acme: <domain> 的授权错误(acme/autocert)

huangapple go评论118阅读模式
英文:

acme: authorization error for <domain> (acme/autocert)

问题

当运行以下代码时,我遇到了错误:

acme:授权错误,针对域名(其中域名被替换为我的实际域名)

还有其他人遇到过这个问题吗?返回的错误信息并没有提供太多的见解。

package main

import (
	"crypto/tls"
	"net/http"

	"golang.org/x/crypto/acme/autocert"
)

func main() {
	certManager := autocert.Manager{
		Prompt:     autocert.AcceptTOS,
		HostPolicy: autocert.HostWhitelist(<domain>), //在这里填入你的域名
		Cache:      autocert.DirCache("cache"),       //用于存储证书的文件夹
	}

	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		w.Write([]byte("Hello world"))
	})

	server := &http.Server{
		Addr: ":8086",
		TLSConfig: &tls.Config{
			GetCertificate: certManager.GetCertificate,
		},
	}

	if err := server.ListenAndServeTLS("", ""); err != nil {
		print(err.Error())
	}
}
英文:

When running the following code I get the error:

> acme: authorization error for domain (where domain is replaced by my
> actual domain)

Has anyone else had this issue? The error returned does not give that much insight.

package main

import (
	&quot;crypto/tls&quot;
	&quot;net/http&quot;

	&quot;golang.org/x/crypto/acme/autocert&quot;
)

func main() {
	certManager := autocert.Manager{
		Prompt:     autocert.AcceptTOS,
		HostPolicy: autocert.HostWhitelist(&lt;domain&gt;), //your domain here
		Cache:      autocert.DirCache(&quot;cache&quot;), //folder for storing certificates
	}

	http.HandleFunc(&quot;/&quot;, func(w http.ResponseWriter, r *http.Request) {
		w.Write([]byte(&quot;Hello world&quot;))
	})

	server := &amp;http.Server{
		Addr: &quot;:8086&quot;,
		TLSConfig: &amp;tls.Config{
			GetCertificate:     certManager.GetCertificate,
	}

	if err := server.ListenAndServeTLS(&quot;&quot;, &quot;&quot;); err != nil {
		print(err.Error())
	}
}

答案1

得分: 1

也许你的服务器在8086端口上,而tls挑战在443端口上?尝试在443端口上提供服务(你可能需要设置二进制文件的setcap权限来允许此操作)。

参考lets encrypt上的这个问题:

https://github.com/letsencrypt/acme-spec/issues/33

英文:

Perhaps your server is on port 8086 and the tls challenge is on port 443?
Try instead serving on port 443 (You may have to setcap your binary to allow it to do this).

See this issue on lets encrypt:

https://github.com/letsencrypt/acme-spec/issues/33

huangapple
  • 本文由 发表于 2017年8月17日 20:06:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/45734686.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定