certbot 获取数字证书失效问题

---

title: certbot 获取数字证书失效问题
author: Narule
date: 2021-02-18 10:45:00 +0800
categories: [Technology^技术, Tools&Programs^程序工具]
tags: [writing, docker, certbot, ssl]

certbot 获取数字证书失效问题

数字证书

数字证书就是一个网站域名在通讯时使用了安全加密的证实

数字证书为网站数据交互提供加密，用于保障通讯保密安全，数字证书不是随意建立的，通常须要比较有公信力的组织或团队提供数字证书才会被承认。
我的建立一个证书，及时技术厉害别人也要花较多时间成本去了解你才相信你，相似阿里巴巴公司（较公众的团队）提供的数字证书，仍是会有比较多的人容易信任承认的。

certbot

certbot是一个网站https免费证书工具，能够申请获取本身域名的证书，保证客户端与网站的通讯安全

certbot 获取数字证书失效

certbot --nginx 获取证书失败

[root@ip-172-31-36-22 ~]# certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2: narule.net
3: www.narule.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2
Requesting a certificate for narule.net
Performing the following challenges:
http-01 challenge for narule.net
Waiting for verification...
Challenge failed for domain narule.net
http-01 challenge for narule.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: narule.net
   Type:   connection
   Detail: Fetching
   http://narule.net/.well-known/acme-challenge/ghMvWhw-3tOEmI7d5zNZGuQ:
   Connection refused

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

这个问题很棘手，一开始还觉得是nginx须要关闭，之前数字证书自动续签没有成功是由于nginx没有关闭，关闭就能成功，可是此次怎么都不行，最后经过日志发现，80端口从外网根本不能进去，只能内网访问，是80端口出了问题。

缘由

最后思考，近期学习使用docker容器的时候，中止过nginx，使用docker占用了nginx的80端口。虽然docker我已经没运行了，80端口也被闲置，可是linux-centos7的环境没什么变化，推测颇有可能与安装了docker有关，也许是安装docker占用了什么资源

解决方法

卸载docker

sudo yum remove docker-ce docker-ce-cli containerd.io

sudo rm -rf /var/lib/docker

certbot --nginx

按照上面两步卸载完docker后，在尝试运行certbot --nginx 获取数字证书成功！

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://narule.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/narule.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/narule.net/privkey.pem
   Your certificate will expire on 2021-05-19. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again with the "certonly" option. To non-interactively
   renew *all* of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le