Certbot: El complemento independiente ignora el puerto que pedí que se use

Creado en 29 ago. 2018 · 3Comentarios · Fuente: certbot/certbot

Si tiene problemas para usar Certbot y no está seguro de haber encontrado un error o
solicitud de una nueva característica, primero intente pedir ayuda en
https://community.letsencrypt.org/. Hay una comunidad mucho más grande allí de
personas familiarizadas con el proyecto que podrán responder más rápidamente a sus
preguntas.

Mi sistema operativo es (incluir versión):

Linux openvpn1.ismyservice.space 4.4.0-134-generic #160-Ubuntu SMP Wed Aug 15 14:58:00 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

certbot 0.26.1

Instalé Certbot con (certbot-auto, administrador de paquetes del sistema operativo, pip, etc.):

Ubuntu package maanger

Ejecuté este comando y produjo este resultado:

sudo certbot certonly --standalone --non-interactive  --preferred-challenge http-01 
   --http-01-port 10000 --agree-tos 
   --email [email protected] --domains realtebo.example.com 
   --pre-hook 'sudo service webmin stop' 
   --post-hook 'sudo service webmin start' 
   --staging --dry-run

 Domain: realtebo.example.com
 Type:   connection
 Detail: Fetching
 http://realtebo.example.com/.well-known/acme-challenge/DbE18Iyfud0xBRtrfvz-ILifSzqV-7GoV5uRAyuNYRw:
 Timeout during connect (likely firewall problem)

El comportamiento de Certbot difería de lo que esperaba porque:

El cortafuegos se abre en el puerto 10000. Cuando finaliza el certbot, reinicia webmin, que se ejecuta en el mismo puerto. Puedo conectarme a webmin desde afuera usando el puerto 10000 sin ningún problema
Ver el log en el siguiente punto; certbot está iniciando su servidor web independiente en el puerto 10000, y está bien, ¡pero está usando el puerto 80 para el desafío!

Aquí hay un registro de Certbot que muestra el problema (si está disponible):

Los registros se almacenan en `/var/log/letsencrypt` de forma predeterminada. Siéntase libre de redactar dominios, correos electrónicos y direcciones IP como mejor le parezca.

2018-08-29 13:56:27,322:DEBUG:certbot.main:certbot version: 0.26.1
2018-08-29 13:56:27,322:DEBUG:certbot.main:Arguments: ['--standalone', '--non-interactive', '--preferred-challenge', 'http-01', '--http-01-port', '10000', '--agree-tos', '--email', '[email protected]', '--domains', 'realtebo.example.com', '--pre-hook', 'sudo service webmin stop', '--post-hook', 'sudo service webmin start', '--staging', '--dry-run']
2018-08-29 13:56:27,323:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-08-29 13:56:27,330:DEBUG:certbot.log:Root logging level set at 20
2018-08-29 13:56:27,331:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-08-29 13:56:27,332:DEBUG:certbot.plugins.selection:Requested authenticator standalone and installer None
2018-08-29 13:56:27,540:DEBUG:certbot.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator
Initialized: <certbot.plugins.standalone.Authenticator object at 0x7f3a5b6006d8>
Prep: True
2018-08-29 13:56:27,540:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.standalone.Authenticator object at 0x7f3a5b6006d8> and installer None
2018-08-29 13:56:27,541:INFO:certbot.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2018-08-29 13:56:27,544:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(terms_of_service=None, uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/6829761', new_authzr_uri=None, body=Registration(contact=(), status=None, terms_of_service_agreed=None, key=None, only_return_existing=None, agreement=None)), 79b142d506837dc821d95200358290de, Meta(creation_host='realtebo.example.com', creation_dt=datetime.datetime(2018, 8, 29, 11, 29, 47, tzinfo=<UTC>)))>
2018-08-29 13:56:27,545:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2018-08-29 13:56:27,547:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
2018-08-29 13:56:27,847:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 724
2018-08-29 13:56:27,848:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 724
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:27 GMT
Connection: keep-alive

