如果您在使用 Certbot 时遇到问题并且不确定是否找到了错误或
请求新功能,请先尝试在
https://community.letsencrypt.org/。 那里有一个更大的社区
熟悉该项目的人将能够更快地回答您的问题
问题。
我的操作系统是(包括版本):
Linux openvpn1.ismyservice.space 4.4.0-134-generic #160-Ubuntu SMP Wed Aug 15 14:58:00 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
certbot 0.26.1
我使用(certbot-auto、OS 包管理器、pip 等)安装了 Certbot:
Ubuntu package maanger
我运行了这个命令,它产生了这个输出:
sudo certbot certonly --standalone --non-interactive --preferred-challenge http-01
--http-01-port 10000 --agree-tos
--email [email protected] --domains realtebo.example.com
--pre-hook 'sudo service webmin stop'
--post-hook 'sudo service webmin start'
--staging --dry-run
Domain: realtebo.example.com
Type: connection
Detail: Fetching
http://realtebo.example.com/.well-known/acme-challenge/DbE18Iyfud0xBRtrfvz-ILifSzqV-7GoV5uRAyuNYRw:
Timeout during connect (likely firewall problem)
Certbot 的行为与我的预期不同,因为:
防火墙在端口 10000 上打开。当 certbot 结束时,它会重新启动在同一端口上运行的 webmin。 我可以使用端口 10000 从外部连接到 webmin 没有任何问题
请参阅以下点中的日志; certbot 正在端口 10000 上启动其独立的网络服务器,这没关系,但它正在使用端口 80 来应对挑战!
这是显示问题的 Certbot 日志(如果可用):
默认情况下,日志存储在/var/log/letsencrypt中。 随意编辑您认为合适的域、电子邮件和 IP 地址。
2018-08-29 13:56:27,322:DEBUG:certbot.main:certbot version: 0.26.1
2018-08-29 13:56:27,322:DEBUG:certbot.main:Arguments: ['--standalone', '--non-interactive', '--preferred-challenge', 'http-01', '--http-01-port', '10000', '--agree-tos', '--email', '[email protected]', '--domains', 'realtebo.example.com', '--pre-hook', 'sudo service webmin stop', '--post-hook', 'sudo service webmin start', '--staging', '--dry-run']
2018-08-29 13:56:27,323:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-08-29 13:56:27,330:DEBUG:certbot.log:Root logging level set at 20
2018-08-29 13:56:27,331:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-08-29 13:56:27,332:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer None
2018-08-29 13:56:27,540:DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7f3a5b6006d8>
Prep: True
2018-08-29 13:56:27,540:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7f3a5b6006d8> and installer None
2018-08-29 13:56:27,541:INFO:certbot.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2018-08-29 13:56:27,544:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(terms_of_service=None, uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/6829761', new_authzr_uri=None, body=Registration(contact=(), status=None, terms_of_service_agreed=None, key=None, only_return_existing=None, agreement=None)), 79b142d506837dc821d95200358290de, Meta(creation_host='realtebo.example.com', creation_dt=datetime.datetime(2018, 8, 29, 11, 29, 47, tzinfo=<UTC>)))>
2018-08-29 13:56:27,545:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2018-08-29 13:56:27,547:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
2018-08-29 13:56:27,847:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
2018-08-29 13:56:27,848:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 724
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:27 GMT
Connection: keep-alive
{
"drsHm9_JSMQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org/docs/staging-environment/"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2018-08-29 13:56:27,849:INFO:certbot.hooks:Running pre-hook command: sudo service webmin stop
2018-08-29 13:56:27,957:INFO:certbot.main:Obtaining a new certificate
2018-08-29 13:56:27,999:DEBUG:acme.client:Requesting fresh nonce
2018-08-29 13:56:28,000:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order.
