Certbot 通过自定义端口更新问题
Cerbot Renew Issue over Custom Port
我目前正在使用以下命令以脚本方式生成证书请求:
certbot certonly --standalone --preferred-challenges http --http-01-port 44344 -d my-domain-name.com
我一直在尝试 运行 使用相同的标志进行续订:
certbot renew --standalone --preferred-challenges http --http-01-port 44344
但我收到以下回复:
Domain: www.my-domain-name.com
Type: unauthorized
Detail: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.my-domain-name.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>"
Calling registered functions
Cleaning up challenges
Stopping server at :::54345...
Attempting to renew cert (my-domain-name.com) from /etc/letsencrypt/renewal/my-domain-name.com.conf produced an unexpected error: Failed authorization procedure. www.my-domain-name.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>". Skipping.
Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 452, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 310, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.my-domain-name.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>"
看起来它可能忽略了续订请求中的那个端口。关于如何使续订工作有任何想法吗?
提前致谢!
我最后 运行 每个月执行此命令以确保我的证书保持更新:
certbot renew --force-renewal --tls-sni-01-port=44344
我目前正在使用以下命令以脚本方式生成证书请求:
certbot certonly --standalone --preferred-challenges http --http-01-port 44344 -d my-domain-name.com
我一直在尝试 运行 使用相同的标志进行续订:
certbot renew --standalone --preferred-challenges http --http-01-port 44344
但我收到以下回复:
Domain: www.my-domain-name.com
Type: unauthorized
Detail: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.my-domain-name.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>"
Calling registered functions
Cleaning up challenges
Stopping server at :::54345...
Attempting to renew cert (my-domain-name.com) from /etc/letsencrypt/renewal/my-domain-name.com.conf produced an unexpected error: Failed authorization procedure. www.my-domain-name.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>". Skipping.
Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 452, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 310, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.my-domain-name.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>"
看起来它可能忽略了续订请求中的那个端口。关于如何使续订工作有任何想法吗?
提前致谢!
我最后 运行 每个月执行此命令以确保我的证书保持更新:
certbot renew --force-renewal --tls-sni-01-port=44344