在 Ubuntu 上设置 LetsEncrypt 续订

在 Ubuntu 上设置 LetsEncrypt 续订

我有一个在带有跳转箱的 LXD 设置中的 Ubuntu Server 上运行的 LetsEncrypt 证书。

续订无效,无法访问验证文件

Attempting to renew cert (example.com) from /etc/letsencrypt/renewal/example.com.conf produced an unexpected error: Failed authorization procedure. example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response 

 Domain: example.com/
   Type:   unauthorized
   Detail: Invalid response from
   http://example.com/.well-known/acme-challenge/2IvN-H2-iqCBl7IZ1Wh8KSbcAia1uLGVmPT2bDZ9sqc:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

这是我的 haproxy 配置

frontend app_ssl
    bind *:443 ssl crt /etc/haproxy/certs/api.showhow.nz.pem
    reqadd X-Forwarded-Proto:\ https
    acl letsencrypt-acl path_beg /.well-known/acme-challenge/
    use_backend letsencrypt-backend if letsencrypt-acl
    default_backend web2

backend letsencrypt-backend
   server letsencrypt 127.0.0.1:54321

知道我哪里错了吗?

答案1

我必须设置

acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl

在非 SSL 前端

相关内容