Let’s Encrypt 生成证书错误 (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from 403 Forbidden

在安装 Let’s Encrypt免费SSL证书的时候 遇到这个报错 (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from 

详细报错如下:

<hr><center>", macff.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://macff.net/.well-known/acme-challenge/XyCSq95iEXKKRjcEJOKHAMHiNyNkpvy3wvfmy4O44ns: "<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>"

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: www.macff.net
Type: unauthorized
Detail: Invalid response from
http://www.macff.net/.well-known/acme-challenge/T1DcmkO6yb9x3_uBTtp5z8Ww8FfvNcn-2taZoinCX2Q:
"<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>"

解决方法很简单,在nginx的网站配置文件中加入下面几行就可以了

location ~ /.well-known {
    allow all;
}

我的网站的nginx配置文件是  /usr/local/nginx/conf/vhost/macff.net.conf

完整配置文件如下:

server
    {
        listen 80;
        #listen [::]:80;
	listen 443 ssl;
        server_name macff.net www.macff.net bbs.macff.com m.macff.net;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /wwwroot/macff.net;

	ssl on;
	ssl_certificate /etc/letsencrypt/live/macff.net/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/macff.net/privkey.pem;
	
	if ($server_port = 80) {
		return 301 https://www.macff.net$request_uri;
	}
	if ($scheme = http) {             
		return 301 https://www.macff.net$request_uri;
        }
        include discuzx.conf;
        #error_page   404   /404.html;
        include enable-php.conf;

	location ~ /.well-known {
    		allow all;
	}
        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/macff.net.log;
    }

 

暂无评论

发表评论