我正在尝试使用 LetsEncrypt 在 HAProxy 上提供 SSL certbot。我正在使用以下命令创建 SSL:
sudo certbot certonly --standalone -d test.example.com \
--non-interactive --agree-tos --email [email protected] \
--http-01-port=8888
它正在创建一个新证书。没有问题。但是如果我想续订证书,续订失败。当我跑步时sudo certbot renew --dry-run。给出这个错误:
Processing /etc/letsencrypt/renewal/test.example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer None
Simulating renewal of an existing certificate for test.example.com
Performing the following challenges:
http-01 challenge for test.example.com
Cleaning up challenges
Failed to renew certificate test.example.com with error: Problem binding to port 8888: Could not bind to IPv4 or IPv6.
我正在使用这个来源:https://serversforhackers.com/c/letsencrypt-with-haproxy
我正在创建我的 haproxy(HA-Proxy 版本 2.2.9-2+deb11u6)配置,如下所示:
frontend fe-example
bind *:4433 ssl crt /etc/haproxy/certs/test.example.com/test.example.com.pem
# New line to test URI to see if its a letsencrypt request
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
default_backend be-example
# LE Backend
backend letsencrypt-backend
server letsencrypt 127.0.0.1:8888
# Normal (default) Backend
# for web app servers
backend be-example
# Config omitted here
但这个配置对我不起作用。
我的第一个问题是;这个 HAProxy 配置有什么问题?我的第二个问题是;这种颁发SSL证书的方法是真的吗?