在安装 Let’s Encrypt免费SSL证书的时候 遇到这个报错 (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from
详细报错如下:
<hr><center>", macff.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://macff.net/.well-known/acme-challenge/XyCSq95iEXKKRjcEJOKHAMHiNyNkpvy3wvfmy4O44ns: "<html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>" IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.macff.net Type: unauthorized Detail: Invalid response from http://www.macff.net/.well-known/acme-challenge/T1DcmkO6yb9x3_uBTtp5z8Ww8FfvNcn-2taZoinCX2Q: "<html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>"
解决方法很简单,在nginx的网站配置文件中加入下面几行就可以了
location ~ /.well-known {
allow all;
}
我的网站的nginx配置文件是 /usr/local/nginx/conf/vhost/macff.net.conf
完整配置文件如下:
server
{
listen 80;
#listen [::]:80;
listen 443 ssl;
server_name macff.net www.macff.net bbs.macff.com m.macff.net;
index index.html index.htm index.php default.html default.htm default.php;
root /wwwroot/macff.net;
ssl on;
ssl_certificate /etc/letsencrypt/live/macff.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/macff.net/privkey.pem;
if ($server_port = 80) {
return 301 https://www.macff.net$request_uri;
}
if ($scheme = http) {
return 301 https://www.macff.net$request_uri;
}
include discuzx.conf;
#error_page 404 /404.html;
include enable-php.conf;
location ~ /.well-known {
allow all;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /\.
{
deny all;
}
access_log /home/wwwlogs/macff.net.log;
}
