我已经运行sudo certbot --apache -d scilabnet.asuscomm.com,但是在尝试在我的 apache2 服务器上设置 SSL 证书时出现错误:
sarah@scilab_comp_0:~$ sudo certbot --apache -d scilabnet.asuscomm.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for scilabnet.asuscomm.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. scilabnet.asuscomm.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://scilabnet.asuscomm.com/.well-known/acme-challenge/6Tj8Rc9c6D_aZ_lqPdtXXKqfdubVAWn8Gapl5ZA6-jc: Timeout during connect (likely firewall problem)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: scilabnet.asuscomm.com
Type: connection
Detail: Fetching
http://scilabnet.asuscomm.com/.well-known/acme-challenge/6Tj8Rc9c6D_aZ_lqPdtXXKqfdubVAWn8Gapl5ZA6-jc:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
不确定我做错了什么。UFW 未启用。
如何使 SSL 证书在我的 apache2 服务器上生效?
编辑0:该域名可以访问(并且在测试期间):
服务器设置为监听 80 端口ports.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
编辑1:服务器具有静态 IP 192.168.1.222 路由器配置:
编辑2: iptables:
sarah@scilab_comp_0:~$ sudo iptables -nvL
Chain INPUT (policy ACCEPT 1278 packets, 123K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
1333 72435 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
5 300 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW,ESTABLISHED
2 120 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 ctstate NEW,ESTABLISHED
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1041 packets, 71711 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
1234 63983 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 ctstate ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:443 ctstate ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 ctstate ESTABLISHED
编辑3:根据我的路由器,域名应该需要注册。我在路由器软件上注册了域名,它告诉我曾是挂号的:
编辑4:将 DMZ 设置更改为禁用,并将端口 80、443 设置为转发到服务器(192.168.1.222)。
我注意到运行时sudo service apache2 status出现错误,无法解析完全限定名称。不确定哪里出了问题,或者这是否是导致问题的原因,但我将发布我的配置:
网站的虚拟主机
/etc/apache2/sites-available/scilabnet.asuscomm.com.conf::
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/html/scilabnet.asuscomm.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName scilabnet.asuscomm.com
ServerAlias www.scilabnet.asuscomm.com
</VirtualHost>
该网站已启用。我无法通过 URL 访问它,但我可以使用192.168.1.222浏览器的 URL 栏访问它。我获取了网站的索引文件。
我的网站索引为:/var/www/html/scilabnet.asuscomm.com/public_html/index.html。
编辑5:转发端口
编辑6:正确的端口转发:
答案1
我刚刚尝试在浏览器中访问 scilabnet.asuscomm.com,但它没有响应(域名确实解析了)。这几乎肯定是 certbot 超时的原因。找出为什么 scilabnet.asuscomm.com 无法通过端口 80 上的 HTTP 公开访问,解决问题,然后重试,它应该可以正常工作。