如何使用 certbot 修复错误设置 SSL?
How to fix error setting SSL with certbot using?
我尝试在 Digital Ocean 下使用 Kubuntu 18 为我的 php/laravel 应用程序设置 ssl
如本文所述
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04
但我在尝试使用 certbot 获取免费 SSL 证书时遇到错误:
# sudo ufw status
Status: active
To Action From
-- ------ ----
Apache Full ALLOW Anywhere
443 ALLOW Anywhere
80 ALLOW Anywhere
22/tcp ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
# sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk -d www.products-catalog.nilov-sergey-demo-apps.tk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for products-catalog.nilov-sergey-demo-apps.tk
http-01 challenge for www.products-catalog.nilov-sergey-demo-apps.tk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.products-catalog.nilov-sergey-demo-apps.tk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.products-catalog.nilov-sergey-demo-apps.tk
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.products-catalog.nilov-sergey-demo-apps.tk
Type: None
Detail: DNS problem: NXDOMAIN looking up A for
www.products-catalog.nilov-sergey-demo-apps.tk
products-catalog.nilov-sergey-demo-apps.tk - 这是我进入 freenom.com 的域名,搜索后我发现了一个提示
我需要为 www 子域添加 A 记录
我尝试将新记录添加为 https://imgur.com/a/ijFxlzN
但是尝试提交此页面时我得到了:
• Error occured: Invalid value in dnsrecord
怎么了?新记录可以成为我的问题吗?或者我需要以其他方式移动?
更新#2
Appache 中的配置是:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/lprods/public
ServerName products-catalog.nilov-sergey-demo-apps.tk
ServerAlias products-catalog.nilov-sergey-demo-apps.tk
<Directory /var/www/html/lprods/public>
AllowOverride All
Order Deny,Allow
Allow from all
Require all granted
</Directory>
Options FollowSymLinks
DirectoryIndex index.php
ErrorLog /var/www/html/lprods/storage/logs/error.log
CustomLog /var/www/html/lprods/storage/logs/access.log combined
</VirtualHost>
/etc/hosts
中的行
138.68.107.5 products-catalog.nilov-sergey-demo-apps.tk
会不会是我的问题?
已更新 # 3
我做了更多评论,发现下一个:
我的服务器的IP是138.68.107.4,在ssh下我进入OS的控制台是
ssh root@138.68.107.4
但在我的 /etc/hosts 文件中,我有下一行指向此服务器上的一些其他主机:
# 127.0.0.1 localhost
127.0.0.1 localhost.localdomain localhost
138.68.107.4 box.example.com box
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
138.68.107.4 votes.nilov-sergey-demo-apps.tk
138.68.107.5 products-catalog.nilov-sergey-demo-apps.tk
138.68.107.6 csvp.nilov-sergey-demo-apps.tk
...
我将最后 3 行修改为:
138.68.107.4 votes.nilov-sergey-demo-apps.tk
138.68.107.4 products-catalog.nilov-sergey-demo-apps.tk
138.68.107.4 csvp.nilov-sergey-demo-apps.tk
但我仍然不确定这是有效值,因为我又遇到下一个错误:
# sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk -d www.products-catalog.nilov-sergey-demo-apps.tk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for products-catalog.nilov-sergey-demo-apps.tk
http-01 challenge for www.products-catalog.nilov-sergey-demo-apps.tk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.products-catalog.nilov-sergey-demo-apps.tk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up
A for www.products-catalog.nilov-sergey-demo-apps.tk
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.products-catalog.nilov-sergey-demo-apps.tk
Type: None
Detail: DNS problem: NXDOMAIN looking up A for
www.products-catalog.nilov-sergey-demo-apps.tk
此错误的原因可能是 /etc/hosts 中的错误 IP 还是其他问题?
谢谢!
certbot 抱怨:
DNS problem: NXDOMAIN looking up A for
www.products-catalog.nilov-sergey-demo-apps.tk
a) 本地 /etc/hosts 文件不是 public DNS 区域文件...只需添加域名;因为虚拟主机被 HTTP 主机区分 headers: 138.68.107.4 nilov-sergey-demo-apps.tk
使用 DNS 区域文件时,不必将它们添加到那里,就像 localhost.
b) 然后使用不带 non-existent www 虚拟主机的 certbot 命令:
sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk
或修复DNS和虚拟主机,以便为www虚拟主机服务;那么他们应该为两者工作。预计会有 A "address" 记录;但正在提供 CNAME "common name" 记录。要解决此问题,您只需将类型从 CNAME 更改为 A 并等待它分发。
自己看看:non-www and www。 HTTPS 也完全没有反应。
c) 并修复虚拟主机配置,您必须添加正确的 ServerAlias:
ServerName products-catalog.nilov-sergey-demo-apps.tk
ServerAlias www.products-catalog.nilov-sergey-demo-apps.tk
域 www.products-catalog.nilov-sergey-demo-apps.tk 未解析:
https://www.whatsmydns.net/#A/www.products-catalog.nilov-sergey-demo-apps.tk
所以这不是服务器配置问题,您只需在您的 DNS 管理器中添加 www.products-catalog 子域记录,
或从 certbot 命令中删除:-d www.products-catalog.nilov-sergey-demo-apps.tk
如果您 运行 certbot 使用 --manual certonly 然后 运行 使用 --apache 选项,它将 "reinstall" 证书到您的 Apache 服务器。
运行 :
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory
-d *.domain.com --manual --preferred-challenges dns-01 certonly
然后添加 DNS TXT 记录并单击 certbot 指令中的继续。
完成后,您可以 运行 像这样的简单 --apache install。
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory
-d *.domain.com --apache
这将要求重新安装证书,您可以select那个。
我尝试在 Digital Ocean 下使用 Kubuntu 18 为我的 php/laravel 应用程序设置 ssl 如本文所述 https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04
但我在尝试使用 certbot 获取免费 SSL 证书时遇到错误:
# sudo ufw status
Status: active
To Action From
-- ------ ----
Apache Full ALLOW Anywhere
443 ALLOW Anywhere
80 ALLOW Anywhere
22/tcp ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
# sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk -d www.products-catalog.nilov-sergey-demo-apps.tk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for products-catalog.nilov-sergey-demo-apps.tk
http-01 challenge for www.products-catalog.nilov-sergey-demo-apps.tk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.products-catalog.nilov-sergey-demo-apps.tk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.products-catalog.nilov-sergey-demo-apps.tk
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.products-catalog.nilov-sergey-demo-apps.tk
Type: None
Detail: DNS problem: NXDOMAIN looking up A for
www.products-catalog.nilov-sergey-demo-apps.tk
products-catalog.nilov-sergey-demo-apps.tk - 这是我进入 freenom.com 的域名,搜索后我发现了一个提示 我需要为 www 子域添加 A 记录
我尝试将新记录添加为 https://imgur.com/a/ijFxlzN 但是尝试提交此页面时我得到了:
• Error occured: Invalid value in dnsrecord
怎么了?新记录可以成为我的问题吗?或者我需要以其他方式移动?
