Ubuntu letsencrypt certbot超时错误_Ubuntu_Nginx_Amazon Ec2_Ssl Certificate_Lets Encrypt

Ubuntu letsencrypt certbot超时错误

ubuntu nginx amazon-ec2

Ubuntu letsencrypt certbot超时错误,ubuntu,nginx,amazon-ec2,ssl-certificate,lets-encrypt,Ubuntu,Nginx,Amazon Ec2,Ssl Certificate,Lets Encrypt,我在尝试运行命令时遇到了一个奇怪的letsencrypt错误 $ certbot certonly --standalone --email example@gmail.com --agree-tos -n -d trumporate.com,www.trumporate.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following

我在尝试运行命令时遇到了一个奇怪的letsencrypt错误

$ certbot certonly --standalone --email example@gmail.com --agree-tos -n -d trumporate.com,www.trumporate.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for trumporate.com
tls-sni-01 challenge for www.trumporate.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. trumporate.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout, www.trumporate.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: trumporate.com
   Type:   connection
   Detail: Timeout

   Domain: www.trumporate.com
   Type:   connection
   Detail: Timeout

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

现在，我已经使用

$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

这是我当前的nginx conf文件

$ cat /etc/nginx/sites-available/trumporate 
server {
    listen 80;
    server_name trumporate.com www.trumporate.com; 

    location / {
        include proxy_params;
        proxy_redirect off;
        proxy_pass http://127.0.0.1:5000;
    }
}

我不知道我哪里出错了。在我运行certbot的这个虚拟机上，

trumporate.com

应该可以解析吗

停止

nginx

并再次运行，给出了相同的错误

我已经通过route53注册了这个域名。它有两个A型记录指向ec2盒上的弹性IP。一个用于www版本，另一个不用于www版本，有4条NS记录和一条SOA记录，我认为在创建托管区域时默认存在这些记录

trumporate.com是否可以在我运行certbot的虚拟机上解析

听起来好像您没有在试图获取证书的ec2框上运行命令。这将是一个问题，因为

standalone

启动一个Web服务器，然后尝试使用您提供的域从外部攻击它。可以说，这“证明”了你拥有这个域名。您需要从ec2框中运行该命令，并且需要打开它通过安全组运行到世界的端口。您可以使用

--tls-sni-01-port

指定tls sni端口（出现故障的端口），但默认情况下它位于443，因此您可能只需要打开端口443

您还提到您正在使用route53，因此您可以使用route53验证器。它的优点是可以在任何地方工作，您只需要在运行它的计算机上设置访问密钥/密码

certbot certonly --dns-route53 --domains trumporate.com,www.trumporate.com

此类问题的一个选项是对域上著名的文件夹的访问中断。例如，.htaccess将所有查询重定向到index.php..

我必须打开端口443的部分不清楚（文档中没有给出，或者可能我错过了）。哦。那么，其模块中的标志route53是新模块吗？