因此,每次我尝试使用此命令创建此加密证书时,我都无法完成它,因为我在此处收到此错误:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p", mail.blabla.cc (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.blabla.cc/.well-known/acme-challenge/JCHNmTQhgr_FDpsERRZUj8caBGFbCbd9t-B3XIaBnHQ: "
当我访问 blabla.de 的常规 http 时,我会进入常规网站,但是当我访问http://mail.blabla.de我只看到一个空白页,没有任何错误。当我将浏览器指向 letsencrypt acme challenge 时,出现 404 not found 错误。
当我访问 mail.blabla.de 的 https 时,我进入了我的 roundcube 安装并可以正常登录(仍然有一个有效的证书,但我需要创建新的证书)这些是我的 apache 配置:
对于邮件子域:
<VirtualHost *:443>
DocumentRoot /opt/www/roundcubemail/
ServerName blabla.cc
ServerAlias mail.blabla.cc
Alias / "/opt/www/roundcubemail/"
<Directory />
Options FollowSymLinks
</Directory>
<Directory "/opt/www/roundcubemail/">
Require all granted
Options -Indexes
AllowOverride All
</Directory>
SSLEngine on
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Header always set Strict-Transport-Security "max-age=15768000"
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AE$
SSLHonorCipherOrder on
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
SSLCertificateFile /etc/letsencrypt/live/blabla.cc/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/blabla.cc/privkey.pem
对于常规子域和主域:
端口 80:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName blabla.cc
ServerAdmin [email protected]
ServerAlias www.blabla.cc ftp.blabla.cc
DocumentRoot /var/www/webspaces/blabla.cc/htdocs
<Directory /var/www/webspaces/blabla.cc/htdocs>
Options Indexes FollowSymLinks MultiViews
RewriteEngine On
AllowOverride All
allow from all
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
端口 443:
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName blabla.cc
ServerAlias www.blabla.cc ftp.blabla.cc
ServerAdmin [email protected]
DocumentRoot /var/www/webspaces/blabla.cc/htdocs
<Directory /var/www/webspaces/blabla.cc/htdocs>
Options Indexes FollowSymLinks MultiViews
RewriteEngine On
AllowOverride All
allow from all
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
SSLCertificateFile /etc/letsencrypt/live/blabla.cc/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/blabla.cc/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
在此示例中,我将我的域名重命名为 blabla.cc。
我不知道为什么会出现这个错误,有人能帮我修复它吗?我认为这是 Apache 配置错误。...