我正在努力使我的第一个 SSL 证书发挥作用(但我似乎至少收到了我的证书)。
下面是我的 docker-compose up 的一些输出示例
ubuntu@ip-172-31-93-63:~/doom 7$ sudo docker-compose up
Starting traefik ... done
Starting doom ... done
Attaching to traefik, doom
traefik | time="2023-04-09T20:04:31Z" level=info msg="Configuration loaded from flags."
doom | Watching for file changes with StatReloader
traefik | time="2023-04-09T20:04:38Z" level=error msg="Unable to obtain ACME certificate for domains \"tgmjack.com\": unable to generate a certificate for the domains [tgmjack.com]: error: one or more domains had a problem:\n[tgmjack.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge\n" rule="Host(`tgmjack.com`)" providerName=letsencrypt.acme ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" routerName=doom@docker
traefik | time="2023-04-09T20:04:40Z" level=error msg="Unable to obtain ACME certificate for domains \"tgmjack.com\": unable to generate a certificate for the domains [tgmjack.com]: error: one or more domains had a problem:\n[tgmjack.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge\n" providerName=letsencrypt.acme ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" routerName=doom@docker rule="Host(`tgmjack.com`)"
....... skip a bit ....
traefik | time="2023-04-09T20:04:47Z" level=error msg="Unable to obtain ACME certificate for domains \"tgmjack.com\": unable to generate a certificate for the domains [tgmjack.com]: error: one or more domains had a problem:\n[tgmjack.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge\n" routerName=doom@docker rule="Host(`tgmjack.com`)" providerName=letsencrypt.acme ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory"
traefik | time="2023-04-09T20:04:48Z" level=error msg="Unable to obtain ACME certificate for domains \"tgmjack.com\": unable to generate a certificate for the domains [tgmjack.com]: error: one or more domains had a problem:\n[tgmjack.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge\n" ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=letsencrypt.acme routerName=doom@docker rule="Host(`tgmjack.com`)"
根据聊天 gpt
“似乎在为域“tgmjack.com”获取 ACME 证书时出现问题。错误消息表明在协商 tls-alpn-01 质询的 ALPN 协议“acme-tls/1”时出现问题,这是证书颁发过程的一部分。这可能是由于 ACME 提供商或域的 DNS 设置的配置问题造成的。有多个错误消息表明在获取证书时存在相同的问题,因此可能值得进一步调查问题的根本原因。”
但我似乎有我的证书。如此处的我的 cmd 行的一些输出所示。
ubuntu@ip-172-31-93-63:~/doom 7$ cd volumes
ubuntu@ip-172-31-93-63:~/doom 7/volumes$ dir
traefik
ubuntu@ip-172-31-93-63:~/doom 7/volumes$ cd traefik
ubuntu@ip-172-31-93-63:~/doom 7/volumes/traefik$ dir
acme logs
ubuntu@ip-172-31-93-63:~/doom 7/volumes/traefik$ cd acme
ubuntu@ip-172-31-93-63:~/doom 7/volumes/traefik/acme$ dir
acme.json
那么....根据上述内容,我有证书吗?
我从这里得到了我的docker-compose.yml的示例
https://greenfrognest.com/LMDSTraefikProxy.php
引导我使用以下
traefik:
image: traefik:latest
container_name: traefik
ports:
- 80:80
- 443:443
command:
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --certificatesresolvers.letsencrypt.acme.email=tgmjackcroc@gmail.com # replace with your email
- --certificatesresolvers.letsencrypt.acme.storage=acme/acme.json
- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
- --entryPoints.web.http.redirections.entryPoint.to=websecure
- --entryPoints.web.http.redirections.entryPoint.scheme=https
- --entryPoints.web.http.redirections.entrypoint.permanent=true
- --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./volumes/traefik/acme:/acme
- ./volumes/traefik/logs:/logs
doom:
build: ./doom_dj/doom
container_name: doom
labels:
- traefik.enable=true
- traefik.http.routers.doom.rule=Host(`tgmjack.com`)
- traefik.http.routers.doom.entrypoints=websecure
- traefik.http.routers.doom.tls.certresolver=letsencrypt
- traefik.http.services.doom.loadbalancer.server.port=80
以下是我在 cloudflare 上做过的一些事情的证据
- 我的 DNS 部分
- SSL 设置
- 边缘证书
- 我的规则部分
这里可能存在什么问题?我应该尝试什么?
我怎样才能更好地关注这个问题?用这样或那样的方式证明事情,这样我就可以开始排除一些东西了?