Let's Encrypt 续订失败

tag-icon tag-icon apache-http-server certificate letsencrypt
Let's Encrypt 续订失败

我正在尝试使用 Let's Encrypt 和 Apache2 更新我的网站证书。但它返回以下错误:

sudo certbot --apache renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/*****************.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for *****************
Cleaning up challenges
Attempting to renew cert (*****************) from /etc/letsencrypt/renewal/*****************.conf produced an unexpected error: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/*****************/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/*****************/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

这是我的 apache2 配置:

<IfModule mod_ssl.c>
<VirtualHost *:80 *:443>

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/phpipam

    ServerName *****************
    SSLCertificateFile /etc/letsencrypt/live/*****************/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/*****************/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory "/var/www/html/phpipam">
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>
</IfModule>

你能告诉我哪里出了问题吗?

答案1

您在端口 80 上确实有一个虚拟主机,但它未设置为通过 HTTP 访问。相反,它通过 HTTPS 访问。这不是端口 80 所期望的。

端口 80 虚拟主机必须有自己的配置部分,不包含任何 SSL 内容。相反,它应该仅有的包含到 HTTPS 的重定向,如下所示:

<VirtualHost *:80>
  ServerName an.example.com
  Redirect permanent / https://an.example.com/
</VirtualHost>

相关内容