前些時間服務器配置了ipv6訪問,後來就收到了let’s encrypt的郵件說域名ssl證書過時。但問題是certbot會應該是自動更新證書纔對啊。html
登上服務器手動更新證書試下,提示404錯誤:前端
IMPORTANT NOTES: - The following errors were reported by the server: Domain: gwlin.com Type: unauthorized Detail: Invalid response from http://gwlin.com/.well-known/acme-challenge/eHOBoFPw4Uz5vM9Xzk9D91nsm292bxSNyuePVerQRMY [2600:3c01::f03c:92ff:fee2:491b]: "<html>rn<head><title>404 Not Found</title></head>rn<body bgcolor="white">rn<center><h1>404 Not Found</h1></center>rn<hr><center>" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
因而谷歌一頓,但文章都在說是well-known目錄的配置問題,因而檢查了nginx配置,檢查了網站根目錄的權限,徹底沒用。nginx
在stackoverflow上有一個0讚的答案說到應該檢查ipv6是否開啓了,若是開啓了就要加上 [::]:80 。服務器
一言驚醒夢中人啊,忽然想起前端時間確實啓用了ipv6。因而打開gwlin.com的nginx配置文件,加上:app
{ //... server_name gwlin.com; listen 80; listen [::]:80; // 加這個 //... }
而後certbot更新證書,搞定。dom
參考文章:post
我的博客:https://www.gwlin.com/posts/5942code