來自 .well-known/acme-challenge/<token> 的無效響應

我正在嘗試使用 certbot 為我的一個子域獲取 SSL 證書。但是，其中一項挑戰在嘗試測試時失敗了.well-known/acme-challenges/<token>。Web 伺服器 (nginx) 返回 404。準確的錯誤是：

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for git.domain.com
http-01 challenge for www.git.domain.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.git.domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.foo.domain.com/.well-known/acme-challenge/eXpa7Ub3slbohHh0AZZA-aACo70p15KkJS05aYsN2bY [my-ip-addr]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>", git.domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://git.domain.com/.well-known/acme-challenge/WxYfL5t0vLNe7jiIF2TFz1sXyQBH3RcPIVz5de9lQ8M [my-ip-addr]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"

IMPORTANT NOTES:
- The following errors were reported by the server:

  Domain: www.git.domain.com
  Type:   unauthorized
  Detail: Invalid response from
  http://www.git.domain.com/.well-known/acme-challenge/eXpa7Ub3slbohHh0AZZA-aACo70p15KkJS05aYsN2bY
  [my-ip-addr]:
  "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
  bgcolor=\"white\">\r\n<center><h1>404 Not
  Found</h1></center>\r\n<hr><center>"

  Domain: git.domain.com
  Type:   unauthorized
  Detail: Invalid response from
  http://git.domain.com/.well-known/acme-challenge/WxYfL5t0vLNe7jiIF2TFz1sXyQBH3RcPIVz5de9lQ8M
  [my-ip-addr]:
  "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
  bgcolor=\"white\">\r\n<center><h1>404 Not
  Found</h1></center>\r\n<hr><center>"

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

我已添加到我的配置文件中：

location ^~ '/.well-known/acme-challenge' {
   allow all;
}

但這無濟於事。它得到 404 的事實讓我很失望。如果是nginx不允許訪問文件的問題，那它不會拋出403嗎？

nginx -t在我的配置中顯示沒有錯誤。我已確保我的 DNS 資訊設置正確。

完整配置（nginx -T）：https ://pastebin.com/a6GcbXai

執行 certbot 後 access.log 的最後 25 行：https ://pastebin.com/Lp72LWxC

令我困惑的另一件事是，我在這台伺服器上執行了 3 個其他子域，但我沒有遇到過這個問題。

這裡發生了什麼，我如何讓 certbot 看到這個文件，所以我可以得到證書？

通過將以下內容添加到我的 nginx 配置中已解決此問題：

listen 80;
listen [::]:80;

它現在完美無缺。

'我認為問題在於您的路徑規範周圍的引號。嘗試：

location ^~ /.well-known/acme-challenge { ... }

引用自：https://serverfault.com/questions/1060073