Certbot 极限挑战
Certbot acme challenge
我有两台服务器。
一个作为 web 服务器,另一个是 radius 服务器。
为了设置半径,我必须通过发出
来验证域名的所有权
certbot certonly --standalone -d my.comain.com
不幸的是,returns
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for my.domain.com
Performing the following challenges:
http-01 challenge for my.domain.com
Waiting for verification...
Challenge failed for domain my.domain.com
http-01 challenge for my.domain.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: my.domain.com
Type: unauthorized
Detail: Invalid response from
http://my.domain.com/.well-known/acme-challenge/lZJhjHOvCGs0DKmrdJbi31iGW_RpNL58ua2CPzwmKA4
[1XX.1XX.1XX.1XX]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
供您参考,此命令是 运行 来自 radius 服务器,域在网络服务器上。该域可通过浏览器访问。即使我为 http 文件夹设置了 777 权限,错误仍然存在。
是否必须在同一台服务器上?
来自 Certbot 的 documentation:
This plugin needs to bind to port 80 in order to perform domain validation, so you may need to stop your existing webserver.
certbot 充当网络服务器以验证域。 Let's Encrypt 尝试连接到 certbot's -d 选项指向的域上的此 Web 服务器(在您的情况下为 my.domain.com)。因此,您将需要一些临时网络技巧(端口转发、DNS 更改等),以便在您请求此证书时,来自 Let's Encrypt 的流量到达 RADIUS 服务器,而不是 Web 服务器。您还需要每三个月重复一次以进行续订。
我有两台服务器。 一个作为 web 服务器,另一个是 radius 服务器。 为了设置半径,我必须通过发出
来验证域名的所有权certbot certonly --standalone -d my.comain.com
不幸的是,returns
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for my.domain.com
Performing the following challenges:
http-01 challenge for my.domain.com
Waiting for verification...
Challenge failed for domain my.domain.com
http-01 challenge for my.domain.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: my.domain.com
Type: unauthorized
Detail: Invalid response from
http://my.domain.com/.well-known/acme-challenge/lZJhjHOvCGs0DKmrdJbi31iGW_RpNL58ua2CPzwmKA4
[1XX.1XX.1XX.1XX]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
供您参考,此命令是 运行 来自 radius 服务器,域在网络服务器上。该域可通过浏览器访问。即使我为 http 文件夹设置了 777 权限,错误仍然存在。
是否必须在同一台服务器上?
来自 Certbot 的 documentation:
This plugin needs to bind to port 80 in order to perform domain validation, so you may need to stop your existing webserver.
certbot 充当网络服务器以验证域。 Let's Encrypt 尝试连接到 certbot's -d 选项指向的域上的此 Web 服务器(在您的情况下为 my.domain.com)。因此,您将需要一些临时网络技巧(端口转发、DNS 更改等),以便在您请求此证书时,来自 Let's Encrypt 的流量到达 RADIUS 服务器,而不是 Web 服务器。您还需要每三个月重复一次以进行续订。