我正在尝试让 letsencrypt 自动更新与 haproxy 协同工作。
我收到错误:
尝试从 /etc/letsencrypt/renewal/api.example.com.conf 更新证书(api.example.com.nz)时出现意外错误:绑定到端口 54321 时出现问题:无法绑定到 IPv4 或 IPv6。跳过。
这是我的 haproxy:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
maxconn 2048
tune.ssl.default-dh-param 2048
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-yourweb-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:EC$
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
option forwardfor
option http-server-close
frontend localhost
bind *:80
mode http
reqadd X-Forwarded-Proto:\ http
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
use_backend web1 if { hdr(host) -i example.com }
use_backend web2 if { hdr(host) -i api.example.com }
use_backend web1 if { hdr(host) -i www.example.com }
frontend app_ssl
bind *:443 ssl crt /etc/haproxy/certs/api.example.com.pem
reqadd X-Forwarded-Proto:\ https
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
default_backend web2
backend letsencrypt-backend
server letsencrypt 127.0.0.1:54321
谁能告诉我为什么它没有进入后端?
这是在跳转盒上配置的,这与它有关系吗?
编辑
LISTEN 0 128 127.0.0.1:3006 *:* users:(("ssh",pid=7608,fd=5))
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 *:9081 *:*
LISTEN 0 128 *:9082 *:*
LISTEN 0 128 *:9083 *:*
LISTEN 0 128 *:443 *:*
LISTEN 0 128 ::1:3006 :::* users:(("ssh",pid=7608,fd=4))
LISTEN 0 128 :::80 :::*
LISTEN 0 5 :::54321 :::*
LISTEN 0 128 :::22 :::*
Certbot 正在监听该端口
ubuntu@jump-box:~$ sudo lsof -i :54321
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
certbot 3077 root 8u IPv6 301513579 0t0 TCP *:54321 (LISTEN)