{
  "drsHm9_JSMQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org/docs/staging-environment/"
  },
  "newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2018-08-29 13:56:27,849:INFO:certbot.hooks:Running pre-hook command: sudo service webmin stop
2018-08-29 13:56:27,957:INFO:certbot.main:Obtaining a new certificate
2018-08-29 13:56:27,999:DEBUG:acme.client:Requesting fresh nonce
2018-08-29 13:56:28,000:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order.
2018-08-29 13:56:28,261:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-order HTTP/1.1" 405 0
2018-08-29 13:56:28,262:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 103
Allow: POST
Replay-Nonce: WnqBHl9ZAJ8NdQnttV0FJQHxefu-O3op92NR8uFoMtg
Expires: Wed, 29 Aug 2018 11:56:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:28 GMT
Connection: keep-alive


2018-08-29 13:56:28,262:DEBUG:acme.client:Storing nonce: WnqBHl9ZAJ8NdQnttV0FJQHxefu-O3op92NR8uFoMtg
2018-08-29 13:56:28,263:DEBUG:acme.client:JWS payload:
b'{\n  "status": "pending",\n  "resource": "new-order",\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "realtebo.example.com"\n    }\n  ]\n}'
2018-08-29 13:56:28,266:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJub25jZSI6ICJXbnFCSGw5WkFKOE5kUW50dFYwRkpRSHhlZnUtTzNvcDkyTlI4dUZvTXRnIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzY4Mjk3NjEiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIn0",
  "signature": "O_HrIU4h2mWDEOZJdvBdZLKBEkVSd2b3gj08iSImg6NSbu8N79ff75nksKnqeCr_vb1vPx-RPgsAU3B3P7gxilOV3kuGMHiA0kRIq36BiZeAm5Y4gQWGXAh263CBm5EZpGpUn5yx_MVLoy4mioZ-Tf8MLMYflKwTvtRre3xLjlZuXDlf1chGebgw9yXD_fJWsdzVR1jwv_JOtBAlTnHGHmfntlWPNuJqFCusdfSF9Itu2ttQBDbSLbi72yxqb1S9ZLD1XoQw_pkSI0VDRdhdcjamAfsomfueJ_kJvFV6rrS0OUUzXpPCprnyRFKljrHrco9Kn6VpxtK7qNK50E0BlQ",
  "payload": "ewogICJzdGF0dXMiOiAicGVuZGluZyIsCiAgInJlc291cmNlIjogIm5ldy1vcmRlciIsCiAgImlkZW50aWZpZXJzIjogWwogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAidnBubWlya28uaXNteXNlcnZpY2Uuc3BhY2UiCiAgICB9CiAgXQp9"
}
2018-08-29 13:56:28,606:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 398
2018-08-29 13:56:28,607:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 398
Boulder-Requester: 6829761
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/6829761/6638025
Replay-Nonce: b-xmrBO3u6xWnQ3X-pjscz3-5UW-tY-cIy-rHHRFCjw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:28 GMT
Connection: keep-alive

