我看到其他问题也有同样的错误,但它们的答案/解决方案对我来说不起作用或不适用。
我的设置:
- 我家里有一台路由器后面的服务器
- 服务器上没有防火墙,并且在路由器上配置为 DMZ(所有 WAN 流量都路由到 LAN 上的服务器)
- 我有https://www.dynu.com帐户
dingobaby.kozow.com。 - 如果我托管一个简单的 Web 服务器(
python -m SimpleHTTPServer 80)那么我能访问方式:http://dingobaby.kozow.com
我正在尝试certbot创建一个 Let's Encrypt 证书,用于 exim。我收到错误“授权程序失败....连接时超时(可能是防火墙问题)”
但是,在它因错误退出之前我能去http://dingobaby.kozow.com并看到消息“ACME 客户端独立挑战求解器”。
我不确定certbot如果 URL 可以访问为什么会失败?
root@host:/home/myaccount# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): dingobaby.kozow.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dingobaby.kozow.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. dingobaby.kozow.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://dingobaby.kozow.com/.well-known/acme-challenge/HIsnwP90XZbvwdB0QepgtyAFt373AOaiJaaHMUEnMhY: Timeout during connect (likely firewall problem)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: dingobaby.kozow.com
Type: connection
Detail: Fetching
http://dingobaby.kozow.com/.well-known/acme-challenge/HIsnwP90XZbvwdB0QepgtyAFt373AOaiJaaHMUEnMhY:
Timeout during connect (likely firewall problem)
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
root@host:/home/myaccount#
(注意,我已禁用路由器上的端口转发,因此http://dingobaby.kozow.com现在还不行。)
答案1
Web 服务器需要能够从您的专用网络外部访问。正如 @Corin 在上面评论的那样,一些 ISP 会阻止传入端口 80。如果是这种情况,可以咨询您的 Internet 服务提供商。
要检查 Web 服务器是否可以从外部访问,可以使用许多网站,例如:开放端口检查器。