你好军哥,Let's Encrypt续期提示404请指点

nihaojunge

域名用xxxx.com和www.xxxx.com代替了域名解析地址是正确的. 提示404的页面我确实也无法访问.
[root@111111 ~]# /bin/certbot renew --renew-hook "/etc/init.d/nginx reload"
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/xxxx.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for xxxx.com
http-01 challenge for www.xxxx.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (xxxx.com) from /etc/letsencrypt/renewal/xxxx.com.conf produced an unexpected error: Failed authorization procedure. www.xxxx.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.xxxx.com/.well-known/acme-challenge/H_lkbnq1slDDNkDYPKr90Ykdi-7ivuEX0y3O6ChKoUk: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>", xxxx.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://xxxx.com/.well-known/acme-challenge/6XaJGuf2bp8z3RC1nabaJCKCGP2qcKJ50w8mOVsUjUY: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>". Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/xxxx.com/fullchain.pem (failure)

-------------------------------------------------------------------------------

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/xxxx.com/fullchain.pem (failure)
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
- The following errors were reported by the server:

   Domain: www.xxxx.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.xxxx.com/.well-known/acme-challenge/H_lkbnq1slDDNkDYPKr90Ykdi-7ivuEX0y3O6ChKoUk:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   Domain: xxxx.com
   Type:   unauthorized
   Detail: Invalid response from
   http://xxxx.com/.well-known/acme-challenge/6XaJGuf2bp8z3RC1nabaJCKCGP2qcKJ50w8mOVsUjUY:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

licess

续期的验证文件返回404错误，而且错误信息不像是nginx的错误信息
建议看一下详细日志里解析出来的ip是否正确、网站目录是否变动过
如果有用cdn的话也有可能有关系

nihaojunge

解析ip正确。没用cdn，网站目录设置是不是/etc/letsencrypt/renewal/xxxx.com.conf这个文件里设置呢？

我发现我的/home/wwwroot/xxxx.com/.well-known/这个目录是空的。

licess

是

这个目录里的认证文件是认证完自动删掉的