{
  "status": "pending",
  "expires": "2018-09-05T11:56:28.394993245Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "realtebo.example.com"
    }
  ],
  "authorizations": [
    "https://acme-staging-v02.api.letsencrypt.org/acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE"
  ],
  "finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/6829761/6638025"
}
2018-08-29 13:56:28,607:DEBUG:acme.client:Storing nonce: b-xmrBO3u6xWnQ3X-pjscz3-5UW-tY-cIy-rHHRFCjw
2018-08-29 13:56:28,608:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE.
2018-08-29 13:56:28,852:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE HTTP/1.1" 200 939
2018-08-29 13:56:28,853:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 939
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:28 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "realtebo.example.com"
  },
  "status": "pending",
  "expires": "2018-09-05T11:56:28Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854448",
      "token": "r_EGiMDAA18pVLDSiEqPUIQe57RTnH79YxN65ybsLHg"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854449",
      "token": "qDoGsuxMNdrihAuIbetnBFTSqz6uSyTYX-Jm_JW3xKc"
    },
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450",
      "token": "nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow"
    }
  ]
}
2018-08-29 13:56:28,854:INFO:certbot.auth_handler:Performing the following challenges:
2018-08-29 13:56:28,854:INFO:certbot.auth_handler:http-01 challenge for realtebo.example.com
2018-08-29 13:56:28,855:DEBUG:acme.standalone:Successfully bound to :10000 using IPv6
2018-08-29 13:56:28,855:DEBUG:acme.standalone:Certbot wasn't able to bind to :10000 using IPv4, this is often expected due to the dual stack nature of IPv6 socket implementations.
2018-08-29 13:56:28,859:INFO:certbot.auth_handler:Waiting for verification...
2018-08-29 13:56:28,859:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "http-01",\n  "keyAuthorization": "nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow.RbQZDrhcRU5z3T8Ak72neNkXe8hh9D5yKNV-PomuANo"\n}'
2018-08-29 13:56:28,861:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450:
{
  "protected": "eyJub25jZSI6ICJiLXhtckJPM3U2eFduUTNYLXBqc2N6My01VVctdFktY0l5LXJISFJGQ2p3IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzY4Mjk3NjEiLCAidXJsIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGxlbmdlL0Iyc0kwSkFCbWd6VllFWURkOUNGbEZRTjNwWHRIaVBnMWtXYTFjZThnU0UvMTY0ODU0NDUwIn0",
  "signature": "db4xpVwufNdIrQ0jScXiOz4QZyHbtYvUAWiH91JSd4yhdjLHNyF80KQR71a9xkZy2F_dGfZWrPiJym7R9soQrMcSwlC6d2e-1nshJNrb7iLju2CfHBiDPK4LwD6epICxH-cgT4ANafTHEWJIUmnxUVLzfa9uZ1inUboMaZw6G9jCA_P7KKsPVaX76BF-laDi882knktzdOHe1o74bMdumgTwrfhHrFK2S6GP-ZHufdghShV71X7NhK0tJjpoDR09B8NTysCgkNg787i7rIfYbftrY_QESLjQxSsYHG6k3vqBeGWaJ-KBJkCvgU2jb8b8jJB43G9IUsXDQYDnkG9lcg",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiLAogICJrZXlBdXRob3JpemF0aW9uIjogIm5KQU5pd3g0ZFhjSjVsbnctZlZqZEh5djdaV29wOUdZZjIwcE03emwyb3cuUmJRWkRyaGNSVTV6M1Q4QWs3Mm5lTmtYZThoaDlENXlLTlYtUG9tdUFObyIKfQ"
}
2018-08-29 13:56:29,151:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450 HTTP/1.1" 200 230
2018-08-29 13:56:29,151:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 230
Boulder-Requester: 6829761
Link: <https://acme-staging-v02.api.letsencrypt.org/acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE>;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450
Replay-Nonce: NNtlhuo7zvSfZnilaDdPb-CF7pWHLmSB-Dk6qloCttM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:29 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:29 GMT
Connection: keep-alive

