Lỗi thường gặp khi cài SSL từ certbot dùng VPS Linode


Hôm nay setup 1 cái web server từ linode.

Mình dùng docker nên mọi thứ cũng nhanh, nhưng đến bước cài SSL dùng certbot

https://certbot.eff.org/lets-encrypt/centosrhel7-haproxy


Các bước cài chắc mình nói nhanh.

 

sudo certbot certonly --standalone -d scholling.com -d www.scholling.com

 

Tới khúc này nếu bạn nào setup VPS mới hoàn toàn thì chắc chắn gặp phải

 

[root@li1772-196 ~]# sudo certbot certonly --standalone -d scholling.com -d www.scholling.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator standalone, Installer None

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Requesting a certificate for scholling.com and www.scholling.com

Performing the following challenges:

http-01 challenge for scholling.com

http-01 challenge for www.scholling.com

Waiting for verification...

Challenge failed for domain scholling.com

Challenge failed for domain www.scholling.com

http-01 challenge for scholling.com

http-01 challenge for www.scholling.com

Cleaning up challenges

Some challenges have failed.


IMPORTANT NOTES:

 - The following errors were reported by the server:


   Domain: scholling.com

   Type:   connection

   Detail: Fetching

   http://scholling.com/.well-known/acme-challenge/HQZHCamMASuEcO4HdYII_nvo2TdrvvwaoDVeH59pEmE:

   Error getting validation data


   Domain: www.scholling.com

   Type:   connection

   Detail: Fetching

   http://www.scholling.com/.well-known/acme-challenge/5l_S9e-8gxpiuF7xrq1Unvq_RE_FidkfhTpAJoUsOUo:

   Error getting validation data


   To fix these errors, please make sure that your domain name was

   entered correctly and the DNS A/AAAA record(s) for that domain

   contain(s) the right IP address. Additionally, please check that

   your computer has a publicly routable IP address and that no

   firewalls are preventing the server from communicating with the

   client. If you're using the webroot plugin, you should also verify

   that you are serving files from the webroot path you provided.

Cách xử lý mình như sau:

- Kiểm tra xem có bị 

[root@li1772-196 ~]# firewall-cmd --get-active-zones
docker
  interfaces: docker0 br-464f8eeeb454
public
  interfaces: eth0
[root@li1772-196 ~]# firewall-cmd --zone=public --add-port=80/tcp --permanent
success
[root@li1772-196 ~]# firewall-cmd --reload
success


Sau đó chạy lại

sudo certbot certonly --standalone -d scholling.com -d www.scholling.com


Kết quả đã tạo OK

[root@li1772-196 ~]# sudo certbot certonly --standalone -d scholling.com -d www.scholling.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator standalone, Installer None

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Requesting a certificate for scholling.com and www.scholling.com

Performing the following challenges:

http-01 challenge for scholling.com

http-01 challenge for www.scholling.com

Waiting for verification...

Cleaning up challenges


IMPORTANT NOTES:

 - Congratulations! Your certificate and chain have been saved at:

   /etc/letsencrypt/live/scholling.com/fullchain.pem

   Your key file has been saved at:

   /etc/letsencrypt/live/scholling.com/privkey.pem

   Your certificate will expire on 2021-10-18. To obtain a new or

   tweaked version of this certificate in the future, simply run

   certbot again. To non-interactively renew *all* of your

   certificates, run "certbot renew"

 - If you like Certbot, please consider supporting our work by:


   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate

   Donating to EFF:                    https://eff.org/donate-le



Chúc anh em khắc phục thành công !