問題描述
更新 Certbot 時出現“連接超時(可能是防火牆問題)” ("Timeout during connect (likely firewall problem)" while renewing Certbot)
我已經檢查了 UFW 和 firewalld。並且 80 和 443 端口都是開放的。</p>
參考解法
方法 1:
I finally realised that prior to installing SSL on this server, I used to forward port 80 to port 8080 using
sudo /sbin/iptables ‑t nat ‑I PREROUTING ‑p tcp ‑‑dport 80 ‑j REDIRECT ‑‑to‑port 8080
So I simply forwarded port 80 back to port 80.
Lesson learnt, for Certbot to work port 80 forwarding should be in place.
方法 2:
I finally realized that I ONLY had http/https open to my test client machines. I opened them wide for the certbot run then closed them again. I'll try to determine what IP needs to be open for letsencrypt probes so I can automate the certbot renewals.
方法 3:
For me the issue was that Let's Encrypt uses IPv6 if possible to do the http challenge and my site worked fine over IPv4 but not over IPv6 (as I had it setup wrong). You can use this site to test your IPv6 setup.
(by umunBeing、umunBeing、brucer42、gene_wood)