Lets-Encrypt

Apache Let’s Encrypt Certbot Challenge 在 Linux 上失敗

  • September 27, 2021

我有一台執行 Apache Tomcat 的 Fedora 34 伺服器。我有 Let’s Encrypt 工作的證書。我用 certbot 安裝了它們(就像一個人一樣),一切都執行良好。現在,當我去更新我的證書時,我收到以下錯誤:

[root@app myname]# certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for example.com
Performing the following challenges:
http-01 challenge for example.com
Waiting for verification...
Challenge failed for domain example.com
http-01 challenge for example.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
- The following errors were reported by the server:

  Domain: example.com
  Type:   unauthorized
  Detail: Invalid response from
  http://example.com/.well-known/acme-challenge/bRtftQXeDygjye2u-1c2O1I63A2PoSPMNqclYAVivzg
  [ipv6address]: "html\r\nheadtitle404 Not
  Found/title/head\r\nbody\r\ncenterh1404 Not
  Found/h1/center\r\nhrcenteropenresty/cente"

  To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
[root@app myname]#

更多細節:我有一個從 Apache Web 伺服器到 Tomcat 工作的重定向(mod_rewrite)。在我的故障排除過程中,我暫時取消了它。

我們想通了!這是一個糟糕的 DNS AAAA (ipv6) 記錄。我們修復了這個問題,然後 certbot 成功執行!我們將 AAAA 記錄指向伺服器上 ifconfig 上顯示的 ipv6 地址。我不確定它最終是如何指向不同的地址的。

引用自:https://serverfault.com/questions/1078648