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450",
  "token": "nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow"
}
2018-08-29 13:56:29,152:DEBUG:acme.client:Storing nonce: NNtlhuo7zvSfZnilaDdPb-CF7pWHLmSB-Dk6qloCttM
2018-08-29 13:56:32,155:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE.
2018-08-29 13:56:32,387:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE HTTP/1.1" 200 939
2018-08-29 13:56:32,388:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 939
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:32 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "realtebo.example.com"
  },
  "status": "pending",
  "expires": "2018-09-05T11:56:28Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854448",
      "token": "r_EGiMDAA18pVLDSiEqPUIQe57RTnH79YxN65ybsLHg"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854449",
      "token": "qDoGsuxMNdrihAuIbetnBFTSqz6uSyTYX-Jm_JW3xKc"
    },
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450",
      "token": "nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow"
    }
  ]
}
2018-08-29 13:56:35,392:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE.
2018-08-29 13:56:35,666:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE HTTP/1.1" 200 939
2018-08-29 13:56:35,666:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 939
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:35 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "realtebo.example.com"
  },
  "status": "pending",
  "expires": "2018-09-05T11:56:28Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854448",
      "token": "r_EGiMDAA18pVLDSiEqPUIQe57RTnH79YxN65ybsLHg"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854449",
      "token": "qDoGsuxMNdrihAuIbetnBFTSqz6uSyTYX-Jm_JW3xKc"
    },
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450",
      "token": "nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow"
    }
  ]
}
2018-08-29 13:56:38,671:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE.
2018-08-29 13:56:39,216:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE HTTP/1.1" 200 939
2018-08-29 13:56:39,217:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 939
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:39 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "realtebo.example.com"
  },
  "status": "pending",
  "expires": "2018-09-05T11:56:28Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854448",
      "token": "r_EGiMDAA18pVLDSiEqPUIQe57RTnH79YxN65ybsLHg"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854449",
      "token": "qDoGsuxMNdrihAuIbetnBFTSqz6uSyTYX-Jm_JW3xKc"
    },
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450",
      "token": "nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow"
    }
  ]
}
2018-08-29 13:56:42,222:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE.
2018-08-29 13:56:42,462:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /acme/authz/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE HTTP/1.1" 200 1600
2018-08-29 13:56:42,463:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1600
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 29 Aug 2018 11:56:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 29 Aug 2018 11:56:42 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "realtebo.example.com"
  },
  "status": "invalid",
  "expires": "2018-09-05T11:56:28Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854448",
      "token": "r_EGiMDAA18pVLDSiEqPUIQe57RTnH79YxN65ybsLHg"
    },
    {
      "type": "tls-alpn-01",
      "status": "invalid",
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854449",
      "token": "qDoGsuxMNdrihAuIbetnBFTSqz6uSyTYX-Jm_JW3xKc"
    },
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "Fetching http://realtebo.example.com/.well-known/acme-challenge/nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow: Timeout during connect (likely firewall problem)",
        "status": 400
      },
      "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/B2sI0JABmgzVYEYDd9CFlFQN3pXtHiPg1kWa1ce8gSE/164854450",
      "token": "nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow",
      "validationRecord": [
        {
          "url": "http://realtebo.example.com/.well-known/acme-challenge/nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow",
          "hostname": "realtebo.example.com",
          "port": "80",
          "addressesResolved": [
            "79.19.63.157"
          ],
          "addressUsed": "79.19.63.157"
        }
      ]
    }
  ]
}
2018-08-29 13:56:42,464:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: realtebo.example.com
Type:   connection
Detail: Fetching http://realtebo.example.com/.well-known/acme-challenge/nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow: Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.
2018-08-29 13:56:42,464:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 155, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 226, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. realtebo.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://realtebo.example.com/.well-known/acme-challenge/nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow: Timeout during connect (likely firewall problem)

2018-08-29 13:56:42,464:DEBUG:certbot.error_handler:Calling registered functions
2018-08-29 13:56:42,464:INFO:certbot.auth_handler:Cleaning up challenges
2018-08-29 13:56:42,465:DEBUG:certbot.plugins.standalone:Stopping server at :::10000...
2018-08-29 13:56:42,887:INFO:certbot.hooks:Running post-hook command: sudo service webmin start
2018-08-29 13:56:45,631:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.26.1', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1364, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1254, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 120, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 391, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 334, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 370, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 155, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 226, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. realtebo.example.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://realtebo.example.com/.well-known/acme-challenge/nJANiwx4dXcJ5lnw-fVjdHyv7ZWop9GYf20pM7zl2ow: Timeout during connect (likely firewall problem)

Aquí está el bloque de servidor nginx relevante o Apache virtualhost para el dominio que estoy configurando:

no tengo nada que escribir aqui

Fuente

realtebo

Todos 3 comentarios

Este es un comportamiento bien conocido y documentado. No es un error. Cierro.

realtebo en 29 ago. 2018

¡Hola @realtebo! Gracias por informar :)

Let's Encrypt, por el protocolo ACME , debe realizar la validación sobre el puerto 80 para el desafío HTTP. --http-01-port no puede cambiar sobre qué puerto LE espera realizar la validación. Como Brad menciona aquí :

Todas estas banderas le permiten controlar en qué puertos escucha Certbot para complementos como independientes. Esto es útil si está enrutando todo el tráfico del puerto 80 al puerto 8080, por ejemplo.

Voy a cerrar este problema por ahora, pero no dude en pedirme que vuelva a abrir o cree uno nuevo si encuentra algún problema con Certbot.