简体繁体 English

AWS lightSail 在通过letsEncrypt 获取SSL 证书时出现问题

[英]AWS lightSail having issue while getting SSL certificate through letsEncrypt

原文 2022-04-04 02:31:16 8 3 linux/ wordpress/ amazon-web-services/ lets-encrypt/ amazon-lightsail

I am running aws lightsail, wordpress site.我正在运行 aws lightsail，wordpress 站点。 I am trying to get ssl certificate from LetsEncrypt using bncert-tool.我正在尝试使用 bncert-tool 从 LetsEncrypt 获取 ssl 证书。 I am getting the following error.我收到以下错误。 '54.253.145.89' is a static IP that i have attached with my lightsail instance. '54.253.145.89' 是一个 static IP，我附在我的 lightsail 实例中。

Warning: The domain 'telequip.net' resolves to a different IP address than the one detected for this machine, which is '54.253.145.89'. Please fix its DNS entries or remove it. For more info see: https://docs.bitnami.com/general/faq/configuration/configure-custom-domain/

I have tried the validation method to fix it /opt/bitnami/bncert-tool --perform_public_ip_validation 0 --perform_dns_validation 0 .我已经尝试过验证方法来修复它/opt/bitnami/bncert-tool --perform_public_ip_validation 0 --perform_dns_validation 0 。 But this time I am getting "error: 400; Timeout during connect".但是这次我收到“错误：400；连接期间超时”。 I have checked all the security setting but I am unable to resolve it.我已经检查了所有的安全设置，但我无法解决它。

[telequip.net] acme: error: 400:: urn:ietf:params:acme:error:connection:: Timeout during connect (likely firewall problem) 102 [www.telequip.net] acme: error: 400:: urn:ietf:params:acme:error:connection:: Timeout during connect (likely firewall problem)

Moreover, I have also tried disabling IPv6 but I still getting the same error.此外，我还尝试禁用 IPv6，但仍然遇到相同的错误。

3 个解决方案

Your first error usually happens if you have IPv6 enabled on your lightsail instance.如果您在 lightsail 实例上启用了 IPv6，通常会发生第一个错误。 The Bncert tool doesn't properly support IPv6 when issuing certificates. Bncert 工具在颁发证书时不能正确支持 IPv6。

You can disable IPv6 by following these steps:您可以按照以下步骤禁用 IPv6：

From your Lightsail dashboard, click on the instance you're having issues with在您的 Lightsail 仪表板中，单击您遇到问题的实例
Choose "Networking"选择“网络”
Scroll down to IPv6 and switch the toggle to off (x)向下滚动到 IPv6 并将切换开关切换到关闭 (x)

You will receive a pop up warning that disabling IPv6 will release the address back into the pool.您将收到一条弹出警告，指出禁用 IPv6 会将地址释放回池中。 You must accept and agree with this happening if you want to use the Bncert tool on your Lightsail instance.如果您想在 Lightsail 实例上使用 Bncert 工具，您必须接受并同意这种情况。

AFAIK the only way to support SSL on IPv6 would be to purchase a certificate elsewhere and install it manually. AFAIK 在 IPv6 上支持 SSL 的唯一方法是在其他地方购买证书并手动安装。

you need A record for this VM:您需要此 VM 的记录：

add static IP on https://lightsail.aws.amazon.com/在https://lightsail.aws.amazon.com/ 上添加 static IP
go to aws route53 and add A record to IP by subdomin, for example: www.mydomin.com A Simple XX.XXX.XXX.XXX go 到 aws route53 并通过 subdomin 将 A 记录添加到 IP，例如： www.mydomin.com A Simple XX.XXX.XXX.XXX
go to Lightsail SSH and run: sudo /opt/bitnami/bncert-tool go 到 Lightsail SSH 并运行： sudo /opt/bitnami/bncert-tool

I came across this same issue and found this post, among others.我遇到了同样的问题，发现了这篇文章等等。 What worked for me was to disable IPv6, as suggested by others.正如其他人所建议的那样，对我有用的是禁用 IPv6。 Also, you must make sure the associated AAAA record for the IPv6 address is deleted.此外，您必须确保删除 IPv6 地址的关联 AAAA 记录。 After this, you can successfully run bncert-tool.在此之后，您可以成功运行 bncert-tool。 Once the certificate has been created and enabled, you can go back and reenable IPv6 and add the AAAA record, making sure the correct IPv6 address is used, as it may be different now.创建并启用证书后，您可以返回 go 并重新启用 IPv6 并添加 AAAA 记录，确保使用正确的 IPv6 地址，因为它现在可能不同。