【问题标题】:Cerbot Renew Issue over Custom Port自定义端口上的 Certbot 更新问题
【发布时间】:2020-07-11 23:49:47
【问题描述】:

我目前正在使用以下命令以脚本方式生成证书请求:

certbot certonly --standalone --preferred-challenges http --http-01-port 44344 -d my-domain-name.com

我一直在尝试使用相同的标志运行更新:

certbot renew --standalone --preferred-challenges http --http-01-port 44344

但我收到以下回复:

Domain: www.my-domain-name.com
Type:   unauthorized
Detail: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.my-domain-name.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>"

Calling registered functions
Cleaning up challenges
Stopping server at :::54345...
Attempting to renew cert (my-domain-name.com) from /etc/letsencrypt/renewal/my-domain-name.com.conf produced an unexpected error: Failed authorization procedure. www.my-domain-name.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>". Skipping.
Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 452, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 310, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.my-domain-name.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>"

看起来它可能会忽略续订请求中的该端口。对如何进行续订有任何想法吗?

提前谢谢你!

【问题讨论】:

    标签: debian haproxy lets-encrypt certbot


    【解决方案1】:

    我最终只是每月运行此命令以确保我的证书保持更新:

    certbot renew --force-renewal --tls-sni-01-port=44344

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2015-07-13
      • 2012-09-30
      • 2011-08-11
      • 2020-04-19
      • 2018-08-06
      • 2011-11-23
      • 1970-01-01
      相关资源
      最近更新 更多