我的域名是:
sturtz.ml
。
我运行了这个命令:
certbot
它产生了这个输出:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: sturtz.ml
2: cloud.sturtz.ml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.sturtz.ml
http-01 challenge for sturtz.ml
Waiting for verification...
Challenge failed for domain cloud.sturtz.ml
Challenge failed for domain sturtz.ml
http-01 challenge for cloud.sturtz.ml
http-01 challenge for sturtz.ml
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: cloud.sturtz.ml
Type: connection
Detail: Fetching
http://cloud.sturtz.ml/.well-known/acme-challenge/a5xmyvF4-GcxjiNnl-fo_jiVuGoniwIwubkoFD63xQ8:
Timeout during connect (likely firewall problem)
Domain: sturtz.ml
Type: connection
Detail: Fetching
http://sturtz.ml/.well-known/acme-challenge/uqLWHSnLvl6T_aqioj4wMvFhM7tftTk3RVsTa0FnhFI:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
My web server is (include version):
服务器版本:
Apache/2.4.41(Ubuntu)。
我的 Web 服务器运行的操作系统是(包括版本):
Ubuntu Server 20.04
我的客户端的版本是(例如输出certbot --version
或certbot-auto --version
如果您使用 Certbot):
certbot 1.7.0。
ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:23:24:08:58:1f brd ff:ff:ff:ff:ff:ff
inet 192.168.1.8/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s25
valid_lft 81865sec preferred_lft 81865sec
inet6 2604:99c0:8:2fe6:cff:f4b1:8ace:8064/64 scope global temporary dynamic
valid_lft 43189sec preferred_lft 26989sec
inet6 2604:99c0:8:2fe6:223:24ff:fe08:581f/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 43189sec preferred_lft 26989sec
inet6 fe80::223:24ff:fe08:581f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:1b:21:bf:e7:28 brd ff:ff:ff:ff:ff:ff
inet 169.254.38.166/16 brd 169.254.255.255 scope link noprefixroute ens2
valid_lft forever preferred_lft forever
inet6 2604:99c0:8:2fe6:287b:327f:9773:771f/64 scope global temporary dynamic
valid_lft 43189sec preferred_lft 26989sec
inet6 2604:99c0:8:2fe6:21b:21ff:febf:e728/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 43189sec preferred_lft 26989sec
inet6 fe80::21b:21ff:febf:e728/64 scope link noprefixroute
valid_lft forever preferred_lft forever
sudo lsof -iTCP -sTCP:LISTEN -P
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd-r 755 systemd-resolve 13u IPv4 26099 0t0 TCP localhost:53 (LISTEN)
cupsd 771 root 7u IPv6 30989 0t0 TCP ip6-localhost:631 (LISTEN)
cupsd 771 root 8u IPv4 30990 0t0 TCP localhost:631 (LISTEN)
named 873 bind 22u IPv4 30300 0t0 TCP localhost:953 (LISTEN)
named 873 bind 26u IPv4 30129 0t0 TCP localhost:53 (LISTEN)
named 873 bind 27u IPv4 30129 0t0 TCP localhost:53 (LISTEN)
named 873 bind 28u IPv4 30129 0t0 TCP localhost:53 (LISTEN)
named 873 bind 32u IPv6 30749 0t0 TCP ip6-localhost:53 (LISTEN)
named 873 bind 33u IPv6 30749 0t0 TCP ip6-localhost:53 (LISTEN)
named 873 bind 34u IPv6 30749 0t0 TCP ip6-localhost:53 (LISTEN)
named 873 bind 35u IPv6 30301 0t0 TCP ip6-localhost:953 (LISTEN)
