Letsencrypt
伺服器無法連接到客戶端以驗證 Let’s Encrypt 的 Certbot 的域
我正在使用 Docker 在 AWS 上執行 Sentry。該服務現在在埠 9000 上執行。
我想使用 HTTPS,從 Let’s Encrypt 獲取證書。但是我收到以下錯誤:
sudo certbot --nginx certonlySaving debug log to /var/log/letsencrypt/letsencrypt.log Which names would you like to activate HTTPS for? ------------------------------------------------------------------------------- 1: sentry.example.com ------------------------------------------------------------------------------- Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): **1** Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for sentry.example.com Waiting for verification... Cleaning up challenges Failed authorization procedure. sentry.example.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Connection reset by peer IMPORTANT NOTES: - The following errors were reported by the server: Domain: sentry.example.com Type: connection Detail: Connection reset by peer To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webroot path you provided. root@ip-172-31-23-107:/home/ubuntu/onpremise# netstat -ntlp Active Internet connections (only servers)netstat -ntlp
AWS“防火牆”規則
線上 DNS 查詢
顯然,在首先生成自簽名證書然後請求讓我們加密證書時效果更好。
我在沒有 docker 的情況下分享我的經驗,但絕對是 apache。
- 可能是網路忙。稍後再試。
- 嘗試使用 webroot。https://certbot.eff.org/docs/using.html#nginx
- 你有申請過這個域名嗎?嘗試撤銷它然後應用它。
既然有新的支持,有一個CAA記錄可能會在你獲得成功的時候得到滿足。如果 AWS 支持此記錄,只需將 CAA 添加到 AWS。
希望這些能夠幫助到你。