作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我想得到 Traefik
在 AKS 中正常工作。总的来说,它工作正常,但我无法让 ACME 证书工作。下面附上我的 traefik.toml 配置,我找不到任何奇怪的东西。
在这个用例中提到的 3 个域是虚拟的,实际上存在并且也回复
# traefik.toml
logLevel = "info"
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
compress = true
[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/tls.crt"
KeyFile = "/ssl/tls.key"
[entryPoints.traefik]
address = ":8080"
[ping]
entryPoint = "http"
[kubernetes]
[traefikLog]
format = "json"
[acme]
KeyType = "RSA4096"
email = "pimjansen@domain.com"
storage = "/acme/acme.json"
entryPoint = "https"
onHostRule = true
acmeLogging = true
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "traefik.domain.com"
[[acme.domains]]
main = "elasticsearch.domain.com"
[[acme.domains]]
main = "kibana.domain.com"
[api]
entryPoint = "traefik"
dashboard = true
{"level":"error","msg":"Unable to obtain ACME certificate for domains \"traefik.hardstyletop40.com\" : unable to generate a certificate for the domains [traefik.domain.com]: acme: Error -\u003e One or more domains had a problem:\n[traefik.domain.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://traefik.hardstyletop40.com/.well-known/acme-challenge/mYkyJzIM-6Y2UIknhXpCkUUTZWjzsAeMuqx7eDCZloY: Error getting validation data, url: \n","time":"2019-09-11T14:47:13Z"}
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Fetching http://traefik.domain.com/.well-known/acme-challenge/mYkyJzIM-6Y2UIknhXpCkUUTZWjzsAeMuqx7eDCZloY: Error getting validation data",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/293838266/LPH2sA",
"token": "mYkyJzIM-6Y2UIknhXpCkUUTZWjzsAeMuqx7eDCZloY",
"validationRecord": [
{
"url": "http://traefik.domain.com/.well-known/acme-challenge/mYkyJzIM-6Y2UIknhXpCkUUTZWjzsAeMuqx7eDCZloY",
"hostname": "traefik.hardstyletop40.com",
"port": "80",
"addressesResolved": [
"13.79.159.165"
],
"addressUsed": "13.79.159.165"
}
]
},
最佳答案
letencrypt 的工作原理是将文件放在指定网络服务器上的 .well-known 目录中。
你是说它们是虚拟的,所以你可能会在本地做它们?无论如何,如果在网络服务器上找不到自动生成的文件,则无法验证证书是从“拥有”域请求的。
流程的工作方式大大简化:
- letsencrypt -> generate file name: abc133......
- letsencrypt -> find webroot of provided domain in webserver config
- letsencrypt -> copy file to .well-known in webroot of given domain
- letsencrypt -> send a webrequest with filename and domain name to letsencrypt.org
- letsencrypt.org -> try to request the file from the given domain looked up via dns
- letsencrypt.org -> successfully requested file and verified, output certificate
- letsencrypt -> read certificate and copy to certificates folder, make a few symlinks
- letsencrypt -> modify webserver configs if needed
sudo certbot -d your.dummy.com --manual --preferred-challenges dns certonly
关于lets-encrypt - Traefik 极致超时,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57891977/
我是一名优秀的程序员,十分优秀!