我正在使用 Docker 在 AWS 上运行 Sentry。该服务现在正在端口 9000 上运行。
我想使用 HTTPS,从 Let's Encrypt 获取证书。但是我收到以下错误:
sudo certbot --nginx certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
------------------------------------------------------------------------------- 1: sentry.example.com
------------------------------------------------------------------------------- Select the appropriate numbers separated by commas and/or spaces, or
leave input blank to select all options shown (Enter 'c' to cancel): **1**
Obtaining a new certificate Performing the following challenges:
tls-sni-01 challenge for sentry.example.com Waiting for
verification... Cleaning up challenges Failed authorization procedure.
sentry.example.com (tls-sni-01): urn:acme:error:connection :: The
server could not connect to the client to verify the domain ::
Connection reset by peer
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: sentry.example.com Type: connection Detail:
Connection reset by peer
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
root@ip-172-31-23-107:/home/ubuntu/onpremise# netstat -ntlp Active
Internet connections (only servers)
netstat -ntlp
AWS“防火墙”规则
在线 DNS 查询
答案1
我分享我的经验,没有使用 docker,但肯定使用了 apache。
- 可能是网络繁忙。稍后再尝试一下。
尝试使用 webroot。https://certbot.eff.org/docs/using.html#nginx
您曾经申请过这个域名吗?尝试撤销它然后应用它。
由于有了新的支持,当你成功时可能会满足CAA记录。如果 AWS 支持此记录,只需将 CAA 添加到 AWS。
希望这些能够对您有所帮助。
答案2
显然,当首先生成自签名证书并随后请求让我们加密证书时,它的效果更好。