Failure of certbot obtaining digital certificate

title: certbot getting digital certificate invalidation
author: Narule
date: 2021-02-18 10:45:00 +0800
categories: [Technology ^ technology, tools & programs ^ program tools]
tags: [writing, docker, certbot, ssl]

Failure of certbot obtaining digital certificate

digital certificate

Digital certificate is the proof that a website domain name uses secure encryption in communication

Digital certificates provide encryption for website data interaction to ensure the confidentiality and security of communication. Digital certificates are not created at will. Generally, digital certificates need to be provided by organizations or teams with more credibility to be recognized.
When an individual creates a certificate, it takes more time and cost for others to understand you before they believe you. Similar to the digital certificate provided by Alibaba (a more public team), more people are easy to trust and recognize.

certbot

certbot is a website https free certificate tool. You can apply for the certificate of your own domain name to ensure the communication security between the client and the website

certbot failed to obtain digital certificate

certbot --nginx failed to get certificate

[root@ip-172-31-36-22 ~]# certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2: narule.net
3: www.narule.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2
Requesting a certificate for narule.net
Performing the following challenges:
http-01 challenge for narule.net
Waiting for verification...
Challenge failed for domain narule.net
http-01 challenge for narule.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: narule.net
   Type:   connection
   Detail: Fetching
   http://narule.net/.well-known/acme-challenge/ghMvWhw-3tOEmI7d5zNZGuQ:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

This problem is very tricky. At first, I thought that nginx needed to be closed. In the past, the automatic renewal of digital certificate was unsuccessful because nginx was not closed, so it could be closed successfully, but this time it couldn't do anything. Finally, through the log, it was found that port 80 can't go in from the external network at all, but can only be accessed from the internal network. There was a problem with port 80.

reason

Finally, when I learned to use docker container recently, I stopped nginx and used docker to occupy port 80 of nginx. Although docker is no longer running and port 80 is idle, the environment of Linux centos7 has not changed much. It is speculated that it may be related to the installation of docker, or what resources are occupied by the installation of docker

resolvent

Uninstall docker

sudo yum remove docker-ce docker-ce-cli containerd.io

sudo rm -rf /var/lib/docker

certbot --nginx

After uninstalling docker according to the above two steps, try to run certbot --nginx to obtain the digital certificate successfully!

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://narule.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/narule.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/narule.net/privkey.pem
   Your certificate will expire on 2021-05-19. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again with the "certonly" option. To non-interactively
   renew *all* of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Posted by funsutton on Mon, 18 Apr 2022 10:22:40 +0930

Popular Tags

©2023 Programs Wiki