如何解决Certbot 更新是通过 https 而不是 http 发出挑战,我如何在 Docker-compose 中使用 Nginx 重定向?
我目前正在尝试 dockerize 一个应用程序。我已经设法让一个 certbot 容器工作,它发出一个 http-01 质询并成功获取我的网站在 https 上运行的 ssl 证书。
但是,当我运行命令 sudo docker-compose run certbot renew --dry-run 命令时,出现错误:
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/mysite.online/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s),0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mysite.online
Type: unauthorized
Detail: Invalid response from
https://mysite.online/.well-known/acme-challenge/0Ze-EcwkJCZ9xgUqzUjPFvBD9tNnOCfY5rQl0zLYvfQ
[xx.xxx.xx.xx]: 404
当我最初运行创建证书的 certbot 容器时,挑战是通过 http 发出的。
这是我的 Nginx 配置文件:
server {
listen 80;
listen [::]:80;
server_name mysite.online;
root /var/www/html;
location ~ ./well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mysite.online;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/mysite.online/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.online/privkey.pem;
location / {
proxy_pass http://app_container;
proxy_connect_timeout 90;
proxy_send_timeout 120;
proxy_read_timeout 120;
}
}
如您所见,第一个服务器块在通过 http 发出时捕获了挑战。我的理解是挑战总是必须通过 http 发出,否则通过 http 以某种方式重定向。
我应该在 https 服务器块下放置另一个重定向块以重定向回第一个服务器块吗?或者有没有办法强制通过http进行续订请求?
为了完成,这是我的 docker-compose.yml 文件:
services:
app:
container_name: app_container
depends_on:
- "postgres"
build:
context: .
dockerfile: Dockerfile.de
ports:
- "5000:80"
networks:
- app_network
postgres:
container_name: postgres_container
build:
context: .
dockerfile: Dockerfile.pg
environment:
POSTGRES_PASSWORD: xxxxxx
POSTGRES_USER: xxxxxx
POSTGRES_DB: xxxxxx
ports:
- "5432:5432"
networks:
- app_network
nginx:
container_name: nginx_container
depends_on:
- "app"
- "postgres"
volumes:
- ./nginx-conf:/etc/nginx/conf.d
- ./certbot-etc:/etc/letsencrypt
- ./certbot-var:/var/lib/letsencrypt
- ./web-root:/var/www/html
ports:
- "80:80"
- "443:443"
networks:
- app_network
certbot:
container_name: certbot_container
image: certbot/certbot
depends_on:
- "nginx"
command: certonly --webroot --webroot-path=/var/www/html --email xxxxxx@xxxxxx.com --agree-tos --no-eff-email --force-renewal -d mysite.online
volumes:
- ./certbot-etc:/etc/letsencrypt
- ./certbot-var:/var/lib/letsencrypt
- ./web-root:/var/www/html
networks:
app_network:
driver: bridge
非常感谢任何帮助:)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。