named 873 bind 38u IPv6 30520 0t0 TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named 873 bind 39u IPv6 30520 0t0 TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named 873 bind 40u IPv6 30520 0t0 TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named 873 bind 45u IPv4 30704 0t0 TCP sturtz001:53 (LISTEN)
named 873 bind 46u IPv4 30704 0t0 TCP sturtz001:53 (LISTEN)
named 873 bind 47u IPv4 30704 0t0 TCP sturtz001:53 (LISTEN)
named 873 bind 50u IPv4 32956 0t0 TCP sturtz001.local:53 (LISTEN)
named 873 bind 51u IPv4 32956 0t0 TCP sturtz001.local:53 (LISTEN)
named 873 bind 52u IPv4 32956 0t0 TCP sturtz001.local:53 (LISTEN)
mysqld 946 mysql 26u IPv4 31345 0t0 TCP localhost:3306 (LISTEN)
sshd 1320 root 3u IPv4 34564 0t0 TCP *:22 (LISTEN)
sshd 1320 root 4u IPv6 34566 0t0 TCP *:22 (LISTEN)
apache2 1336 root 4u IPv6 34789 0t0 TCP *:80 (LISTEN)
apache2 1336 root 6u IPv6 34793 0t0 TCP *:443 (LISTEN)
miniserv. 1479 root 5u IPv4 37015 0t0 TCP *:10000 (LISTEN)
apache2 2567 www-data 4u IPv6 34789 0t0 TCP *:80 (LISTEN)
apache2 2567 www-data 6u IPv6 34793 0t0 TCP *:443 (LISTEN)
apache2 2568 www-data 4u IPv6 34789 0t0 TCP *:80 (LISTEN)
apache2 2568 www-data 6u IPv6 34793 0t0 TCP *:443 (LISTEN)
apache2 2569 www-data 4u IPv6 34789 0t0 TCP *:80 (LISTEN)
apache2 2569 www-data 6u IPv6 34793 0t0 TCP *:443 (LISTEN)
apache2 2570 www-data 4u IPv6 34789 0t0 TCP *:80 (LISTEN)
apache2 2570 www-data 6u IPv6 34793 0t0 TCP *:443 (LISTEN)
apache2 2571 www-data 4u IPv6 34789 0t0 TCP *:80 (LISTEN)
apache2 2571 www-data 6u IPv6 34793 0t0 TCP *:443 (LISTEN)
路由器状态页面
我在 DMZ,我已关闭 ufw
netstat -pant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 873/named
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 966/tor
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 946/mysqld
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 1479/perl
tcp 0 0 169.254.38.166:53 0.0.0.0:* LISTEN 873/named
tcp 0 0 192.168.1.8:53 0.0.0.0:* LISTEN 873/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 873/named
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 755/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1320/sshd: /usr/sbi
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 771/cupsd
tcp 0 0 192.168.1.8:48794 35.224.99.156:80 TIME_WAIT -
tcp 0 248 192.168.1.8:22 192.168.1.6:49682 ESTABLISHED 1412/sshd: nsturtz
tcp6 0 0 ::1:953 :::* LISTEN 873/named
tcp6 0 0 :::443 :::* LISTEN 1336/apache2
tcp6 0 0 :::80 :::* LISTEN 1336/apache2
tcp6 0 0 fe80::223:24ff:fe08::53 :::* LISTEN 873/named
tcp6 0 0 ::1:53 :::* LISTEN 873/named
tcp6 0 0 :::22 :::* LISTEN 1320/sshd: /usr/sbi
tcp6 0 0 ::1:631 :::* LISTEN 771/cupsd
这是我的服务器注意到的 IP 地址列表(我从登录时获得)
IPv4 address for enp0s25: 192.168.1.8
IPv6 address for enp0s25: 2604:99c0:8:2fe6:cff:f4b1:8ace:8064
IPv6 address for enp0s25: 2604:99c0:8:2fe6:223:24ff:fe08:581f
IPv4 address for ens2: 169.254.38.166
IPv6 address for ens2: 2604:99c0:8:2fe6:287b:327f:9773:771f
IPv6 address for ens2: 2604:99c0:8:2fe6:21b:21ff:febf:e728
答案1
我和我的 ISP 进行了交谈,他们说问题出在他们那边,我只需要支付 5 美元购买静态 IPv4 即可。