我有一个经过充分测试的bash脚本,几周前运行良好.
似乎certbot挑战现在默认为http而不是https.我无法弄清楚原因.
似乎certbot挑战现在默认为http而不是https.我无法弄清楚原因.
echo 'rsa-key-size = 2048 renew-hook = /usr/sbin/ipsec reload && /usr/sbin/ipsec secrets ' > /etc/letsencrypt/cli.ini certbot certonly --non-interactive --agree-tos --email $EMAIL --standalone -d $VPNHOST
防火墙设置:
Firewall stopped and disabled on system startup Chain INPUT (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere state NEW recent: UPDATE seconds: 60 hit_count: 12 name: DEFAULT side: source mask: 255.255.255.255 all -- anywhere anywhere state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere state INVALID ACCEPT udp -- anywhere anywhere udp dpt:isakmp ACCEPT udp -- anywhere anywhere udp dpt:ipsec-nat-t DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- ip-10-10-10-0.eu-west-2.compute.internal/24 anywhere policy match dir in pol ipsec proto esp ACCEPT all -- anywhere ip-10-10-10-0.eu-west-2.compute.internal/24 policy match dir out pol ipsec proto esp DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination
Certbot:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone,Installer None Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for vpn-1.duelify.com Waiting for verification... Cleaning up challenges Failed authorization procedure. vpn-1.duelify.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://vpn-1.duelify.com/.well-known/acme-challenge/BsPR5NK4JVb8rgIyS2VR4VTOv4Bc1F5TNppjoo95O70: Timeout IMPORTANT NOTES: - The following errors were reported by the server: Domain: vpn-1.duelify.com Type: connection Detail: Fetching http://vpn-1.duelify.com/.well-known/acme-challenge/BsPR5NK4JVb8rgIyS2VR4VTOv4Bc1F5TNppjoo95O70: Timeout To fix these errors,please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally,please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin,you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
这可能是由于最近使用tls-sni-01验证方法宣布的漏洞,Let’s Encrypt禁用此功能,直到它被修复为止.
在此之前,他们建议使用http进行验证.
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。