certbot 獲取數字證書失效問題

---

title: certbot 獲取數字證書失效問題
author: Narule
date: 2021-02-18 10:45:00 +0800
categories: [Technology^技術, Tools&Programs^程序工具]
tags: [writing, docker, certbot, ssl]

certbot 獲取數字證書失效問題

數字證書

數字證書就是一個網站域名在通訊時使用了安全加密的證實

數字證書爲網站數據交互提供加密，用於保障通訊保密安全，數字證書不是隨意建立的，通常須要比較有公信力的組織或團隊提供數字證書纔會被承認。
我的建立一個證書，及時技術厲害別人也要花較多時間成本去了解你才相信你，相似阿里巴巴公司（較公衆的團隊）提供的數字證書，仍是會有比較多的人容易信任承認的。

certbot

certbot是一個網站https免費證書工具，能夠申請獲取本身域名的證書，保證客戶端與網站的通訊安全

certbot 獲取數字證書失效

certbot --nginx 獲取證書失敗

[root@ip-172-31-36-22 ~]# certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2: narule.net
3: www.narule.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2
Requesting a certificate for narule.net
Performing the following challenges:
http-01 challenge for narule.net
Waiting for verification...
Challenge failed for domain narule.net
http-01 challenge for narule.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: narule.net
   Type:   connection
   Detail: Fetching
   http://narule.net/.well-known/acme-challenge/ghMvWhw-3tOEmI7d5zNZGuQ:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

這個問題很棘手，一開始還覺得是nginx須要關閉，之前數字證書自動續簽沒有成功是由於nginx沒有關閉，關閉就能成功，可是此次怎麼都不行，最後經過日誌發現，80端口從外網根本不能進去，只能內網訪問，是80端口出了問題。

緣由

最後思考，近期學習使用docker容器的時候，中止過nginx，使用docker佔用了nginx的80端口。雖然docker我已經沒運行了，80端口也被閒置，可是linux-centos7的環境沒什麼變化，推測頗有可能與安裝了docker有關，也許是安裝docker佔用了什麼資源

解決方法

卸載docker

sudo yum remove docker-ce docker-ce-cli containerd.io

sudo rm -rf /var/lib/docker

certbot --nginx

按照上面兩步卸載完docker後，在嘗試運行certbot --nginx 獲取數字證書成功！

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://narule.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/narule.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/narule.net/privkey.pem
   Your certificate will expire on 2021-05-19. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again with the "certonly" option. To non-interactively
   renew *all* of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le