Lets-Encrypt
Apache Let’s Encrypt Certbot Challenge 在 Linux 上失敗
我有一台執行 Apache Tomcat 的 Fedora 34 伺服器。我有 Let’s Encrypt 工作的證書。我用 certbot 安裝了它們(就像一個人一樣),一切都執行良好。現在,當我去更新我的證書時,我收到以下錯誤:
[root@app myname]# certbot Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 Requesting a certificate for example.com Performing the following challenges: http-01 challenge for example.com Waiting for verification... Challenge failed for domain example.com http-01 challenge for example.com Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: example.com Type: unauthorized Detail: Invalid response from http://example.com/.well-known/acme-challenge/bRtftQXeDygjye2u-1c2O1I63A2PoSPMNqclYAVivzg [ipv6address]: "html\r\nheadtitle404 Not Found/title/head\r\nbody\r\ncenterh1404 Not Found/h1/center\r\nhrcenteropenresty/cente" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address. [root@app myname]#
更多細節:我有一個從 Apache Web 伺服器到 Tomcat 工作的重定向(mod_rewrite)。在我的故障排除過程中,我暫時取消了它。
我們想通了!這是一個糟糕的 DNS AAAA (ipv6) 記錄。我們修復了這個問題,然後 certbot 成功執行!我們將 AAAA 記錄指向伺服器上 ifconfig 上顯示的 ipv6 地址。我不確定它最終是如何指向不同的地址的。