我使用acme/autocert为服务器自动处理TLS认证。似乎已经奏效了(因为我的域现在具有有效的TLS证书),但是我对看到的内容有些困惑。我的服务器日志如下所示(请注意,这不是完整的日志,只是一个选择):
rpc_1 | 2019/11/11 14:44:49 http: TLS handshake error from 2.51.84.126:53282: acme/autocert: host "physicaldatebaby.org" not configured in HostWhitelist
rpc_1 | 2019/11/11 14:44:50 http: TLS handshake error from 92.5.192.229:47416: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:44:55 http: TLS handshake error from 92.5.192.229:47418: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:45:01 http: TLS handshake error from 92.5.192.229:47420: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:45:06 http: TLS handshake error from 92.5.192.229:47422: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:45:07 http: TLS handshake error from 197.252.5.80:48622: read tcp 192.168.208.2:443->197.252.5.80:48622: read: connection reset by peer
rpc_1 | 2019/11/11 14:45:11 http: TLS handshake error from 92.5.192.229:47424: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:45:16 http: TLS handshake error from 197.29.217.90:51215: acme/autocert: host "cloudfront.net" not configured in HostWhitelist
rpc_1 | 2019/11/11 14:45:16 http: TLS handshake error from 92.5.192.229:47426: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:45:20 http: TLS handshake error from 156.172.18.24:21209: acme/autocert: host "paypal.com" not configured in HostWhitelist
rpc_1 | 2019/11/11 14:45:21 http: TLS handshake error from 92.5.192.229:47428: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:45:27 http: TLS handshake error from 92.5.192.229:47430: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:45:32 http: TLS handshake error from 92.5.192.229:47432: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:45:37 http: TLS handshake error from 92.5.192.229:47434: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:45:42 http: TLS handshake error from 92.5.192.229:47436: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:45:47 http: TLS handshake error from 92.5.192.229:47438: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:45:52 http: TLS handshake error from 92.5.192.229:47440: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:45:58 http: TLS handshake error from 92.5.192.229:47442: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:46:03 http: TLS handshake error from 92.5.192.229:47444: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:46:08 http: TLS handshake error from 92.5.192.229:47446: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:46:13 http: TLS handshake error from 92.5.192.229:47448: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:46:14 http: TLS handshake error from 197.29.217.90:51572: acme/autocert: host "cloudfront.net" not configured in HostWhitelist
rpc_1 | 2019/11/11 14:46:18 http: TLS handshake error from 92.5.192.229:47450: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:46:24 http: TLS handshake error from 92.5.192.229:47452: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:46:29 http: TLS handshake error from 92.5.192.229:47454: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:46:34 http: TLS handshake error from 92.5.192.229:47456: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:46:39 http: TLS handshake error from 92.5.192.229:47458: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:46:44 http: TLS handshake error from 92.5.192.229:47460: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:46:49 http: TLS handshake error from 92.5.192.229:47462: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:46:55 http: TLS handshake error from 92.5.192.229:47464: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:47:00 http: TLS handshake error from 92.5.192.229:47466: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:47:05 http: TLS handshake error from 92.5.192.229:47468: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:47:10 http: TLS handshake error from 92.5.192.229:47470: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:47:15 http: TLS handshake error from 92.5.192.229:47472: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:47:21 http: TLS handshake error from 92.5.192.229:47474: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:47:26 http: TLS handshake error from 92.5.192.229:47476: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:47:31 http: TLS handshake error from 92.5.192.229:47478: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:47:36 http: TLS handshake error from 92.5.192.229:47480: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:47:37 http: TLS handshake error from 197.149.220.123:31754: acme/autocert: host "cloudfront.net" not configured in HostWhitelist
rpc_1 | 2019/11/11 14:47:41 http: TLS handshake error from 92.5.192.229:47482: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:47:47 http: TLS handshake error from 92.5.192.229:47484: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:47:52 http: TLS handshake error from 92.5.192.229:47486: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:47:57 http: TLS handshake error from 92.5.192.229:47488: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:48:02 http: TLS handshake error from 92.5.192.229:47490: acme/autocert: missing server name
rpc_1 | 2019/11/11 14:48:07 http: TLS handshake error from 92.5.192.229:47492: acme/autocert: missing server name
这是怎么回事?我想让此侦听器保持运行状态,以便更新证书,但我担心该日志。我不明白为什么要提出这些要求,或者我怎样才能阻止它们。我搜索了周围,但找不到任何类似的问题。这些请求并非来自我认识的任何客户端,并且似乎只是在尝试可以从同一IP进行的每个端口。我真的不知道这是否适用于生产服务器,所有内容都是最新的(它在最新的Amazon EC2 ami中运行),所以我不确定是否有风险或需要采取其他措施。我总体上有点困惑,所以我希望我能得到一些反馈以帮助解决此问题。
我相关的Go代码如下:
var endpoint = flag.String(
"endpoint",os.Getenv("SERVER_ENDPOINT"),"Overwrite default endpoint defined in environment variables",)
certManager := autocert.Manager{
Prompt: autocert.acceptTOS,HostPolicy: autocert.HostWhitelist(*endpoint),Cache: autocert.DirCache("certs"),}
// certManager.Listener() listens on 443
go http.Serve(certManager.Listener(),certManager.HTTPHandler(nil))
我对所有入站流量都开放了端口80和443,尽管我认为不需要对Lets Encrypt流量开放其他任何端口(我认为,我对Lets Encrypt的工作方式的理解可能是错误的?)