如何使用certbot修复错误设置SSL?

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了如何使用certbot修复错误设置SSL?相关的知识,希望对你有一定的参考价值。

我尝试使用Kubuntu 18在Digital Ocean下为我的php / laravel应用程序设置ssl,如本文所述https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04

但是我在尝试使用certbot获取免费的SSL证书时遇到错误:

# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
Apache Full                ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                                                                                                                                                                        
Apache Full (v6)           ALLOW       Anywhere (v6)                                                                                                                                                                   
443 (v6)                   ALLOW       Anywhere (v6)                                                                                                                                                                   
80 (v6)                    ALLOW       Anywhere (v6)                                                                                                                                                                   
22/tcp (v6)                ALLOW       Anywhere (v6)                                                                                                                                                                   

# sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk -d www.products-catalog.nilov-sergey-demo-apps.tk                                                                              
Saving debug log to /var/log/letsencrypt/letsencrypt.log                                                                                                                                                               
Plugins selected: Authenticator apache, Installer apache                                                                                                                                                               
Obtaining a new certificate                                                                                                                                                                                            
Performing the following challenges:
http-01 challenge for products-catalog.nilov-sergey-demo-apps.tk
http-01 challenge for www.products-catalog.nilov-sergey-demo-apps.tk
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.products-catalog.nilov-sergey-demo-apps.tk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.products-catalog.nilov-sergey-demo-apps.tk

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.products-catalog.nilov-sergey-demo-apps.tk
   Type:   None
   Detail: DNS problem: NXDOMAIN looking up A for
   www.products-catalog.nilov-sergey-demo-apps.tk

products-catalog.nilov-sergey-demo-apps.tk - 这是我在freenom.com上搜索的域名并搜索我发现需要为www子域添加A记录的提示

我试图添加新记录为https://imgur.com/a/ijFxlzN但是试图submit这个页面我得到了:

• Error occured: Invalid value in dnsrecord

怎么了 ?新纪录可以解决我的问题吗?或者我需要以其他方式移动?

apache中的更新#2配置是:

 <VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/lprods/public    
    ServerName products-catalog.nilov-sergey-demo-apps.tk
    ServerAlias products-catalog.nilov-sergey-demo-apps.tk

    <Directory /var/www/html/lprods/public>
      AllowOverride All
      Order Deny,Allow
      Allow from all
      Require all granted
    </Directory>

    Options FollowSymLinks
    DirectoryIndex index.php

    ErrorLog /var/www/html/lprods/storage/logs/error.log
    CustomLog /var/www/html/lprods/storage/logs/access.log combined
</VirtualHost>

在/ etc / hosts中使用行

138.68.107.5  products-catalog.nilov-sergey-demo-apps.tk

它可以解决我的问题吗?

更新#3我做了一些更多的评论,然后发现:

我的服务器的IP是138.68.107.4,在ssh下我进入OS的控制台

ssh root@138.68.107.4

但在我的/ etc / hosts文件中,我有下一行指向此服务器上的其他主机:

# 127.0.0.1 localhost
127.0.0.1 localhost.localdomain localhost
138.68.107.4  box.example.com box

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

138.68.107.4  votes.nilov-sergey-demo-apps.tk
138.68.107.5  products-catalog.nilov-sergey-demo-apps.tk
138.68.107.6  csvp.nilov-sergey-demo-apps.tk
...

我将最后3行修改为:

138.68.107.4  votes.nilov-sergey-demo-apps.tk
138.68.107.4  products-catalog.nilov-sergey-demo-apps.tk
138.68.107.4  csvp.nilov-sergey-demo-apps.tk

但我仍然不确定这是否是有效值,因为我再次出现下一个错误:

# sudo certbot --apache -d products-catalog.nilov-sergey-demo-apps.tk -d www.products-catalog.nilov-sergey-demo-apps.tk 
Saving debug log to /var/log/letsencrypt/letsencrypt.log 
Plugins selected: Authenticator apache, Installer apache 
Obtaining a new certificate 
Performing the following challenges: 
http-01 challenge for products-catalog.nilov-sergey-demo-apps.tk 
http-01 challenge for www.products-catalog.nilov-sergey-demo-apps.tk 
Waiting for verification... 
Cleaning up challenges 
Failed authorization procedure. www.products-catalog.nilov-sergey-demo-apps.tk (http-01): urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up 
A for www.products-catalog.nilov-sergey-demo-apps.tk 

IMPORTANT NOTES: 
 - The following errors were reported by the server: 

   Domain: www.products-catalog.nilov-sergey-demo-apps.tk 
   Type:   None 
   Detail: DNS problem: NXDOMAIN looking up A for 
   www.products-catalog.nilov-sergey-demo-apps.tk

这个错误的原因是/ etc / hosts中的错误IP还是其他一些问题?

谢谢!

以上是关于如何使用certbot修复错误设置SSL?的主要内容,如果未能解决你的问题,请参考以下文章

如何使用 certbot 为没有域名的网站创建 SSL? [复制]

在 xampp Apache Ubuntu 上设置 Certbot

使用 certbot 自动更新 ssl 证书

iRedMail SSL 使用 Lets Encrypt certbot-auto

使用certbot 生成 Let‘s Encrypt 泛域名ssl证书

Spring Boot 和单实例 AWS Beanstalk SSL 设置错误