Currently, Debian is considering transferring to Let's Encrypt due to the price increase of RapidSSL WildCard (10,000 yen → 20,000 yen).
The CentOS on the VPS worked fine, and I was able to make it work without any problems, but authentication failed on the home server (dynamic IP).It didn't work automatically, so I'm trying to deploy it with --manual.
./letsencrypt-autocertonly --manual-d#MY-DOMAIN# --server HTTPS://acme-v01.api.letsencrypt.org/directory
First, we started creating a key file with the above command.
http://#MY-DOMAIN#/.well-known/acme-challenge/#LONG-RANDOM-FILENAME#
I wrote "#LONG-RANDOM-STRING#" in the corresponding "#LONG-RANDOM-FILENAME#" to be accessed by the .Tried the command print "%S" #LONG-RANDOM-STRING#>#LONG-RANDOM-FILENAME# and "echo" #LONG-RANDOM-STRING#" > #LONG-RANDOM-FILENAME# as shown.
I confirmed that I can see it if I access the specified URL from my browser and returned it.Then I got the following error:
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: #MY-DOMAIN#
Type: connection
Detail—Could not connect to
http://#MY-DOMAIN#/.well-known/acme-challenge/#LONG-RANDOM-FILENAME#
To fix these errors, please make sure that your domain name was
entered correctly and the DNS Record(s) for that domain
contain(s) the right IP address.Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are presenting the server from communicating with the
client.If you're using the webroot plugin, you should verify
That you are serving files from the webroot path you provided.
I disabled the firewall on the router and server because of the inaccessible error, but when I checked DNS on Dig, I found that the IP that has not changed since more than a month ago was in A record.
;QUESTION SECTION:
;#MY-DOMAIN#.INA
;; ANSWER SECTION:
#MY-DOMAIN#.120 IN A#MY-SERVER-IPADDR#
However, when I checked the access log and error log of the server, it seems that there is no access from the authentication server, and it seems that the correct IP address is not delivered to the authentication server.
What should I do in this case?
Nice to meet you.
I couldn't do acme-challenge in a similar case, but it was resolved, so I'll tell you as a possibility.
Running a script from within the router seems to be an example of a name resolution, so setting the domain name and local ip for hosts succeeded in my case.
Oh, port forwarding is a prerequisite.
The authentication server does not seem to have the correct IP address.
DNS server settings for your domain appear to be incorrect.
I think there is a DNS server that you applied to the registrar when you acquired the domain.
Register the global IP of your home server on your DNS server.
registration examples:
Name: www.example.com<- Your server hostname
Type: A
Value: 198.51.100.2<- Your Server Global IP
Verification of Operation Example: Google Public DNS Search Your Domain and Return Correct IP OK
$diga [email protected]
; <>>DiG9.11.0 - P5<>>example.com [email protected]
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<-opcode:QUERY, status: NOERROR, id:3237
;; flags:qrrdra;QUERY:1, ANSWER:1, AUTHORITY:0, ADDITIONAL:1
;; OPT PSEUDOSATION:
; EDNS:version:0,flags:;udp:512
;; QUESTION SECTION:
<example.com.INA
;; ANSWER SECTION:
example.com.86399 INA 198.51.100.2
;; Query time—316 msec
;; SERVER: 8.8.8.8#53 (8.8.8.8)
;; WHEN: Monday, October 02 17:55:19 JST 2017
;; MSG SIZE rcvd:56
© 2024 OneMinuteCode. All rights reserved.