Certbot 无法独立进行身份验证：无效响应

跑步

sudo certbot certonly --standalone -d cimetrics.io --staple-ocsp -m [email protected] --agree-tos

产量

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: cimetrics.io
  Type:   unauthorized
  Detail: 15.197.142.173: Invalid response from http://cimetrics.io/.well-known/acme-challenge/HAOi6Kom9At9ywZ8UAUykre5WqkAg8dfYvl6tEIA388: 404

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

我的 Ubuntu ec2 实例失败。

我拥有来自

godaddy

的域名 cimetrics.io 并已将其转发到我位于

3.10.39.149

的 ec2 实例。

Ping IP 和域显示类似的结果

PS C:\Users\jonat> ping 3.10.39.149

Pinging 3.10.39.149 with 32 bytes of data:
Reply from 3.10.39.149: bytes=32 time=19ms TTL=49
Reply from 3.10.39.149: bytes=32 time=26ms TTL=49
Reply from 3.10.39.149: bytes=32 time=20ms TTL=49
Reply from 3.10.39.149: bytes=32 time=19ms TTL=49

Ping statistics for 3.10.39.149:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 26ms, Average = 21ms
PS C:\Users\jonat> ping cimetrics.io

Pinging cimetrics.io [3.33.152.147] with 32 bytes of data:
Reply from 3.33.152.147: bytes=32 time=34ms TTL=247
Reply from 3.33.152.147: bytes=32 time=32ms TTL=247
Reply from 3.33.152.147: bytes=32 time=30ms TTL=247
Reply from 3.33.152.147: bytes=32 time=36ms TTL=247

Ping statistics for 3.33.152.147:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 30ms, Maximum = 36ms, Average = 33ms
PS C:\Users\jonat>

我还可以使用

http://cimetrics.io/

和

http://3.10.39.149/

在我的 ec2 实例上查看 http 服务器的响应。

主机信息：

ubuntu@ip-172-31-11-236:~$ uname --a
Linux ip-172-31-11-236 6.2.0-1017-aws #17~22.04.1-Ubuntu SMP Fri Nov 17 21:07:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

当前 DNS 记录：

; Domain: cimetrics.io
; Exported (y-m-d hh:mm:ss): 2023-12-30 23:39:48
;
; This file is intended for use for informational and archival
; purposes ONLY and MUST be edited before use on a production
; DNS server.
;
; In particular, you must update the SOA record with the correct
; authoritative name server and contact e-mail address information,
; and add the correct NS records for the name servers which will
; be authoritative for this domain.
;
; For further information, please consult the BIND documentation
; located on the following website:
;
; http://www.isc.org/
;
; And RFC 1035:
;
; http://www.ietf.org/rfc/rfc1035.txt
;
; Please note that we do NOT offer technical support for any use
; of this zone data, the BIND name server, or any other third-
; party DNS software.
;
; Use at your own risk.


$ORIGIN cimetrics.io.

; SOA Record
@   3600     IN     SOA ns75.domaincontrol.com. dns.jomax.net. (
                    2023123000
                    28800
                    7200
                    604800
                    3600
                    ) 

; A Record
@   600  IN     A   15.197.142.173
@   600  IN     A   3.33.152.147

; NS Record
@   3600     IN     NS  ns75.domaincontrol.com.
@   3600     IN     NS  ns76.domaincontrol.com.

; CNAME Record
www 3600     IN     CNAME   @
_domainconnect  3600     IN     CNAME   _domainconnect.gd.domaincontrol.com.

我还在论坛上提出了这个问题https://community.letsencrypt.org/t/certbot-failed-to-authenticat-standalone-invalid-response/210924.