我最近在 godaddy 上购买了一个域名、主机和一台 Ubuntu 22.04 vps。域名和主机都运行正常,我可以通过输入网址来访问网站。但是当我尝试使用 certbot 获取 ssl 证书时,我得到的是:
root@35:~# sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: cihanbatasul.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for cihanbatasul.com
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: cihanbatasul.com
Type: unauthorized
Detail: 92.205.171.180: Invalid response from http://cihanbatasul.com/.well-known/acme-challenge/gGguqH44EsxtOmUeswWsjDx9xtSR70HrJzwEBjXuaZQ: 404
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
我的 000-default.conf 文件:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
我的域名的 conf 文件名为 cihanbatasul.com.conf:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName cihanbatasul.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html>
Options FollowSymLinks
AllowOverride All
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
Alias /.well-known/acme-challenge/ /var/www/html/.well-known/acme-challenge/
<Location "/.well-known/acme-challenge/">
Options None
AllowOverride None
ForceType text/plain
RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
</Location>
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
我不知道我是否正确指定了 DocumentRoot。我使用了 godaddy 文档树的文件夹结构: 文件夹结构图像链接
我也没有 acme 文件,也不知道在哪里可以找到它们或让它们可用。我希望得到一些帮助。
谢谢你!
答案1
你的服务器块不正确,对于 letsencrypt 它应该是这样的
<VirtualHost *:80>
ServerName mydom.tld
Alias /.well-known/acme-challenge/ /var/www/letsencrypt/.well-known/acme-challenge/
<Directory "/var/www/letsencrypt/.well-known/acme-challenge/">
Options None
AllowOverride None
ForceType text/plain
RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
</Directory>
# ... remaining configuration
</VirtualHost>
还要确保 apache 的 ssl 模块已启用
sudo a2enmod ssl
关于文档根目录,最佳做法是让它看起来像这样
<VirtualHost *:80>
ServerName yourdomain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html>
Options FollowSymLinks
AllowOverride All
</Directory>
# Let's Encrypt challenge location
Alias /.well-known/acme-challenge/ /var/www/html/.well-known/acme-challenge/
<Location "/.well-known/acme-challenge/">
Options None
AllowOverride None
ForceType text/plain
RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
</Location>
</VirtualHost>
这应该存储在/etc/apache2/sites-available/yourdomain.conf
确保启用此虚拟主机并删除之前创建的其余虚拟主机