尝试使用 certbox 获取 SSL 证书,但是命令 sudo certbot --apache 在 ec2 实例上失败
Trying to use certbox to get SSL Certificate, however command sudo certbot --apache failed on ec2 instance
Here are the instructions I was following,这是我在尝试 运行 sudo certbot --apache
时收到的错误
我通过 ssh 连接到我的 EC2 实例并成功 运行 说明第 2 部分和第 3 部分中的所有命令,但现在第 4 部分中的这个命令失败了。这是输出:
bitnami@ip-172-31-82-209:~/apps/InterSportsGraphs$ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel): bigleaguegraphs.com www.bigleaguegraphs.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bigleaguegraphs.com
http-01 challenge for www.bigleaguegraphs.com
Enabled Apache rewrite module
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Unable to restart apache using ['apache2ctl', 'graceful']
Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Unable to restart apache using ['apache2ctl', 'graceful']
Encountered exception during recovery:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2185, in _reload
util.run_script(self.option("restart_cmd"))
File "/usr/lib/python3/dist-packages/certbot/util.py", line 86, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2287, in perform
self.restart()
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2175, in restart
self._reload()
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2203, in _reload
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2185, in _reload
util.run_script(self.option("restart_cmd"))
File "/usr/lib/python3/dist-packages/certbot/util.py", line 86, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/error_handler.py", line 108, in _call_registered
self.funcs[-1]()
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 323, in _cleanup_challenges
self.auth.cleanup(achalls)
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2312, in cleanup
self.restart()
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2175, in restart
self._reload()
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2203, in _reload
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
出现在整个错误中的错误消息的主要内容如下:
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
任何关于如何调试它以便为我的网站获取 SSL 证书的指导都很好,谢谢!我不是网络人,但需要完成此操作以保护我的网站。如果我可以分享任何有助于解决此问题的附加信息,或者我应该如何解决这个问题,请告诉我。谢谢!
编辑:我使用 https://www.ssllabs.com/ssltest/ 测试我的域 bigleaguegraphs.com 但也不太理解这里的输出。
Edit2:这里有两个指向其他 posts 的链接:
- https://unix.stackexchange.com/questions/381646/aws-ec2-instance-says-apache2-isnt-running-but-the-server-is-still-up-and-httpd
- https://community.bitnami.com/t/i-unable-to-restart-apache/47636
...好像和我的post有关?
根据您发布的日志输出和评论,我们知道您的网站由 node.js 而不是 Apache 提供服务。
这意味着您只有三个选择:
让 Apache 工作只是为了获得 Let's Encrypt 证书。我不推荐这种方法,因为它会很麻烦。关于使用的端口,Apache 会与 node.js 发生冲突,当您解决后仍然需要将检索到的证书集成到 node.js.
您可以通过 certbot 和任何其他服务器直接检索证书,例如 node.js,而不是使用 Apache 和 --apache 标志检索证书。通常这将涉及将 certbot 与 certonly --webroot 选项一起使用,您将需要修改 node.js 服务器(只是一点点)以实际使用检索到的证书并在另一个端口上侦听 SSL/TLS 连接。这种方法的一个很好的起点可能是这篇针对 node.js 和 express.js 的文章(并且 express.js 是迄今为止最流行的 HTTP 服务器包的包 node.js 所以很可能你的网站也使用它或者至少是一个非常相似的包):https://www.sitepoint.com/how-to-use-ssltls-with-node-js/
如果您有一个站点或一小部分站点想要获得证书,我会推荐这种方法。
而不是让 Let's Encrypt 通过 HTTP 验证您的网站,这总是涉及通过现有服务器(如 Apache 并带有 --apache 标志)或任何其他服务器提供质询响应(使用 certonly --webroot 选项)您还可以通过 DNS 提供这些响应。这也适用于 certonly 选项(并且您还需要修改 node.js 才能像以前的方法一样实际使用证书)但是它有点复杂,额外的必需选项可能会有所不同在您的 DNS 提供商上。您可以在 https://certbot.eff.org/docs/using.html#dns-plugins 找到流行 DNS 提供商的文档概述。
