無法在 ubuntu 14 伺服器上執行 certbot 進行加密

我已經讓我們在 ubuntu 伺服器（python v2.7.6）上進行加密，但它不再執行抱怨我使用的是舊客戶端。我下載了 ubuntu 14 的 certbot 客戶端，但是當我執行以下命令時，我收到下面複製的錯誤 - 關於如何進一步解決此問題的任何想法：

./certbot-auto certonly --text --webroot -w /usr/share/nginx/html -d actualurl.com --keep-until-expiring --expand --agree-tos --email replaced@gmail.com


2016-07-31 20:50:48,178:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f45863102d0> 
and installer None
2016-07-31 20:50:48,350:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory284. args: (), kwargs: {}
2016-07-31 20:50:48,354:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-07-31 20:50:48,803:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory284 HTTP/1.1" 404 19
2016-07-31 20:50:48,805:DEBUG:root:Received <Response [404]>. Headers: {'Content-Length': '19', 'X-Content-Type-Options': 'nosniff', 'Boulder-Re
quest-Id': 'gH76WSwBJgzedpyjF8X3TAVVYz0-TLkaiNGTjQa3Weg', 'Expires': 'Sun, 31 Jul 2016 20:50:48 GMT', 'Server': 'nginx', 'Connection': 'keep-ali
ve', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 31 Jul 2016 20:50:48 GMT', 'Content-Type': 'text/plai
n; charset=utf-8'}. Content: '404 page not found\n'
2016-07-31 20:50:48,805:DEBUG:acme.client:Received response <Response [404]> (headers: {'Content-Length': '19', 'X-Content-Type-Options': 'nosni
ff', 'Boulder-Request-Id': 'gH76WSwBJgzedpyjF8X3TAVVYz0-TLkaiNGTjQa3Weg', 'Expires': 'Sun, 31 Jul 2016 20:50:48 GMT', 'Server': 'nginx', 'Connec
tion': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 31 Jul 2016 20:50:48 GMT', 'Content-T
ype': 'text/plain; charset=utf-8'}): '404 page not found\n'
2016-07-31 20:50:48,806:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
 File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
   sys.exit(main())
 File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 744, in main
   return config.func(config, plugins)
 File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 550, in obtain_cert
   le_client = _init_le_client(config, auth, installer)
 File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 360, in _init_le_client
   acc, acme = _determine_account(config)
 File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 345, in _determine_account
   config, account_storage, tos_cb=_tos_cb)
 File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 118, in register
   acme = acme_from_config_key(config, key)
 File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 42, in acme_from_config_key
   return acme_client.Client(config.server, key=key, net=net)
 File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 63, in __init__
   self.net.get(directory).json())
 File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 631, in get
   self._send_request('GET', url, **kwargs), content_type=content_type)
 File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 578, in _check_response
   raise errors.ClientError(response)
ClientError: <Response [404]>

我也用 certonly 執行了 certbot-auto，但我得到了同樣的錯誤。

對話版

Version: 1.2-20130928

lsb_release -a

Distributor ID: Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:    14.04
Codename:   trusty

我下載了 certbot 使用

wget https://dl.eff.org/certbot-auto

此外，nginx 程序正在執行，並且仍然擁有較舊的 let 加密證書。從那以後，我嘗試刪除它並重新啟動 nginx，但我仍然遇到同樣的錯誤。我在埠 80 上執行 HA 代理並重定向到 Nginx。

我安裝了以下 certbot 外掛：

* apache
Description: Apache Web Server - Alpha
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator

* webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator

* standalone
Description: Automatically use a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot.plugins.standalone:Authenticator

我按照此連結上的步驟操作，它對我有用（能夠獲得證書）。

https://github.com/eustasy/certbot-with-nginx

步驟中唯一缺少的是確保我們將 nginx.welll-known.conf 文件複製到 /etc/nginx 目錄中（或者只是創建一個連結）。我正在使用 nginx 來提供內容（我關閉了在埠 80 上偵聽的 HA 代理以確保此設置有效）。

由於我不喜歡停止網路伺服器（出於多種原因）或它前面的任何預處理器（HAProxy、Varnish 等），我一直以這種方式利用最新版本的certbot-auto’spre-hook和post-hook選項：

certbot-auto certonly --standalone --preferred-challenges tls-sni-01 --tls-sni-01-port 44033 \
 --pre-hook  "iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 44033" \
 --post-hook "iptables -t nat -D PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 44033"

如果我執行該命令會發生什麼：

1. certbot-auto檢查是否所有證書都需要續訂
2. 如果任何證書需要更新，它會執行pre-hook：創建從埠 443（網路伺服器正在偵聽的埠）到埠 44033（certbot-auto正在偵聽的埠）的重定向
3. 續訂完成後，執行post-hook：刪除步驟2中創建的重定向。

有很多好處：

• 如前所述，我不必停止目前偵聽埠 443（或 80）的任何程序
• 此外，我不必更改網路伺服器的任何配置……並且記得在之後恢復更改
• 它自包含在一個文件中。我現在有以下腳本/etc/cron.daily：

letsencrypt-renew.sh

#!/bin/bash
Redir() {
   echo "iptables -t nat $1 PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 44033"
}
certbot-auto renew --standalone \
   --preferred-challenges tls-sni-01 --tls-sni-01-port 44033 \
   --pre-hook "$(Redir -I)" \
   --post-hook "$(Redir -D)"

（請注意，通過簡單地替換renew為certonly，您還可以使用此腳本執行證書的初始請求。替換renew為${1:-renew}允許將操作指定為腳本的 arg。）

引用自：https://serverfault.com/questions/793025