我正在使用 jonasal/nginx-certbot 图像来生成 letsencript 证书。
docker-compose.yml:
version: '3'
services:
nginx:
image: jonasal/nginx-certbot:latest
restart: unless-stopped
environment:
- [email protected]
env_file:
- ./nginx-certbot.env
ports:
- 80:80
- 443:443
volumes:
- nginx_secrets:/etc/letsencrypt
- ./user_conf.d:/etc/nginx/user_conf.d
volumes:
nginx_secrets:
nginx-certbot.env:
# Required
[email protected]
# Optional (Defaults)
STAGING=0
DHPARAM_SIZE=2048
RSA_KEY_SIZE=2048
ELLIPTIC_CURVE=secp256r1
USE_ECDSA=0
RENEWAL_INTERVAL=8d
# Advanced (Defaults)
DEBUG=0
USE_LOCAL_CA=0
示例服务器.conf:
server {
# Listen to port 443 on both IPv4 and IPv6.
listen 443 ssl default_server reuseport;
listen [::]:443 ssl default_server reuseport;
# Domain names this server should respond to.
server_name autocensor.ru www.autocensor.ru;
# Load the certificate files.
ssl_certificate /etc/letsencrypt/live/autocensor.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/autocensor.ru/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/autocensor.ru/chain.pem;
# Load the Diffie-Hellman parameter.
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
return 200 'Let\'s Encrypt certificate successfully installed!';
add_header Content-Type text/plain;
}
在 docker-compose up 运行时我收到此错误:
申请 autocensor.ru 证书和www.autocensor.runginx_1 | nginx_1 | Certbot 无法验证某些域(验证器:webroot)。证书颁发机构报告了这些问题:nginx_1 | 域:autocensor.ru nginx_1 | 类型:
未经授权 nginx_1 | 详细信息:来自服务器的密钥授权文件与此质询不匹配“pp6XaPNCuZawYdO3O7FNKHfeWtpf1bQzcoIyXVGNOzM.kTA13USq2rwk6zJAuXHkRl6UF3hcK_tiHGRBYu100gU”!=“pp6XaPNCuZawYdO3O7FNKHfeWtpf1bQzcoIyXVGNOzM”
然而https://autocensor.ru/.well-known/acme-challenge/pp6XaPNCuZawYdO3O7FNKHfeWtpf1bQzcoIyXVGNOzM.kTA13USq2rwk6zJAuXHkRl6UF3hcK_tiHGRBYu100gU显示完整的哈希码,并且似乎 certbot 没有因为某种原因将其切断。
我尝试使用原始的 phusion/baseimage 图像来做到这一点。结果是一样的。我做错了什么?
也许我只需要输出哈希的一部分?我尝试打印出其他内容,结果显示如下内容:
“pp6XaPNCuZawYdO3O7FNKHfeWtpf1bQzcoIyXVGNOzM.kTA13USq2rwk6zJAuXHkRl6UF3hcK_tiHGRBYu100gU”!=“内容”
意思是输出内容从右侧开始。
我很感激任何提示!