让我们加密未经授权的403禁止 [英] Let's Encrypt unauthorized 403 forbidden

问题描述

在服务器上，已安装Nginx. 让我们加密可以与www.domain.com一起很好地工作，但不能与static.domain.com一起工作

On the server, Nginx is installed. Let's Encrypt is working well with www.domain.com but is not working with static.domain.com

使用PuTTY，当我输入时: sudo letsencrypt certonly -a webroot --webroot-path=/var/www/site/domain -d static.domain.com -d domain.com -d www.domain.com

With PuTTY, when I enter : sudo letsencrypt certonly -a webroot --webroot-path=/var/www/site/domain -d static.domain.com -d domain.com -d www.domain.com

我遇到以下问题:

Failed authorization procedure. static.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://static.domain.com/.well-known/acme-challenge/c6zngeBwPq42KLXT2ovW-bVPOQ0OHuJ7Fw_FbfL8XfY: "<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: static.domain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://static.domain.com/.well-known/acme-challenge/c6zngeBwPq42KLXT2ovW-bVPOQ0OHuJ7Fw_FbfL8XfY:
   "<html>
   <head><title>403 Forbidden</title></head>
   <body bgcolor="white">
   <center><h1>403 Forbidden</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

有人知道这可能是什么问题吗?

Somebody know what can be the issue?

推荐答案

当我第一次尝试在我的网站上安装证书时，我从certbot收到了相同的错误消息.

I got an identical error message from certbot when I tried to install a certificate for the first time on my website.

我使用的是apache2，而不是nginx.我在/var/log/apache2/error.log的日志中查看了与我网站上的 403 Forbidden 事件相关的apache2错误消息，我发现:

I was using apache2, not nginx. I looked at the logs in /var/log/apache2/error.log for apache2 error messages associated with that 403 Forbidden event on my website and I found :

[Sun Aug 26 14:16:24.239964 2018] [core:error] [pid 12345] (13)Permission denied: [client 12.34.56.78:1234] AH00035: access to /.well-known/acme-challenge/5PShRrf3tR3wmaDw1LOKXhDOt9QwyX3EVZ13JklRJHs denied (filesystem path '/var/lib/letsencrypt/http_challenges') because search permissions are missing on a component of the path

权限和访问问题

我搜索了此错误消息，发现apache2由于权限不正确而无法读取上述目录(例如/var/lib/letsencrypt/http_challenges)，例如:

$ sudo ls -la /var/lib/letsencrypt/
total 16
drwxr-x---  4 root root 4096 Aug 26 14:31 .
drwxr-xr-x 72 root root 4096 Aug 18 00:48 ..
drwxr-x--- 27 root root 4096 Aug 26 14:26 backups
drwxr-xr-x  2 root root 4096 Aug 26 14:27 http_challenges

因此，根据上一行带有点(.)的点(.)代表具有许可权rwxr-x---的letsencrypt文件夹，除root用户外，没有人可以读取其内容.为了纠正权限，我只是做了:

So, according to the above line with a dot (.) representing letsencrypt folder with permission rwxr-x---, no one except root user can read its content. To rectify permissions, I just did :

$ sudo chmod o+rx /var/lib/letsencrypt

将上面的$ ls命令输出更改为:

which changes the above $ ls command output to :

$ ls -la /var/lib/letsencrypt/
total 16
drwxr-xr-x  4 root root 4096 Aug 26 14:31 .
drwxr-xr-x 72 root root 4096 Aug 18 00:48 ..
drwxr-x--- 27 root root 4096 Aug 26 14:26 backups
drwxr-xr-x  2 root root 4096 Aug 26 14:27 http_challenges

现在，上面带有表示(c4)目录的点(.)的行表示rwxr-xr-x，因此其他 users "(例如用户 www-data apache2)现在可以读取并通过letsencrypt目录.

Now, the above line with a dot (.) representing letsencrypt directory indicates rwxr-xr-x, so that "other users" (like user www-data for apache2) can now read and go through letsencrypt directory.

然后certbot按预期工作.

Then certbot worked as expected.

这篇关于让我们加密未经授权的403禁止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！