我有一个在带有跳转箱的 LXD 设置中的 Ubuntu Server 上运行的 LetsEncrypt 证书。
续订无效,无法访问验证文件
Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Failed authorization procedure. example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response
Domain: example.com/
Type: unauthorized
Detail: Invalid response from
http://example.com/.well-known/acme-challenge/2IvN-H2-iqCBl7IZ1Wh8KSbcAia1uLGVmPT2bDZ9sqc:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
这是我的 haproxy 配置
frontend app_ssl
bind *:443 ssl crt /etc/haproxy/certs/api.showhow.nz.pem
reqadd X-Forwarded-Proto:\ https
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
default_backend web2
backend letsencrypt-backend
server letsencrypt 127.0.0.1:54321
知道我哪里错了吗?
答案1
我必须设置
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
在非 SSL 前端