Certbot/Letsencrypt的NGINX配置
我无法在我的NGINX/Ubuntu18.04实例上启动并运行certbot。我在一个小时内完成了演练 我选择了certbot重定向,它更新了我的站点配置文件 我的配置文件如下所示:Certbot/Letsencrypt的NGINX配置,nginx,lets-encrypt,certbot,Nginx,Lets Encrypt,Certbot,我无法在我的NGINX/Ubuntu18.04实例上启动并运行certbot。我在一个小时内完成了演练 我选择了certbot重定向,它更新了我的站点配置文件 我的配置文件如下所示: server { listen 80; listen [::]:80; root /var/www/punkmap.com/html; index index.html index.htm index.nginx-debian.html;
server {
listen 80;
listen [::]:80;
root /var/www/punkmap.com/html;
index index.html index.htm index.nginx-debian.html;
server_name punkmap.com www.punkmap.com;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/punkmap.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/punkmap.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
certbot添加到我的配置文件中会破坏我的站点。通过删除添加到我的配置文件中的certbot代码行,很容易修复。然而,我在互联网上找不到说明如何纠正这个问题的信息
我的站点配置应该是什么样的
谢谢
Tyler问题在于,在同一个服务器块中有两个
listen
指令。最好的解决方案是手动编辑nginx配置,将其分为两个服务器块。非ssl(端口80)块应重定向到ssl(端口443)块。像这样的方法应该会奏效:
server {
listen 80;
listen [::]:80;
server_name punkmap.com www.punkmap.com;
return 301 https://$host$request_uri;
}
server {
root /var/www/punkmap.com/html;
index index.html index.htm index.nginx-debian.html;
server_name punkmap.com www.punkmap.com;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/punkmap.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/punkmap.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
然后在将来升级时,请确保传递
--cert only
参数,这样您的配置就不会再次受到干扰。请注意,我删除了所有#managed by Certbot注释,因为在此之后,它们将由您管理。问题是,在同一个服务器块中有两个listen
指令。最好的解决方案是手动编辑nginx配置,将其分为两个服务器块。非ssl(端口80)块应重定向到ssl(端口443)块。像这样的方法应该会奏效:
server {
listen 80;
listen [::]:80;
server_name punkmap.com www.punkmap.com;
return 301 https://$host$request_uri;
}
server {
root /var/www/punkmap.com/html;
index index.html index.htm index.nginx-debian.html;
server_name punkmap.com www.punkmap.com;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/punkmap.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/punkmap.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
然后在将来升级时,请确保传递
--cert only
参数,这样您的配置就不会再次受到干扰。注意,我删除了所有#managed by Certbot注释,因为在此之后,它们将由您管理。您可以进行手动配置。查看Nginx错误日志,并使用Nginx-t
检查配置。您可以进行手动配置。查看Nginx错误日志,并使用Nginx-t