certbot certonly dynu(动态 DNS)在连接期间超时,即使 URL 可以访问

certbot certonly dynu(动态 DNS)在连接期间超时,即使 URL 可以访问

我看到其他问题也有同样的错误,但它们的答案/解决方案对我来说不起作用或不适用。

我的设置:

  • 我家里有一台路由器后面的服务器
  • 服务器上没有防火墙,并且在路由器上配置为 DMZ(所有 WAN 流量都路由到 LAN 上的服务器)
  • 我有https://www.dynu.com帐户dingobaby.kozow.com
  • 如果我托管一个简单的 Web 服务器(python -m SimpleHTTPServer 80)那么我访问方式:http://dingobaby.kozow.com

我正在尝试certbot创建一个 Let's Encrypt 证书,用于 exim。我收到错误“授权程序失败....连接时超时(可能是防火墙问题)”

但是,在它因错误退出之前我http://dingobaby.kozow.com并看到消息“ACME 客户端独立挑战求解器”。

我不确定certbot如果 URL 可以访问为什么会失败?

root@host:/home/myaccount# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): dingobaby.kozow.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dingobaby.kozow.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. dingobaby.kozow.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://dingobaby.kozow.com/.well-known/acme-challenge/HIsnwP90XZbvwdB0QepgtyAFt373AOaiJaaHMUEnMhY: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: dingobaby.kozow.com
   Type:   connection
   Detail: Fetching
   http://dingobaby.kozow.com/.well-known/acme-challenge/HIsnwP90XZbvwdB0QepgtyAFt373AOaiJaaHMUEnMhY:
   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
root@host:/home/myaccount#

(注意,我已禁用路由器上的端口转发,因此http://dingobaby.kozow.com现在还不行。)

答案1

Web 服务器需要能够从您的专用网络外部访问。正如 @Corin 在上面评论的那样,一些 ISP 会阻止传入端口 80。如果是这种情况,可以咨询您的 Internet 服务提供商。

要检查 Web 服务器是否可以从外部访问,可以使用许多网站,例如:开放端口检查器

相关内容