服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 不能在ubuntu 14服务器上运行certbot进行encryption
Intereting Posts
VLAN和数据包标记 在debian服务器上安装pgadmin Windows,Apache和MSSQL身份validation 只允许在LAN-> DMZ方向上build立连接是一个好主意吗? 一些像感官度量接力的Icinga 2012 R2存储空间,这个实现有什么明显的问题吗? OpenVPN的pfSense,可以ping但没有别的 501错误使用PUT与IIS 无法SSH进入EC2实例 Ubuntu上的Vim类似CentOS的configuration 通过使用两个eth接口的交换机进行专用DHCP? 查看DHCP服务器租约 Supermicro IPMI远程控制台安全级别降低 如何configurationWeb.Config文件以允许自定义404处理,同时仍显示页面500错误详细信息? SSHconfiguration文件没有被应用

不能在ubuntu 14服务器上运行certbot进行encryption

我已经让我们在一个Ubuntu服务器上encryption(python v2.7.6),但它不再运行抱怨,我正在使用一个旧的客户端。 我下载了ubuntu 14的certbot客户端,但是当我运行下面的命令,我得到了下面的错误复制 – 任何想法如何进一步排除故障: 

./certbot-auto certonly --text --webroot -w /usr/share/nginx/html -d actualurl.com --keep-until-expiring --expand --agree-tos --email [email protected] 2016-07-31 20:50:48,178:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f45863102d0> and installer None 2016-07-31 20:50:48,350:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory284. args: (), kwargs: {} 2016-07-31 20:50:48,354:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org 2016-07-31 20:50:48,803:DEBUG:requests.packages.urllib3.connectionpool:"GET /directory284 HTTP/1.1" 404 19 2016-07-31 20:50:48,805:DEBUG:root:Received <Response [404]>. Headers: {'Content-Length': '19', 'X-Content-Type-Options': 'nosniff', 'Boulder-Re quest-Id': 'gH76WSwBJgzedpyjF8X3TAVVYz0-TLkaiNGTjQa3Weg', 'Expires': 'Sun, 31 Jul 2016 20:50:48 GMT', 'Server': 'nginx', 'Connection': 'keep-ali ve', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 31 Jul 2016 20:50:48 GMT', 'Content-Type': 'text/plai n; charset=utf-8'}. Content: '404 page not found\n' 2016-07-31 20:50:48,805:DEBUG:acme.client:Received response <Response [404]> (headers: {'Content-Length': '19', 'X-Content-Type-Options': 'nosni ff', 'Boulder-Request-Id': 'gH76WSwBJgzedpyjF8X3TAVVYz0-TLkaiNGTjQa3Weg', 'Expires': 'Sun, 31 Jul 2016 20:50:48 GMT', 'Server': 'nginx', 'Connec tion': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Date': 'Sun, 31 Jul 2016 20:50:48 GMT', 'Content-T ype': 'text/plain; charset=utf-8'}): '404 page not found\n' 2016-07-31 20:50:48,806:DEBUG:certbot.main:Exiting abnormally: Traceback (most recent call last): File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module> sys.exit(main()) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 744, in main return config.func(config, plugins) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 550, in obtain_cert le_client = _init_le_client(config, auth, installer) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 360, in _init_le_client acc, acme = _determine_account(config) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 345, in _determine_account config, account_storage, tos_cb=_tos_cb) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 118, in register acme = acme_from_config_key(config, key) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 42, in acme_from_config_key return acme_client.Client(config.server, key=key, net=net) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 63, in __init__ self.net.get(directory).json()) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 631, in get self._send_request('GET', url, **kwargs), content_type=content_type) File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/client.py", line 578, in _check_response raise errors.ClientError(response) ClientError: <Response [404]>

我也用certonly运行certbot-auto,但是我得到了同样的错误。

对话版本 

 Version: 1.2-20130928

lsb_release -a 

 Distributor ID: Ubuntu Description: Ubuntu 14.04.3 LTS Release: 14.04 Codename: trusty

我使用下载certbot 

 wget https://dl.eff.org/certbot-auto

另外,nginx进程正在运行,还有更老的让我们encryption证书。 我已经尝试删除,重新启动nginx,但我仍然得到相同的错误。 我正在端口80上运行HA代理并redirect到Nginx。

我有以下安装的certbot插件: 

 * apache Description: Apache Web Server - Alpha Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: apache = certbot_apache.configurator:ApacheConfigurator * webroot Description: Place files in webroot directory Interfaces: IAuthenticator, IPlugin Entry point: webroot = certbot.plugins.webroot:Authenticator * standalone Description: Automatically use a temporary webserver Interfaces: IAuthenticator, IPlugin Entry point: standalone = certbot.plugins.standalone:Authenticator

由于我不喜欢停止networking服务器(出于很多原因)或任何前置处理器(HAProxy,Varnish等),我一直在利用最新版本的certbot-autopre-hookpost-hook选项: 

 certbot-auto certonly --standalone --preferred-challenges tls-sni-01 --tls-sni-01-port 44033 \ --pre-hook "iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 44033" \ --post-hook "iptables -t nat -D PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 44033"

如果我运行该命令会发生什么是:

  1. certbot-auto检查所有的证书是否需要更新
  2. 如果任何证书需要更新,它会执行pre-hook :从端口443(web服务器正在侦听的端口)创build一个redirect到端口44033(一个certbot-auto正在侦听)
  3. 更新完成后,执行post-hook :删除步骤2中创build的redirect。

有很多好处:

  • 如前所述,我不必停止当前正在侦听端口443(或80)的任何进程,
  • 此外,我不必更改networking服务器的任何configuration…并记住恢复更改后
  • 它包含在一个文件中。 我现在在/etc/cron.daily里面有以下脚本:

letsencrypt-renew.sh 

 #!/bin/bash Redir() { echo "iptables -t nat $1 PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 44033" } certbot-auto renew --standalone \ --preferred-challenges tls-sni-01 --tls-sni-01-port 44033 \ --pre-hook "$(Redir -I)" \ --post-hook "$(Redir -D)"

(请注意,只需用certonlyreplacerenew ,也可以使用此脚本来执行证书的初始请求。用${1:-renew}replacerenew以允许将该操作指定为脚本的arg。

我遵循这个链接的步骤,它为我工作(能够获得证书)。 

 https://github.com/eustasy/certbot-with-nginx

步骤中唯一缺less的是确保将nginx.welll-known.conf文件复制到/ etc / nginx目录中(或者简单地创build一个链接)。 我正在使用nginx来提供内容(我closuresHA端口80上的HA代理以确保此设置工作)。