Certbot/.众所周知/acme挑战 [英] Certbot /.well-known/acme-challenge

问题描述

我应该始终将/.well-known/acme-challenge暴露在服务器上吗?这是我的HTTP配置:

Should I leave the /.well-known/acme-challenge always exposed on the server? Here is my config for the HTTP:

server {
 listen 80;

 location '/.well-known/acme-challenge' {
    root        /var/www/demo;
  }

 location / {
          if ($scheme = http) {
            return 301 https://$server_name$request_uri;
          }
 }

除了acme-challenge(用于自动续订)外，基本上将所有请求都重定向到https.我的问题:始终在端口80上公开位置'/.well-known/acme-challenge'是否可以?还是在需要重新颁发证书时手动对其进行注释/取消注释?那里有任何安全问题吗?

Which basically redirects all the requests to https, except for the acme-challenge (for auto renewal). My question: Is it alright to keep location '/.well-known/acme-challenge' always exposed on port 80? Or better to comment/uncomment it manually, when need to reissue the certificate? Are there any security issues with that?

有关此位置的任何建议或链接请阅读.谢谢！

Any advise or links to read for about the this location appreciated. Thanks!

推荐答案

Acme质询链接仅用于验证到该IP地址的域

Acme challenge link only needed for verifying domain to this ip address

这篇关于Certbot/.众所周知/acme挑战的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！