nginx – 安装LetsEncrypt SSL时出错:(http-01):urn:acme:error:connection ::服务器无法连接到客户端以验证域

前端之家收集整理的这篇文章主要介绍了nginx – 安装LetsEncrypt SSL时出错:(http-01):urn:acme:error:connection ::服务器无法连接到客户端以验证域前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我正在尝试在我的服务器上安装LetsEncrypt(我有root SSH访问权限),用于staging.dnslaude.com – 这是一个可公开访问的域,指向213.212.81.89.

服务器正在运行ubuntu 16.04和一个Nginx web服务器.下面是Nginx配置:

server {
  listen 80;
  server_name staging.dnslaude.com;

  root /path/to/webroot;

  location ^~ /.well-known/acme-challenge/ {
    try_files $uri $uri/ =404;
  }
  rewrite ^(.*) https://$host$1 permanent;
}

server {
  listen 443;
  ssl on;
  ssl_certificate /path/to/self/signed/certificate.crt;
  ssl_certificate_key /path/to/key.key;

  server_name staging.dnslaude.com;

  root /path/to/webroot;

  # ....

  location ^~ /.well-known/acme-challenge/ {
    try_files $uri $uri/ =404;
  }
}

您可以看到Nginx配置似乎有效,因为我手动将文件放在acme-challenge文件here中.

但是,当我运行命令时:

letsencrypt certonly --webroot -w /path/to/webroot -d staging.dnslaude.com

它返回以下错误

Failed authorization procedure. staging.dnslaude.com (http-01):
urn:acme:error:connection :: The server could not connect to the
client to verify the domain :: Could not connect to
staging.dnslaude.com

IMPORTANT NOTES:
– The following errors were reported by the server:

Domain: staging.dnslaude.com Type: connection Detail: Could
not connect to staging.dnslaude.com

To fix these errors,please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally,please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin,you should also verify
that you are serving files from the webroot path you provided.

我按照here概述的基本设置指南,尝试了各种配置变体,例如建议的here.但是,我无法通过上述错误 – 并且无法在日志文件中看到任何指示原因的内容.

有什么建议?

最佳答案
你的Nginx配置看起来是正确的.

在预感中,我针对您的域名运行了nmap(因为您已将其包含在您的问题中);您似乎正在过滤端口80,因此LetsEncrypt无法进行外部连接并进行验证.

您需要确保在相关服务器的本地防火墙(以及vhost提供程序或类似服务器上可能存在的任何ACL)上可以从外部访问端口80.

猜你在找的Nginx相关文章