我有一个经过充分测试的bash脚本,几周前运行良好.
似乎certbot挑战现在默认为http而不是https.我无法弄清楚原因.
似乎certbot挑战现在默认为http而不是https.我无法弄清楚原因.
echo 'rsa-key-size = 2048 renew-hook = /usr/sbin/ipsec reload && /usr/sbin/ipsec secrets ' > /etc/letsencrypt/cli.ini certbot certonly --non-interactive --agree-tos --email $EMAIL --standalone -d $VPNHOST
防火墙设置:
Firewall stopped and disabled on system startup Chain INPUT (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere state NEW recent: UPDATE seconds: 60 hit_count: 12 name: DEFAULT side: source mask: 255.255.255.255 all -- anywhere anywhere state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT all -- anywhere anywhere DROP all -- anywhere anywhere state INVALID ACCEPT udp -- anywhere anywhere udp dpt:isakmp ACCEPT udp -- anywhere anywhere udp dpt:ipsec-nat-t DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- ip-10-10-10-0.eu-west-2.compute.internal/24 anywhere policy match dir in pol ipsec proto esp ACCEPT all -- anywhere ip-10-10-10-0.eu-west-2.compute.internal/24 policy match dir out pol ipsec proto esp DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination
Certbot:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone,Installer None Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for vpn-1.duelify.com Waiting for verification... Cleaning up challenges Failed authorization procedure. vpn-1.duelify.com (http-01): urn:acme:error:connection :: The server Could not connect to the client to verify the domain :: Fetching http://vpn-1.duelify.com/.well-kNown/acme-challenge/BsPR5NK4JVb8rgIyS2VR4VTOv4Bc1F5TNppjoo95O70: Timeout IMPORTANT NOTES: - The following errors were reported by the server: Domain: vpn-1.duelify.com Type: connection Detail: Fetching http://vpn-1.duelify.com/.well-kNown/acme-challenge/BsPR5NK4JVb8rgIyS2VR4VTOv4Bc1F5TNppjoo95O70: Timeout To fix these errors,please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. Additionally,please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin,you should also verify that you are serving files from the webroot path you provided. - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder Now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
