一點背景;我是在同一個 VPS 上托管個人郵件服務器、nextcloud 服務器和 nginx 的菜鳥。我的 nextcloud 和郵件服務器作業正常,但是自從我添加了網路服務器后,事情就變得很糟糕。
我的www.redacted.xyz回傳一個 404 并且 redacted.xyz 回傳一個 403 ......我無法為我的生活弄清楚為什么,雖然我一直在使用 Certbot 進行奇怪的埠事情,我在下面描述這似乎是一個促進因素。
nginx -t -c /etc/nginx/nginx.conf:
root@vultr: nginx -t -c /etc/nginx/nginx.conf
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
/etc/nginx/sites-enabled/redacted
server {
listen 8080 ;
listen [::]:8080 ;
server_name redacted.xyz www.redacted.xyz ;
root /var/www/redacted ;
index index.html index.htm index.nginx-debian.html ;
location / {
try_files $uri $uri/ =404 ;
}
listen [::]:8443 ssl ipv6only=on; # managed by Certbot
listen 8443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/redacted.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/redacted.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
請注意,我使用的是 8080 和 8443 而不是 80 和 443,因為它們似乎會導致 Certbot 出現問題,如下所述。使用這些埠似乎可以解決這個問題,但似乎有助于這個新問題。
當我在啟用站點的檔案中將 8443 更改為 443 時,www. 該網站的版本突然作業。從 8080 更改為 80 仍會導致非 www 上的 403。當然,客戶端沒有明顯的變化,因為我將站點設定為重定向到 https。
到底他媽發生了什么?
證書機器人--nginx
root@vultr: certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: redacted.xyz
2: mail.redacted.xyz
3: www.mail.redacted.xyz
4: www.redacted.xyz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/redacted.xyz.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/redacted
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/mail
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/mail
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/redacted
nginx: [warn] conflicting server name "redacted.xyz" on [::]:443, ignored
nginx: [warn] conflicting server name "redacted.xyz" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "redacted.xyz" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "redacted.xyz" on [::]:80, ignored
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/redacted
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/mail
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/mail
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/redacted
nginx: [warn] conflicting server name "redacted.xyz" on [::]:443, ignored
nginx: [warn] conflicting server name "redacted.xyz" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "redacted.xyz" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "redacted.xyz" on [::]:80, ignored
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://redacted.xyz,
https://mail.redacted.xyz, https://www.mail.redacted.xyz, and
https://www.redacted.xyz
uj5u.com熱心網友回復:
我想知道這是否與您使用 certbot 的方式有關。您需要一個涵蓋兩個域名的證書——從共享的輸出看來,您正在嘗試生成兩個證書,一個用于 FQDN 的每個變體。埠問題可能是因為 certbot 至少要使用埠 80(不確定 443)來驗證域并添加證書。
uj5u.com熱心網友回復:
好吧,我想出了這個……原來我忘記設定云了。用于我的 Nextcloud 服務器的子域,因此redacted.Xyz改為使用它。
將 Nextcloud 的服務器塊中的服務器名稱更改為cloud.redacted.Xyz并洗掉redacted.Xyz。這清除了主要問題,并導致我修復了 certbot 問題!
(現在我無法讓該子域正常作業,但這是另一個帖子哈哈)
轉載請註明出處,本文鏈接:https://www.uj5u.com/qiye/405219.html
標籤:
下一篇:IIS證書在系結上自動創建和更改