2018-08-29 13:56:28,261:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-order HTTP/1.1" 405 0
2018-08-29 13:56:28,262:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 103
Allow: POST
Replay-Nonce: WnqBHl9ZAJ8NdQnttV0FJQHxefu-O3op92NR8uFoMtg
Expires: Wed, 29 Aug 2018 11:56:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:28 GMT
Connection: keep-alive
2018-08-29 13:56:28,262:DEBUG:acme.client:Storing nonce: WnqBHl9ZAJ8NdQnttV0FJQHxefu-O3op92NR8uFoMtg
2018-08-29 13:56:28,263:DEBUG:acme.client:JWS payload:
b'{\n "status": "pending",\n "resource": "new-order",\n "identifiers": [\n {\n "type": "dns",\n "value": "realtebo.example.com"\n }\n ]\n}'
2018-08-29 13:56:28,266:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJub25jZSI6ICJXbnFCSGw5WkFKOE5kUW50dFYwRkpRSHhlZnUtTzNvcDkyTlI4dUZvTXRnIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzY4Mjk3NjEiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
"signature": "O_HrIU4h2mWDEOZJdvBdZLKBEkVSd2b3gj08iSImg6NSbu8N79ff75nksKnqeCr_vb1vPx-RPgsAU3B3P7gxilOV3kuGMHiA0kRIq36BiZeAm5Y4gQWGXAh263CBm5EZpGpUn5yx_MVLoy4mioZ-Tf8MLMYflKwTvtRre3xLjlZuXDlf1chGebgw9yXD_fJWsdzVR1jwv_JOtBAlTnHGHmfntlWPNuJqFCusdfSF9Itu2ttQBDbSLbi72yxqb1S9ZLD1XoQw_pkSI0VDRdhdcjamAfsomfueJ_kJvFV6rrS0OUUzXpPCprnyRFKljrHrco9Kn6VpxtK7qNK50E0BlQ",
"payload": "ewogICJzdGF0dXMiOiAicGVuZGluZyIsCiAgInJlc291cmNlIjogIm5ldy1vcmRlciIsCiAgImlkZW50aWZpZXJzIjogWwogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAidnBubWlya28uaXNteXNlcnZpY2Uuc3BhY2UiCiAgICB9CiAgXQp9"
}
2018-08-29 13:56:28,606:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 398
2018-08-29 13:56:28,607:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 398
Boulder-Requester: 6829761
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/6829761/6638025
Replay-Nonce: b-xmrBO3u6xWnQ3X-pjscz3-5UW-tY-cIy-rHHRFCjw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:28 GMT
Connection: keep-alive
{
"status": "pending",
"expires": "2018-09-05T11:56:28.394993245Z",
"identifiers": [
{
"type": "dns",
"value": "realtebo.example.com"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/6829761/6638025"
}
2018-08-29 13:56:28,607:DEBUG:acme.client:Storing nonce: b-xmrBO3u6xWnQ3X-pjscz3-5UW-tY-cIy-rHHRFCjw
2018-08-29 13:56:28,608:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE.
2018-08-29 13:56:28,852:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE HTTP/1.1" 200 939
2018-08-29 13:56:28,853:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 939
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:28 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "realtebo.example.com"
},
"status": "pending",
"expires": "2018-09-05T11:56:28Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854448",
"token": "r_EGiMDAA18pVLDSiEqPUIQe57RTnH79YxN65ybsLHg"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854449",
"token": "qDoGsuxMNdrihAuIbetnBFTSqz6uSyTYX-Jm_JW3xKc"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450",
"token": "nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow"
}
]
}
2018-08-29 13:56:28,854:INFO:certbot.auth_handler:Performing the following challenges:
2018-08-29 13:56:28,854:INFO:certbot.auth_handler:http-01 challenge for realtebo.example.com
2018-08-29 13:56:28,855:DEBUG:acme.standalone:Successfully bound to :10000 using IPv6
2018-08-29 13:56:28,855:DEBUG:acme.standalone:Certbot wasn't able to bind to :10000 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
2018-08-29 13:56:28,859:INFO:certbot.auth_handler:Waiting for verification...
2018-08-29 13:56:28,859:DEBUG:acme.client:JWS payload:
b'{\n "resource": "challenge",\n "type": "http-01",\n "keyAuthorization": "nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow.RbQZDrhcRU5z3T8Ak72neNkXe8hh9D5yKNV-PomuANo"\n}'
2018-08-29 13:56:28,861:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450:
{
"protected": "eyJub25jZSI6ICJiLXhtckJPM3U2eFduUTNYLXBqc2N6My01VVctdFktY0l5LXJISFJGQ2p3IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzY4Mjk3NjEiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL0Iyc0kwSkFCbWd6VllFWURkOUNGbEZRTjNwWHRIaVBnMWtXYTFjZThnU0UvMTY0ODU0NDUwIn0",
"signature": "db4xpVwufNdIrQ0jScXiOz4QZyHbtYvUAWiH91JSd4yhdjLHNyF80KQR71a9xkZy2F_dGfZWrPiJym7R9soQrMcSwlC6d2e-1nshJNrb7iLju2CfHBiDPK4LwD6epICxH-cgT4ANafTHEWJIUmnxUVLzfa9uZ1inUboMaZw6G9jCA_P7KKsPVaX76BF-laDi882knktzdOHe1o74bMdumgTwrfhHrFK2S6GP-ZHufdghShV71X7NhK0tJjpoDR09B8NTysCgkNg787i7rIfYbftrY_QESLjQxSsYHG6k3vqBeGWaJ-KBJkCvgU2jb8b8jJB43G9IUsXDQYDnkG9lcg",
"payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiLAogICJrZXlBdXRob3JpemF0aW9uIjogIm5KQU5pd3g0ZFhjSjVsbnctZlZqZEh5djdaV29wOUdZZjIwcE03emwyb3cuUmJRWkRyaGNSVTV6M1Q4QWs3Mm5lTmtYZThoaDlENXlLTlYtUG9tdUFObyIKfQ"
}
2018-08-29 13:56:29,151:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450 HTTP/1.1" 200 230
2018-08-29 13:56:29,151:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 230
Boulder-Requester: 6829761
Link: <https://acme-staging-v02.api.letsencrypt.org/acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450
Replay-Nonce: NNtlhuo7zvSfZnilaDdPb-CF7pWHLmSB-Dk6qloCttM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:29 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:29 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450",
"token": "nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow"
}
2018-08-29 13:56:29,152:DEBUG:acme.client:Storing nonce: NNtlhuo7zvSfZnilaDdPb-CF7pWHLmSB-Dk6qloCttM
2018-08-29 13:56:32,155:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE.
