我当前正在使用以下命令以脚本方式生成证书请求:
certbot certonly --standalone --preferred-challenges http --http-01-port 44344 -d my-domain-name.com
我一直在尝试使用相同的标志进行续订:
certbot renew --standalone --preferred-challenges http --http-01-port 44344
但是我收到以下答复:
Domain: www.my-domain-name.com
Type: unauthorized
Detail: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.my-domain-name.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>"
Calling registered functions
Cleaning up challenges
Stopping server at :::54345...
Attempting to renew cert (my-domain-name.com) from /etc/letsencrypt/renewal/my-domain-name.com.conf produced an unexpected error: Failed authorization procedure. www.my-domain-name.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>". Skipping.
Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 452, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1193, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 310, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.my-domain-name.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.my-domain-name.com/.well-known/acme-challenge/A0l5Fi3a3CKSWOnYCeZqpz9cW8k4ndEJSseCoPDKFP8 [2600:3c00::46:7001]: "<!DOCTYPE html>\n<html lang=\"en-US\">\n<head>\n\t<meta charset=\"UTF-8\">\n\t<link rel=\"profile\" href=\"https://gmpg.org/xfn/11\">\n\t<title>"
似乎可能忽略了续订请求上的该端口。对如何进行续约有任何想法吗?
谢谢您!
我最终只是每月运行一次此命令,以确保我的证书保持更新:
certbot renew --force-renewal --tls-sni-01-port=44344