Docker的SSL问题 – 让我们encryptionwordpress
我正在尝试使用Dockerencryption以便将我的网站放在https中。 我使用docker与nginx代理和nginx的同伴。 关于文档,我已经正确设置了一切。 我的容器正在运行。
现在,我在这里encryption的问题是提供的debugging文件:
{ "identifier": { "type": "dns", "value": "jack-world.com" }, "status": "invalid", "expires": "2017-12-20T18:42:39Z", "challenges": [ { "type": "tls-sni-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/G_0PYv_VpnEEUbV1PUjpJZyOIeP6b0zPxXeAlyYXclE/2728472678", "token": "fXuUQ77koLDDTuAqEgeqQA1q_DHinF2wanQReSrgIdk" }, { "type": "dns-01", "status": "pending", "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/G_0PYv_VpnEEUbV1PUjpJZyOIeP6b0zPxXeAlyYXclE/2728472680", "token": "iab5h37N-Io6lzfi8-DKmccXsF8_Y5Ws_RYCcwzREBw" }, { "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:unauthorized", "detail": "The key authorization file from the server did not match this challenge [fnFwM8VZXXjIkSOci-z5_w4W2mN8oOIXA_d74gScLo0.K6eBCVMCFTPDy-GGls8jpd0O75tW9kFA9tsX7dEU_Zw] != [fnFwM8VZXXjIkSOci-z5_w4W2mN8oOIXA_d74gScLo0.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8]", "status": 403 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/G_0PYv_VpnEEUbV1PUjpJZyOIeP6b0zPxXeAlyYXclE/2728472682", "token": "fnFwM8VZXXjIkSOci-z5_w4W2mN8oOIXA_d74gScLo0", "keyAuthorization": "fnFwM8VZXXjIkSOci-z5_w4W2mN8oOIXA_d74gScLo0.K6eBCVMCFTPDy-GGls8jpd0O75tW9kFA9tsX7dEU_Zw", "validationRecord": [ { "url": "http://jack-world.com/.well-known/acme-challenge/fnFwM8VZXXjIkSOci-z5_w4W2mN8oOIXA_d74gScLo0", "hostname": "jack-world.com", "port": "80", "addressesResolved": [ "149.202.73.189", "2001:41d0:301::21" ], "addressUsed": "2001:41d0:301::21", "addressesTried": [] } ] } ], "combinations": [ [ 0 ], [ 1 ], [ 2 ] ] } 这是来自同伴的日志:
argos@jackworld:~/JackProxy$ sudo docker exec jackproxy_nginx-proxy-companion_1 /app/force_renew -v --help /etc/nginx/certs/jack-world.com /app Creating/renewal jack-world.com certificates... (jack-world.com) 2017-12-13 19:03:34,715:INFO:simp_le:1538: Retrieving Let's Encrypt latest Terms of Service. 2017-12-13 19:03:36,629:INFO:simp_le:1455: Generating new certificate private key 2017-12-13 19:03:37,221:ERROR:simp_le:1421: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Are all your domains accessible from the internet? Please check your domains' DNS entries, your host's network/firewall setup and your webserver config. If a domain's DNS entry has both A and AAAA fields set up, some CAs such as Let's Encrypt will perform the challenge validation over IPv6. If you haven't setup correct CAA fields or if your DNS provider does not support CAA, validation attempts after september 8, 2017 will fail. Failing authorizations: https://acme-v01.api.letsencrypt.org/acme/authz/Xw790v5P8mgdjsh-A-_wvwcmAFRIu-6UxlT2l5I7JB8 Challenge validation has failed, see error log. Debugging tips: -v improves output verbosity. Help is available under --help. /app
我需要一些帮助来找出为什么http-01是无效的,如果这是唯一的问题。
感谢提前