中
$ echo hi > /var/www/letsencrypt/hi
$ chmod 644 /var/www/letsencrypt/hi
现在我应该可以 curl localhost/.well-known/acme-challenge/hi,但那行不通。还是 404。知道我错过了什么吗?
选项 root /var/www/letsencrypt/; 告诉 nginx "this is base directory",所以最终路径将是 /var/www/letsencrypt/.well-known/acme-challenge/.
所以,你有两个选择:
改变路径,例如
$ echo hi > /var/www/letsencrypt/.well-known/acme-challenge/hi
更改 nginx 的行为,因此 nginx 会将其视为别名:
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
rewrite /.well-known/acme-challenge/(.*) / break;
root /var/www/letsencrypt;
}
并且不要忘记 make killall -1 nginx 以重新加载配置
看来Synology Nginx 配置现在有acme-challenge 规则了。将你的文件放在 /var/lib/letsencrypt/.well-known/acme-challenge 中,由于配置保持不变,因此无需重新加载 Nginx。
详情见/etc/nginx/nginx.conf。
我无法让 nginx 访问 return 我放入 /var/www/letsencrypt 的文件。
nginx/sites-available/mydomain.conf
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name my-real-domain.com;
include /etc/nginx/snippets/letsencrypt.conf;
root /var/www/mydomain;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
nginx/snippets/letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/letsencrypt;
}
我运行这个命令: certbot certonly --webroot -w /var/www/letsencrypt/ -d my-real-domain.com
但是 certbot 尝试访问的页面始终是 404。
调试中
$ echo hi > /var/www/letsencrypt/hi
$ chmod 644 /var/www/letsencrypt/hi
现在我应该可以 curl localhost/.well-known/acme-challenge/hi,但那行不通。还是 404。知道我错过了什么吗?
选项 root /var/www/letsencrypt/; 告诉 nginx "this is base directory",所以最终路径将是 /var/www/letsencrypt/.well-known/acme-challenge/.
所以,你有两个选择:
改变路径,例如
$ echo hi > /var/www/letsencrypt/.well-known/acme-challenge/hi更改 nginx 的行为,因此 nginx 会将其视为别名:
location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; rewrite /.well-known/acme-challenge/(.*) / break; root /var/www/letsencrypt; }
并且不要忘记 make killall -1 nginx 以重新加载配置
看来Synology Nginx 配置现在有acme-challenge 规则了。将你的文件放在 /var/lib/letsencrypt/.well-known/acme-challenge 中,由于配置保持不变,因此无需重新加载 Nginx。
详情见/etc/nginx/nginx.conf。