为什么我的网站的非www版本返回403，而www版本返回404在nginx上？

Question

有点背景；我是一个在同一个VPS上托管个人邮件服务器、nextcloud服务器和nginx的新手。我的下一个云和邮件服务器运行良好，但是自从我添加了but服务器之后，事情就变得一团糟了。

我的www.redacted.xyz返回404，redacted.xyz返回403.我无法为我的生活弄明白为什么，虽然我一直有奇怪的港口与Certbot的事情，我在下面描述，这似乎是一个因素。

nginx -t -c /etc/nginx/nginx.conf：

root@vultr: nginx -t -c /etc/nginx/nginx.conf 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

/etc/nginx/站点-启用/编辑

server {
        listen 8080 ;
        listen [::]:8080 ;

        server_name redacted.xyz www.redacted.xyz ;

        root /var/www/redacted ;

        index index.html index.htm index.nginx-debian.html ;

        location / {
                try_files $uri $uri/ =404 ;
        }

        listen [::]:8443 ssl ipv6only=on; # managed by Certbot
        listen 8443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/redacted.xyz/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/redacted.xyz/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

请注意，我使用的是8080和8443，而不是80和443，因为它们似乎会引起以下所附Certbot的问题。使用这些端口似乎解决了这个问题，但似乎有助于这一新的问题。

当我在启用站点的文件中将8443更改为443时，www。网站的版本突然起作用了。从8080到80仍然会在非www上获得403的成绩。当然，由于我将站点设置为重定向到https，因此客户端没有明显的更改。

到底是怎么回事？

Certbot --nginx

root@vultr: certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: redacted.xyz
2: mail.redacted.xyz
3: www.mail.redacted.xyz
4: www.redacted.xyz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/redacted.xyz.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/redacted
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/mail
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/mail
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/redacted
nginx: [warn] conflicting server name "redacted.xyz" on [::]:443, ignored
nginx: [warn] conflicting server name "redacted.xyz" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "redacted.xyz" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "redacted.xyz" on [::]:80, ignored

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/redacted
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/mail
Traffic on port 80 already redirecting to ssl in /etc/nginx/sites-enabled/mail
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/redacted
nginx: [warn] conflicting server name "redacted.xyz" on [::]:443, ignored
nginx: [warn] conflicting server name "redacted.xyz" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "redacted.xyz" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "redacted.xyz" on [::]:80, ignored

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://redacted.xyz,
https://mail.redacted.xyz, https://www.mail.redacted.xyz, and
https://www.redacted.xyz

Answer 1

好吧，我想出了这个…原来我忘了搭一朵云。用于我的Nextcloud服务器的子域，所以它使用的是redacted.Xyz。

将服务器块中的服务器名更改为cloud.redacted.Xyz并删除redacted.Xyz。这澄清了主要问题，并导致我解决了certbot的问题！

(现在我很难让这个子域工作，但这是另一个lol)

Answer 2

我不知道你是怎么使用certbot的。您需要一个包含两个域名的证书--从共享的输出中可以看出，您正在尝试生成两个证书，一个用于FQDN的每个变体。端口的问题可能是因为certbot希望至少使用端口80 (不确定大约为443)来验证域并添加证书。