无法使用 Let's Encrypt 获取 Roundcube/Apache 配置的证书

tag-icon tag-icon debian virtualhost apache2 lets-encrypt roundcube
无法使用 Let's Encrypt 获取 Roundcube/Apache 配置的证书

因此,每次我尝试使用此命令创建此加密证书时,我都无法完成它,因为我在此处收到此错误:

"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p", mail.blabla.cc (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.blabla.cc/.well-known/acme-challenge/JCHNmTQhgr_FDpsERRZUj8caBGFbCbd9t-B3XIaBnHQ: "

当我访问 blabla.de 的常规 http 时,我会进入常规网站,但是当我访问http://mail.blabla.de我只看到一个空白页,没有任何错误。当我将浏览器指向 letsencrypt acme challenge 时,出现 404 not found 错误。

当我访问 mail.blabla.de 的 https 时,我进入了我的 roundcube 安装并可以正常登录(仍然有一个有效的证书,但我需要创建新的证书)这些是我的 apache 配置:

对于邮件子域:

<VirtualHost *:443>
    DocumentRoot /opt/www/roundcubemail/
    ServerName blabla.cc
    ServerAlias mail.blabla.cc
    Alias / "/opt/www/roundcubemail/"

    <Directory />
        Options FollowSymLinks
    </Directory>

    <Directory "/opt/www/roundcubemail/">
         Require all granted
         Options -Indexes
         AllowOverride All
    </Directory>

    SSLEngine on
    LogLevel debug
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Header always set Strict-Transport-Security "max-age=15768000"
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AE$
    SSLHonorCipherOrder on

    BrowserMatch "MSIE [2-6]" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
    </FilesMatch>

    <Directory /usr/lib/cgi-bin>
           SSLOptions +StdEnvVars
    </Directory>

    SSLCertificateFile /etc/letsencrypt/live/blabla.cc/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/blabla.cc/privkey.pem

对于常规子域和主域:

端口 80:

<VirtualHost *:80>
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    ServerName blabla.cc

    ServerAdmin [email protected]
    ServerAlias www.blabla.cc ftp.blabla.cc
    DocumentRoot /var/www/webspaces/blabla.cc/htdocs


    <Directory /var/www/webspaces/blabla.cc/htdocs>
            Options Indexes FollowSymLinks MultiViews
            RewriteEngine On
            AllowOverride All
            allow from all
    </Directory>

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    LogLevel debug

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

端口 443:

    <VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName blabla.cc
        ServerAlias www.blabla.cc ftp.blabla.cc
        ServerAdmin [email protected]
        DocumentRoot /var/www/webspaces/blabla.cc/htdocs


        <Directory /var/www/webspaces/blabla.cc/htdocs>
                Options Indexes FollowSymLinks MultiViews
                RewriteEngine On
                AllowOverride All
                allow from all
        </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        LogLevel debug

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
SSLCertificateFile /etc/letsencrypt/live/blabla.cc/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/blabla.cc/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

在此示例中,我将我的域名重命名为 blabla.cc。

我不知道为什么会出现这个错误,有人能帮我修复它吗?我认为这是 Apache 配置错误。...

相关内容