近日收到邮件提醒,一域名续期失败。遂尝试手动执行 certbot renew,发现报错。
Renewing an existing certificate for test.hsiaofeng.com
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: test.hsiaofeng.com
Type: unauthorized
Detail: 0cc3:a84f:77d2:282c:9fd8:3160:c62d:514d: Invalid response from http://test.hsiaofeng.com/.well-known/acme-challenge/*: 404
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Failed to renew certificate test.hsiaofeng.com with error: Some challenges have failed.遂开始排查。
最后发现是因为在 Nginx 配置中,没有监听 IPv6 地址。
server {
if ($host = test.hsiaofeng.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name test.hsiaofeng.com;
return 404; # managed by Certbot
}加上一行 IPv6 监听即可。
listen [::]:80;