让我们加密未经授权的403禁止 [英] Let's Encrypt unauthorized 403 forbidden
问题描述
在服务器上,已安装Nginx. 让我们加密可以与www.domain.com一起很好地工作,但不能与static.domain.com一起工作
On the server, Nginx is installed. Let's Encrypt is working well with www.domain.com but is not working with static.domain.com
使用PuTTY,当我输入时:
sudo letsencrypt certonly -a webroot --webroot-path=/var/www/site/domain -d static.domain.com -d domain.com -d www.domain.com
With PuTTY, when I enter :
sudo letsencrypt certonly -a webroot --webroot-path=/var/www/site/domain -d static.domain.com -d domain.com -d www.domain.com
我遇到以下问题:
Failed authorization procedure. static.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://static.domain.com/.well-known/acme-challenge/c6zngeBwPq42KLXT2ovW-bVPOQ0OHuJ7Fw_FbfL8XfY: "<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: static.domain.com
Type: unauthorized
Detail: Invalid response from
http://static.domain.com/.well-known/acme-challenge/c6zngeBwPq42KLXT2ovW-bVPOQ0OHuJ7Fw_FbfL8XfY:
"<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
有人知道这可能是什么问题吗?
Somebody know what can be the issue?
推荐答案
当我第一次尝试在我的网站上安装证书时,我从certbot收到了相同的错误消息.
I got an identical error message from certbot when I tried to install a certificate for the first time on my website.
我使用的是apache2,而不是nginx.我在/var/log/apache2/error.log
的日志中查看了与我网站上的 403 Forbidden 事件相关的apache2错误消息,我发现:
I was using apache2, not nginx. I looked at the logs in /var/log/apache2/error.log
for apache2 error messages associated with that 403 Forbidden event on my website and I found :
[Sun Aug 26 14:16:24.239964 2018] [core:error] [pid 12345] (13)Permission denied: [client 12.34.56.78:1234] AH00035: access to /.well-known/acme-challenge/5PShRrf3tR3wmaDw1LOKXhDOt9QwyX3EVZ13JklRJHs denied (filesystem path '/var/lib/letsencrypt/http_challenges') because search permissions are missing on a component of the path
权限和访问问题
我搜索了此错误消息,发现apache2由于权限不正确而无法读取上述目录(例如/var/lib/letsencrypt/http_challenges
),例如:
$ sudo ls -la /var/lib/letsencrypt/
total 16
drwxr-x--- 4 root root 4096 Aug 26 14:31 .
drwxr-xr-x 72 root root 4096 Aug 18 00:48 ..
drwxr-x--- 27 root root 4096 Aug 26 14:26 backups
drwxr-xr-x 2 root root 4096 Aug 26 14:27 http_challenges
因此,根据上一行带有点(.
)的点(.
)代表具有许可权rwxr-x---
的letsencrypt
文件夹,除root用户外,没有人可以读取其内容.为了纠正权限,我只是做了:
So, according to the above line with a dot (.
) representing letsencrypt
folder with permission rwxr-x---
, no one except root user can read its content. To rectify permissions, I just did :
$ sudo chmod o+rx /var/lib/letsencrypt
将上面的$ ls
命令输出更改为:
which changes the above $ ls
command output to :
$ ls -la /var/lib/letsencrypt/
total 16
drwxr-xr-x 4 root root 4096 Aug 26 14:31 .
drwxr-xr-x 72 root root 4096 Aug 18 00:48 ..
drwxr-x--- 27 root root 4096 Aug 26 14:26 backups
drwxr-xr-x 2 root root 4096 Aug 26 14:27 http_challenges
现在,上面带有表示(c4)目录的点(.)的行表示rwxr-xr-x
,因此其他 users "(例如用户 www-data apache2)现在可以读取并通过letsencrypt
目录.
Now, the above line with a dot (.) representing letsencrypt
directory indicates rwxr-xr-x
, so that "other users" (like user www-data for apache2) can now read and go through letsencrypt
directory.
然后certbot按预期工作.
Then certbot worked as expected.
这篇关于让我们加密未经授权的403禁止的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!