更新#2 Appache 中的配置是:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/lprods/public
ServerName products-catalog.nilov-sergey-demo-apps.tk
ServerAlias products-catalog.nilov-sergey-demo-apps.tk
<Directory /var/www/html/lprods/public>
AllowOverride All
Order Deny,Allow
Allow from all
Require all granted
</Directory>
Options FollowSymLinks
DirectoryIndex index.php
ErrorLog /var/www/html/lprods/storage/logs/error.log
CustomLog /var/www/html/lprods/storage/logs/access.log combined
</VirtualHost>
/etc/hosts
中的行138.68.107.5 products-catalog.nilov-sergey-demo-apps.tk
会不会是我的问题?
已更新 # 3 我做了更多评论,发现下一个:
我的服务器的IP是138.68.107.4,在ssh下我进入OS的控制台是
ssh root@138.68.107.4
但在我的 /etc/hosts 文件中,我有下一行指向此服务器上的一些其他主机:
# 127.0.0.1 localhost
127.0.0.1 localhost.localdomain localhost
138.68.107.4 box.example.com box
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
138.68.107.4 votes.nilov-sergey-demo-apps.tk
138.68.107.5 products-catalog.nilov-sergey-demo-apps.tk
138.68.107.6 csvp.nilov-sergey-demo-apps.tk
...
我将最后 3 行修改为:
138.68.107.4 votes.nilov-sergey-demo-apps.tk
138.68.107.4 products-catalog.nilov-sergey-demo-apps.tk
138.68.107.4 csvp.nilov-sergey-demo-apps.tk
但我仍然不确定这是有效值,因为我又遇到下一个错误:
# sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk -d www.products-catalog.nilov-sergey-demo-apps.tk
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for products-catalog.nilov-sergey-demo-apps.tk
http-01 challenge for www.products-catalog.nilov-sergey-demo-apps.tk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.products-catalog.nilov-sergey-demo-apps.tk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up
A for www.products-catalog.nilov-sergey-demo-apps.tk
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.products-catalog.nilov-sergey-demo-apps.tk
Type: None
Detail: DNS problem: NXDOMAIN looking up A for
www.products-catalog.nilov-sergey-demo-apps.tk
此错误的原因可能是 /etc/hosts 中的错误 IP 还是其他问题?
谢谢!
certbot 抱怨:
DNS problem: NXDOMAIN looking up A for
www.products-catalog.nilov-sergey-demo-apps.tk
a) 本地 /etc/hosts 文件不是 public DNS 区域文件...只需添加域名;因为虚拟主机被 HTTP 主机区分 headers: 138.68.107.4 nilov-sergey-demo-apps.tk
使用 DNS 区域文件时,不必将它们添加到那里,就像 localhost.
b) 然后使用不带 non-existent www 虚拟主机的 certbot 命令:
sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk
或修复DNS和虚拟主机,以便为www虚拟主机服务;那么他们应该为两者工作。预计会有 A "address" 记录;但正在提供 CNAME "common name" 记录。要解决此问题,您只需将类型从 CNAME 更改为 A 并等待它分发。
自己看看:non-www and www。 HTTPS 也完全没有反应。
c) 并修复虚拟主机配置,您必须添加正确的 ServerAlias:
ServerName products-catalog.nilov-sergey-demo-apps.tk
ServerAlias www.products-catalog.nilov-sergey-demo-apps.tk
域 www.products-catalog.nilov-sergey-demo-apps.tk 未解析:
https://www.whatsmydns.net/#A/www.products-catalog.nilov-sergey-demo-apps.tk
所以这不是服务器配置问题,您只需在您的 DNS 管理器中添加 www.products-catalog 子域记录,
或从 certbot 命令中删除:-d www.products-catalog.nilov-sergey-demo-apps.tk
如果您 运行 certbot 使用 --manual certonly 然后 运行 使用 --apache 选项,它将 "reinstall" 证书到您的 Apache 服务器。
运行 :
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory
-d *.domain.com --manual --preferred-challenges dns-01 certonly
然后添加 DNS TXT 记录并单击 certbot 指令中的继续。
完成后,您可以 运行 像这样的简单 --apache install。
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory
-d *.domain.com --apache
这将要求重新安装证书,您可以select那个。