如果您有更多的网站并且想要通配符证书,我绝对会推荐这种方法(专业提示:每个 DNS 提供商都可以使用 docker 图像:https://hub.docker.com/r/certbot/certbot/)。
Here are the instructions I was following,这是我在尝试 运行 sudo certbot --apache
我通过 ssh 连接到我的 EC2 实例并成功 运行 说明第 2 部分和第 3 部分中的所有命令,但现在第 4 部分中的这个命令失败了。这是输出:
bitnami@ip-172-31-82-209:~/apps/InterSportsGraphs$ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel): bigleaguegraphs.com www.bigleaguegraphs.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bigleaguegraphs.com
http-01 challenge for www.bigleaguegraphs.com
Enabled Apache rewrite module
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Unable to restart apache using ['apache2ctl', 'graceful']
Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Unable to restart apache using ['apache2ctl', 'graceful']
Encountered exception during recovery:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2185, in _reload
util.run_script(self.option("restart_cmd"))
File "/usr/lib/python3/dist-packages/certbot/util.py", line 86, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2287, in perform
self.restart()
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2175, in restart
self._reload()
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2203, in _reload
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2185, in _reload
util.run_script(self.option("restart_cmd"))
File "/usr/lib/python3/dist-packages/certbot/util.py", line 86, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/error_handler.py", line 108, in _call_registered
self.funcs[-1]()
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 323, in _cleanup_challenges
self.auth.cleanup(achalls)
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2312, in cleanup
self.restart()
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2175, in restart
self._reload()
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2203, in _reload
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
出现在整个错误中的错误消息的主要内容如下:
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
任何关于如何调试它以便为我的网站获取 SSL 证书的指导都很好,谢谢!我不是网络人,但需要完成此操作以保护我的网站。如果我可以分享任何有助于解决此问题的附加信息,或者我应该如何解决这个问题,请告诉我。谢谢!
编辑:我使用 https://www.ssllabs.com/ssltest/ 测试我的域 bigleaguegraphs.com 但也不太理解这里的输出。
Edit2:这里有两个指向其他 posts 的链接:
- https://unix.stackexchange.com/questions/381646/aws-ec2-instance-says-apache2-isnt-running-but-the-server-is-still-up-and-httpd
- https://community.bitnami.com/t/i-unable-to-restart-apache/47636
...好像和我的post有关?
根据您发布的日志输出和评论,我们知道您的网站由 node.js 而不是 Apache 提供服务。 这意味着您只有三个选择:
让 Apache 工作只是为了获得 Let's Encrypt 证书。我不推荐这种方法,因为它会很麻烦。关于使用的端口,Apache 会与 node.js 发生冲突,当您解决后仍然需要将检索到的证书集成到 node.js.
中
您可以通过 certbot 和任何其他服务器直接检索证书,例如 node.js,而不是使用 Apache 和
--apache标志检索证书。通常这将涉及将 certbot 与certonly --webroot选项一起使用,您将需要修改 node.js 服务器(只是一点点)以实际使用检索到的证书并在另一个端口上侦听 SSL/TLS 连接。这种方法的一个很好的起点可能是这篇针对 node.js 和 express.js 的文章(并且 express.js 是迄今为止最流行的 HTTP 服务器包的包 node.js 所以很可能你的网站也使用它或者至少是一个非常相似的包):https://www.sitepoint.com/how-to-use-ssltls-with-node-js/
如果您有一个站点或一小部分站点想要获得证书,我会推荐这种方法。而不是让 Let's Encrypt 通过 HTTP 验证您的网站,这总是涉及通过现有服务器(如 Apache 并带有
--apache标志)或任何其他服务器提供质询响应(使用certonly --webroot选项)您还可以通过 DNS 提供这些响应。这也适用于certonly选项(并且您还需要修改 node.js 才能像以前的方法一样实际使用证书)但是它有点复杂,额外的必需选项可能会有所不同在您的 DNS 提供商上。您可以在 https://certbot.eff.org/docs/using.html#dns-plugins 找到流行 DNS 提供商的文档概述。
如果您有更多的网站并且想要通配符证书,我绝对会推荐这种方法(专业提示:每个 DNS 提供商都可以使用 docker 图像:https://hub.docker.com/r/certbot/certbot/)。