0

目前,我可以通过在我的 nginx 配置中保留以下行来成功安装Let's Encrypt SSL 证书:

location / {
    try_files $uri $uri/ /index.php?$query_string;
}

我想在我的网站上启用基本身份验证。以下工作正常:

location / {
    try_files $uri $uri/ /index.php?$query_string;
    auth_basic "Restricted Content";
    auth_basic_user_file /etc/nginx/.htpasswd;
}

但是,Let's Encrypt SSL 证书必须每月更新。我可以使用 curl 自动执行此更新。但是,Let's Encrypt 沿包含带有前缀的路由的路由有一个回调:

/.well-known/acme-challenge/

但是现在,我需要为上述路由前缀添加一个例外:

location ^~ /.well-known/acme-challenge/ {
    auth_basic off;
}

我已经尝试了上述的许多变体,但似乎都没有奏效。我无法使用上述配置安装 Let's Encrypt SSL 证书。我什至确定如果我取消基本身份验证(通过删除以 auth_basic 开头的两行),如果我只有以下内容,则不会安装 Let's Encrypt SSL 证书:

location ^~ /.well-known/acme-challenge/ {
    try_files $uri $uri/ /index.php?$query_string;
}

location / {
    try_files $uri $uri/ /index.php?$query_string;
}

我将不胜感激任何建议,因此回调路由将在启用基本身份验证时运行。我也有兴趣了解为什么我无法使用上面显示的配置安装 Let's Encrypt,其中甚至没有启用基本身份验证。提前致谢。

其他错误日志:

/var/log/nginx# cat cert.dev.farm-error.log.1
2016/03/18 13:12:26 [error] 12336#12336: *1 open() "/home/forge/cert.dev.farm/public/.well-known/acme-challenge/jGhldzH8cV3d666a44nRy-Gzf98m1u2qUbkWnNv0aMI" failed (2: No such file or directory), client: 66.133.109.36, server: cert.dev.farm, request: "GET /.well-known/acme-challenge/jGhldzH8cV3d666a44nRy-Gzf98m1u2qUbkWnNv0aMI HTTP/1.1", host: "cert.dev.farm"
2016/03/18 13:17:09 [error] 13202#13202: *1 open() "/home/forge/cert.dev.farm/.well-known/acme-challenge/k9jsDB_mkvU5UzvL-B7hd3iA90ZTq61OaDNixoeRQuQ" failed (2: No such file or directory), client: 66.133.109.36, server: cert.dev.farm, request: "GET /.well-known/acme-challenge/k9jsDB_mkvU5UzvL-B7hd3iA90ZTq61OaDNixoeRQuQ HTTP/1.1", host: "cert.dev.farm"
2016/03/18 13:17:09 [error] 13202#13202: *1 FastCGI sent in stderr: "Unable to open primary script: /home/forge/cert.dev.farm/index.php (No such file or directory)" while reading response header from upstream, client: 66.133.109.36, server: cert.dev.farm, request: "GET /.well-known/acme-challenge/k9jsDB_mkvU5UzvL-B7hd3iA90ZTq61OaDNixoeRQuQ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "cert.dev.farm"
2016/03/18 13:23:48 [error] 14522#14522: *1 open() "/home/forge/cert.dev.farm/public/.well-known/acme-challenge/5ZBXFn23tOUPcQFNrI3DqUE-l9x3rmdiOkYwabDl-jk" failed (2: No such file or directory), client: 66.133.109.36, server: cert.dev.farm, request: "GET /.well-known/acme-challenge/5ZBXFn23tOUPcQFNrI3DqUE-l9x3rmdiOkYwabDl-jk HTTP/1.1", host: "cert.dev.farm"
4

2 回答 2

3

您可能会错过为/.well-known/acme-challenge位置块设置的文档根目录。

location ^~ /.well-known/acme-challenge/ {
    root /path/to/your/public/directory;
    try_files $uri;
    auth_basic off;
}

location / {
    ...
}

您说您可以使用 CURL 将其自动化,您是否查看了可用客户端列表

于 2016-03-28T19:09:53.217 回答
1

您可以只使用 cli 客户端的更新命令:

➜ sudo letsencrypt renew

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/domain.com.conf
-------------------------------------------------------------------------------

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/domain.com/fullchain.pem (skipped)
No renewals were attempted.
于 2016-04-26T21:15:04.167 回答