尝试使用certbox获取SSL证书,但命令sudo certbot--apache在ec2实例上失败
,这是我在尝试运行尝试使用certbox获取SSL证书,但命令sudo certbot--apache在ec2实例上失败,apache,amazon-ec2,ssl-certificate,lets-encrypt,certbot,Apache,Amazon Ec2,Ssl Certificate,Lets Encrypt,Certbot,,这是我在尝试运行sudocertbot--apache 我通过ssh访问了我的EC2实例,并成功地运行了本说明第2节和第3节中的所有命令,但现在第4节中的这个命令失败了。以下是输出: bitnami@ip-172-31-82-209:~/apps/InterSportsGraphs$ sudo certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authentic
sudocertbot--apache
我通过ssh访问了我的EC2实例,并成功地运行了本说明第2节和第3节中的所有命令,但现在第4节中的这个命令失败了。以下是输出:
bitnami@ip-172-31-82-209:~/apps/InterSportsGraphs$ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter 'c' to cancel): bigleaguegraphs.com www.bigleaguegraphs.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bigleaguegraphs.com
http-01 challenge for www.bigleaguegraphs.com
Enabled Apache rewrite module
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Unable to restart apache using ['apache2ctl', 'graceful']
Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Unable to restart apache using ['apache2ctl', 'graceful']
Encountered exception during recovery:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2185, in _reload
util.run_script(self.option("restart_cmd"))
File "/usr/lib/python3/dist-packages/certbot/util.py", line 86, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 75, in handle_authorizations
resp = self._solve_challenges(aauthzrs)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 139, in _solve_challenges
resp = self.auth.perform(all_achalls)
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2287, in perform
self.restart()
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2175, in restart
self._reload()
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2203, in _reload
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2185, in _reload
util.run_script(self.option("restart_cmd"))
File "/usr/lib/python3/dist-packages/certbot/util.py", line 86, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/error_handler.py", line 108, in _call_registered
self.funcs[-1]()
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 323, in _cleanup_challenges
self.auth.cleanup(achalls)
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2312, in cleanup
self.restart()
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2175, in restart
self._reload()
File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 2203, in _reload
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
在整个错误过程中出现的错误消息的内容如下:
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
任何关于我如何调试它以获得我的网站的SSL证书的指导都将非常好,谢谢!我不是一个网络人,但需要做到这一点,以确保我的网站。请让我知道,如果我可以分享任何addt'l信息,将有助于这一点,或者我应该如何着手解决这一问题的一般。谢谢
编辑:我曾经测试过我的域名bigleaguegraphs.com,但也不太了解这里的输出
编辑2:以下是其他帖子的两个链接:
…看起来他们可能和我的帖子有关 从您发布的日志输出和评论中,我们知道您的网站是由node.js而不是Apache提供服务的。 这意味着您只有三个选择:
--Apache
标志检索证书。通常,这将涉及使用带有certonly--webroot
选项的certbot,您需要修改node.js服务器(只需一点点),以便实际使用检索到的证书,并侦听SSL/TLS连接的其他端口。这种方法的一个很好的起点可能是这篇针对node.js和express.js的文章(而express.js是目前node.js最流行的HTTP服务器包,因此您的网站很可能也使用它,或者至少是一个非常类似的包):如果您有一个或少数站点希望获得证书,我建议您采用这种方法
--Apache
标志)或任何其他服务器(带有certonly--webroot
选项)提供质询响应,还可以通过DNS提供这些响应。这也适用于certonly
选项(您还需要修改node.js,以便像以前的方法一样实际使用证书),但它有点复杂,需要额外的选项,这些选项可能因DNS提供商而异。您可以在上找到流行DNS提供商的文档概述如果你有更多的网站,如果你想要通配符证书(专业提示:每个DNS提供商都有现成的docker镜像:),我绝对推荐这种方法
您正试图使用
--apache
标志运行certbot,但apache无法在计算机上运行(原因是您已经找到的最后一个日志输出)。这让我想知道,当apache无法运行时,您的网站也不能在线?--apache
标志用于apache服务器向外部世界提供网站服务的用例。然而,您的网站似乎有其他服务,可能来自另一个地方,这是什么/在哪里?谢谢@JeyDWork-我使用永久部署我的网站。几乎我在ec2实例上运行的唯一命令(除了cd
)是sudoforever stopall
停止网站,gitpull
获取网站的最新代码,然后如果需要,我在ec2实例上安装新包,然后sudo NODE\u ENV=prod forever start index.js
重新部署网站。好的,因此它是由NODE.js而不是apache提供服务的。这意味着使用certbot--apache
,您完全走错了方向。您可能只需要使用apache获取证书就可以让apache工作,但这会很麻烦,然后您仍然需要将证书集成到node.js中(取决于您在这里使用的可能是express.js)。所以我推荐另一种certbot方法。要么基于DNS(请参阅),要么直接与node.js/express.js(第一次谷歌点击:)一起工作。@JeyDWork将所有这些结合到一个答案中,而不是一条评论,我会给你奖金。非常有用的东西,谢谢。当我试图实施你的建议时,我会给出更详细的答复。到期前没有分配赏金,所以我创建了一个新的赏金,并将在允许时分配!如果您选择了特定的方法并有其他问题,请告诉我。目前很难回答更详细的问题,因为每种方法都有很多可能性,而且还有一些未知的事实。如果您选择2或3,我建议您可能会遇到如何集成证书的问题。因此,我们需要知道您当前的node.js网站是否使用express.js。查找require('express')
。如果它不在那里,您的项目就不使用它,在这种情况下,请查找require('http')
。这些可能会指示集成证书的位置。