infinitycliff.com
我有一条 A 记录,指向 48 小时前设置的 AWS 公共 IP
nextcloud.infinitycliff.com。 14400A我的配置文件18.118.30.103
/etc/apache2/sites-available/nextcloud.infinitycliff.com.conf
<VirtualHost *:80>
DocumentRoot /var/www/nextcloud.infinitycliff.com
ServerName nextcloud.infinitycliff.com
ServerAlias nextcloud.infinitycliff.com
<Directory "/var/www/nextcloud.infinitycliff.com/">
Options MultiViews FollowSymlinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
TransferLog /var/log/apache2/nextcloud.infinitycliff.com_access.log
ErrorLog /var/log/apache2/nextcloud.infinitycliff.com_error.log
</VirtualHost>
端口 80
和
443
在防火墙中打开
$ sudo ufw status
Status: active
To Action From
-- ------ ----
443 ALLOW Anywhere
80 ALLOW Anywhere
80/tcp ALLOW Anywhere
443 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
并通过 AWS 中的入站规则
sgr-0d3a5d165a331302b
IPv4
Custom ICMP - IPv4
Echo Request
N/A
73.152.221.55/32
Allow ping from Home
–
sgr-
IPv4
HTTPS
TCP
443
73.152.221.55/32
–
–
sgr-
IPv4
SSH
TCP
22
73.152.221.55/32
SSH
–
sgr-
IPv4
HTTP
TCP
80
73.152.221.55/32
Port 80
运行$ sudo certbot --apache
返回:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: nextcloud.infinitycliff.com
Type: connection
Detail: 18.118.30.103: Fetching http://nextcloud.infinitycliff.com/.well-known/acme-challenge/j3mLW1Qg-kfvOotya4Q9wRO6Pm28WGXh4yEgpTTTR4Y: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
转到 nextcloud.infinitycliff.com
将打开 nextcloud 网页,但显示
Access through untrusted domain
如有任何帮助,我们将不胜感激。
您似乎已将 AWS 安全组规则配置为仅允许来自您的家庭 IP 地址的入站端口 80 流量。
Certbot/Lets Encrypt 的工作方式是 ACME 挑战可以来自任何地方,而不是来自您的家庭 IP 地址。
测试更新您的 AWS 安全组规则以允许来自任何地方的端口 80 流量,然后这可能会起作用。
如果您不想在 Ubuntu 级别使用 Certbot/Lets Encrypt,则另一个选择是您可以使用 AWS Certificate Manager 来处理此问题,但这会通过应用程序负载均衡器引入额外的基础设施层。