连接超时(可能是防火墙问题)Apache2 Ubuntu 20.04 服务器,Certbot

连接超时(可能是防火墙问题)Apache2 Ubuntu 20.04 服务器,Certbot

我的域名是:
sturtz.ml
我运行了这个命令:
certbot
它产生了这个输出:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: sturtz.ml
2: cloud.sturtz.ml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.sturtz.ml
http-01 challenge for sturtz.ml
Waiting for verification...
Challenge failed for domain cloud.sturtz.ml
Challenge failed for domain sturtz.ml
http-01 challenge for cloud.sturtz.ml
http-01 challenge for sturtz.ml
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: cloud.sturtz.ml
   Type:   connection
   Detail: Fetching
   http://cloud.sturtz.ml/.well-known/acme-challenge/a5xmyvF4-GcxjiNnl-fo_jiVuGoniwIwubkoFD63xQ8:
   Timeout during connect (likely firewall problem)

   Domain: sturtz.ml
   Type:   connection
   Detail: Fetching
   http://sturtz.ml/.well-known/acme-challenge/uqLWHSnLvl6T_aqioj4wMvFhM7tftTk3RVsTa0FnhFI:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
My web server is (include version):

服务器版本:
Apache/2.4.41(Ubuntu)。

我的 Web 服务器运行的操作系统是(包括版本):
Ubuntu Server 20.04

我的客户端的版本是(例如输出certbot --versioncertbot-auto --version如果您使用 Certbot):
certbot 1.7.0。

ip address

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:23:24:08:58:1f brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.8/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s25
       valid_lft 81865sec preferred_lft 81865sec
    inet6 2604:99c0:8:2fe6:cff:f4b1:8ace:8064/64 scope global temporary dynamic 
       valid_lft 43189sec preferred_lft 26989sec
    inet6 2604:99c0:8:2fe6:223:24ff:fe08:581f/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 43189sec preferred_lft 26989sec
    inet6 fe80::223:24ff:fe08:581f/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:1b:21:bf:e7:28 brd ff:ff:ff:ff:ff:ff
    inet 169.254.38.166/16 brd 169.254.255.255 scope link noprefixroute ens2
       valid_lft forever preferred_lft forever
    inet6 2604:99c0:8:2fe6:287b:327f:9773:771f/64 scope global temporary dynamic 
       valid_lft 43189sec preferred_lft 26989sec
    inet6 2604:99c0:8:2fe6:21b:21ff:febf:e728/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 43189sec preferred_lft 26989sec
    inet6 fe80::21b:21ff:febf:e728/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

sudo lsof -iTCP -sTCP:LISTEN -P

COMMAND    PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd-r  755 systemd-resolve   13u  IPv4  26099      0t0  TCP localhost:53 (LISTEN)
cupsd      771            root    7u  IPv6  30989      0t0  TCP ip6-localhost:631 (LISTEN)
cupsd      771            root    8u  IPv4  30990      0t0  TCP localhost:631 (LISTEN)
named      873            bind   22u  IPv4  30300      0t0  TCP localhost:953 (LISTEN)
named      873            bind   26u  IPv4  30129      0t0  TCP localhost:53 (LISTEN)
named      873            bind   27u  IPv4  30129      0t0  TCP localhost:53 (LISTEN)
named      873            bind   28u  IPv4  30129      0t0  TCP localhost:53 (LISTEN)
named      873            bind   32u  IPv6  30749      0t0  TCP ip6-localhost:53 (LISTEN)
named      873            bind   33u  IPv6  30749      0t0  TCP ip6-localhost:53 (LISTEN)
named      873            bind   34u  IPv6  30749      0t0  TCP ip6-localhost:53 (LISTEN)
named      873            bind   35u  IPv6  30301      0t0  TCP ip6-localhost:953 (LISTEN)
named      873            bind   38u  IPv6  30520      0t0  TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named      873            bind   39u  IPv6  30520      0t0  TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named      873            bind   40u  IPv6  30520      0t0  TCP [fe80::223:24ff:fe08:581f]:53 (LISTEN)
named      873            bind   45u  IPv4  30704      0t0  TCP sturtz001:53 (LISTEN)
named      873            bind   46u  IPv4  30704      0t0  TCP sturtz001:53 (LISTEN)
named      873            bind   47u  IPv4  30704      0t0  TCP sturtz001:53 (LISTEN)
named      873            bind   50u  IPv4  32956      0t0  TCP sturtz001.local:53 (LISTEN)
named      873            bind   51u  IPv4  32956      0t0  TCP sturtz001.local:53 (LISTEN)
named      873            bind   52u  IPv4  32956      0t0  TCP sturtz001.local:53 (LISTEN)
mysqld     946           mysql   26u  IPv4  31345      0t0  TCP localhost:3306 (LISTEN)
sshd      1320            root    3u  IPv4  34564      0t0  TCP *:22 (LISTEN)
sshd      1320            root    4u  IPv6  34566      0t0  TCP *:22 (LISTEN)
apache2   1336            root    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   1336            root    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
miniserv. 1479            root    5u  IPv4  37015      0t0  TCP *:10000 (LISTEN)
apache2   2567        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2567        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
apache2   2568        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2568        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
apache2   2569        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2569        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
apache2   2570        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2570        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)
apache2   2571        www-data    4u  IPv6  34789      0t0  TCP *:80 (LISTEN)
apache2   2571        www-data    6u  IPv6  34793      0t0  TCP *:443 (LISTEN)

路由器状态页面 在此处输入图片描述 我在 DMZ,我已关闭 ufw netstat -pant

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      873/named           
tcp        0      0 127.0.0.1:9050          0.0.0.0:*               LISTEN      966/tor             
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      946/mysqld          
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      1479/perl           
tcp        0      0 169.254.38.166:53       0.0.0.0:*               LISTEN      873/named           
tcp        0      0 192.168.1.8:53          0.0.0.0:*               LISTEN      873/named           
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      873/named           
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      755/systemd-resolve 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1320/sshd: /usr/sbi 
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      771/cupsd           
tcp        0      0 192.168.1.8:48794       35.224.99.156:80        TIME_WAIT   -                   
tcp        0    248 192.168.1.8:22          192.168.1.6:49682       ESTABLISHED 1412/sshd: nsturtz  
tcp6       0      0 ::1:953                 :::*                    LISTEN      873/named           
tcp6       0      0 :::443                  :::*                    LISTEN      1336/apache2        
tcp6       0      0 :::80                   :::*                    LISTEN      1336/apache2        
tcp6       0      0 fe80::223:24ff:fe08::53 :::*                    LISTEN      873/named           
tcp6       0      0 ::1:53                  :::*                    LISTEN      873/named           
tcp6       0      0 :::22                   :::*                    LISTEN      1320/sshd: /usr/sbi 
tcp6       0      0 ::1:631                 :::*                    LISTEN      771/cupsd   

这是我的服务器注意到的 IP 地址列表(我从登录时获得)

  IPv4 address for enp0s25: 192.168.1.8
  IPv6 address for enp0s25: 2604:99c0:8:2fe6:cff:f4b1:8ace:8064
  IPv6 address for enp0s25: 2604:99c0:8:2fe6:223:24ff:fe08:581f
  IPv4 address for ens2:    169.254.38.166
  IPv6 address for ens2:    2604:99c0:8:2fe6:287b:327f:9773:771f
  IPv6 address for ens2:    2604:99c0:8:2fe6:21b:21ff:febf:e728

答案1

我和我的 ISP 进行了交谈,他们说问题出在他们那边,我只需要支付 5 美元购买静态 IPv4 即可。

相关内容