2018-08-29 13:56:32,387:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE HTTP/1.1" 200 939
2018-08-29 13:56:32,388:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 939
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:32 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "realtebo.example.com"
},
"status": "pending",
"expires": "2018-09-05T11:56:28Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854448",
"token": "r_EGiMDAA18pVLDSiEqPUIQe57RTnH79YxN65ybsLHg"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854449",
"token": "qDoGsuxMNdrihAuIbetnBFTSqz6uSyTYX-Jm_JW3xKc"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450",
"token": "nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow"
}
]
}
2018-08-29 13:56:35,392:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE.
2018-08-29 13:56:35,666:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE HTTP/1.1" 200 939
2018-08-29 13:56:35,666:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 939
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:35 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "realtebo.example.com"
},
"status": "pending",
"expires": "2018-09-05T11:56:28Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854448",
"token": "r_EGiMDAA18pVLDSiEqPUIQe57RTnH79YxN65ybsLHg"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854449",
"token": "qDoGsuxMNdrihAuIbetnBFTSqz6uSyTYX-Jm_JW3xKc"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450",
"token": "nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow"
}
]
}
2018-08-29 13:56:38,671:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE.
2018-08-29 13:56:39,216:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE HTTP/1.1" 200 939
2018-08-29 13:56:39,217:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 939
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:39 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "realtebo.example.com"
},
"status": "pending",
"expires": "2018-09-05T11:56:28Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854448",
"token": "r_EGiMDAA18pVLDSiEqPUIQe57RTnH79YxN65ybsLHg"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854449",
"token": "qDoGsuxMNdrihAuIbetnBFTSqz6uSyTYX-Jm_JW3xKc"
},
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450",
"token": "nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow"
}
]
}
2018-08-29 13:56:42,222:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE.
2018-08-29 13:56:42,462:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE HTTP/1.1" 200 1600
2018-08-29 13:56:42,463:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1600
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:42 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "realtebo.example.com"
},
"status": "invalid",
"expires": "2018-09-05T11:56:28Z",
"challenges": [
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854448",
"token": "r_EGiMDAA18pVLDSiEqPUIQe57RTnH79YxN65ybsLHg"
},
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854449",
"token": "qDoGsuxMNdrihAuIbetnBFTSqz6uSyTYX-Jm_JW3xKc"
},
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Fetching http://realtebo.example.com/.well-known/acme-challenge/nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow: Timeout during connect (likely firewall problem)",
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450",
"token": "nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow",
"validationRecord": [
{
"url": "http://realtebo.example.com/.well-known/acme-challenge/nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow",
"hostname": "realtebo.example.com",
"port": "80",
"addressesResolved": [
"79.19.63.157"
],
"addressUsed": "79.19.63.157"
}
]
}
]
}
2018-08-29 13:56:42,464:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: realtebo.example.com
Type: connection
Detail: Fetching http://realtebo.example.com/.well-known/acme-challenge/nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow: Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2018-08-29 13:56:42,464:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. realtebo.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://realtebo.example.com/.well-known/acme-challenge/nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow: Timeout during connect (likely firewall problem)
2018-08-29 13:56:42,464:DEBUG:certbot.error_handler:Calling registered functions
2018-08-29 13:56:42,464:INFO:certbot.auth_handler:Cleaning up challenges
2018-08-29 13:56:42,465:DEBUG:certbot.plugins.standalone:Stopping server at :::10000...
2018-08-29 13:56:42,887:INFO:certbot.hooks:Running post-hook command: sudo service webmin start
2018-08-29 13:56:45,631:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.26.1', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1364, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1254, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 120, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 391, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 334, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 370, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 155, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 226, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. realtebo.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://realtebo.example.com/.well-known/acme-challenge/nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow: Timeout during connect (likely firewall problem)
这是我正在配置的域的相关 nginx 服务器块或 Apache 虚拟主机:
我这里没什么可写的
realtebo
所有3条评论
这是一种众所周知的、记录在案的行为。 这不是一个错误。 我关上。
realtebo
于 2018-08-29
嗨@realtebo! 感谢您的报告:)
Let's Encrypt 通过ACME 协议,必须通过端口 80 对 HTTP 质询执行验证。 --http-01-port无法更改 LE 期望对其进行验证的端口。 正如布拉德在这里提到的:
所有这些标志都允许您控制 Certbot 侦听哪些端口以获取独立插件等插件。 例如,如果您将所有端口 80 流量路由到端口 8080,这将非常有用。
现在打算关闭这个问题,但如果你发现 Certbot 有问题,请随时要求我重新打开或创建一个新问题!
sydneyli
于 2018-08-29
😕1
👍1
哦,看起来你打败了我:D
sydneyli
于 2018-08-29
😄1
此页面是否有帮助?
0 / 5 - 0 等级
相关问题
NiklasMerz
·
3评论
DirkWolthuis
·
3评论
GEEK-WALKER
·
3评论
bmw
·
3评论
ohemorange
·
3评论