Certbot 获取 ssl 证书 HAproxy
[英]Certbot get ssl certificate HAproxy
问题描述
I'm new to networking and I need to add an SSL certificate to my load balancer.
我是网络新手,我需要将 SSL 证书添加到我的负载均衡器。 For that, I'm using Certbot.为此,我正在使用 Certbot。
Instructions: https://certbot.eff.org/instructions?ws=haproxy&os=ubuntufocal说明: https://certbot.eff.org/instructions?ws=haproxy&os=ubuntufocal
Basically it says to login to the server using SSH and then install certbot基本上它说使用 SSH 登录到服务器,然后安装 certbot
Then, to run this command然后,运行这个命令
sudo certbot certonly --standalone
It tells me to temporarily stop my web server to get the certificate, so I ran:它告诉我暂时停止我的 web 服务器以获取证书,所以我运行:
sudo service ssh stop
After running the certbot command I get the following error:运行 certbot 命令后,出现以下错误:
Could not bind TCP port 80 because it is already in use by another process on
this system (such as a web server). Please stop the program in question and then
try again.
So I ran:所以我跑了:
sudo netstat -tulpn | grep :80
Output: Output:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 59283/nginx: master
tcp6 0 0 :::80 :::* LISTEN 59283/nginx: master
Now, If I stop the nginx service with "sudo service nginx stop" and run the above command again I don't get any services listening in port 80. So I retry the Certbot command once more:现在,如果我使用“sudo service nginx stop”停止 nginx 服务并再次运行上述命令,我没有得到任何服务在端口 80 中侦听。所以我再次重试 Certbot 命令:
sudo certbot certonly --standalone
I get the following error:我收到以下错误:
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: totaldomainoftheworldclub.tech
Type: dns
Detail: no valid A records found for totaldomainoftheworldclub.tech; no valid AAAA records found for totaldomainoftheworldclub.tech
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
And that's it, I don't know what else to do.就是这样,我不知道还能做什么。
1 个解决方案
解决方案1
0 2022-01-20 21:27:25
If you have trouble with normal validation, you can try using DNS challenge如果您无法正常验证,可以尝试使用DNS 挑战
Please note, that for DNS challenges, the following DNS providers are supported: cloudflare, cloudxns, digitalocean, dnsimple, dnsmadeeasy, gehirn, google, linode, luadns, nsone, ovh, rfc2136, route53, sakuracloud.请注意,对于 DNS 挑战,支持以下 DNS 提供程序:cloudflare、cloudxns、digitalocean、dnsimple、dnsmadeeasy、gehirn、google、linode、luadns、cloud nsone、ovh、rfc2136、route5。
You can check how to use DNS challenges and what additional configuration it requires in the certbot docs .您可以在certbot 文档中查看如何使用 DNS 挑战以及它需要哪些额外配置。 But basically, you will need to create some kind API key in your domain DNS server and then provide it to certbot.但基本上,您需要在域 DNS 服务器中创建某种 API 密钥,然后将其提供给 certbot。 Then when validating it will automatically add a new DNS record using API for validation purposes.然后在验证时它将自动添加一个新的 DNS 记录,使用 API 进行验证。
You can also run DNS challenges in different machines or even in Google Function or AWS lambda .您还可以在不同的机器上运行 DNS 挑战,甚至在Google Function或AWS lambda中运行。 Check certbot-lambda for example.例如,检查certbot-lambda 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.