我使用nginx和pm2在Linode上托管了Next.JS应用。
当我尝试续订证书时,我运行以下命令:
sudo letsencrypt certonly -a webroot --webroot-path=/var/www/project -d example.com -d www.example.com
但这会导致某些挑战失败,特别是以下错误:
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: example.com
Type: unauthorized
Detail: Invalid response from
https://example.com/.well-known/acme-challenge/tdrjf7xqYmTEcZUGxfpDQ179XVA55wcaV6de30nmlJE
[2a01:7e01::f03c:92ff:fefb:29]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx/1.16.1 (Ub"
Domain: www.example.com
Type: unauthorized
Detail: Invalid response from
https://example.com/.well-known/acme-challenge/AlIotwMFT_m-mlPvlg30Ya2r4sFm6qxLjZxjnBmmOJA
[2a01:7e01::f03c:92ff:fefb:29]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx/1.16.1 (Ub"
To fix these errors,please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
现在,我不确定是否需要在Linode中配置其他配置或其他配置。有人知道我需要做什么吗?
这是我的Nginx设置:
# redirect http to https
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}
server {
# listen on *:443 -> ssl; instead of *:80
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include snippets/ssl-params.conf;
location / {
# reverse proxy for next server
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# we need to remove this 404 handling
# because next's _next folder and own handling
# try_files $uri $uri/ =404;
}
location ~ /.well-known {
allow all;
}
}