lnmp ssl 生成SSL失败
#/bin/certbot/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find executable apachectl in PATH: /usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
#/bin/certbot
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find executable apachectl in PATH: /usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
# more/var/log/letsencrypt/letsencrypt.log
2017-07-05 05:40:59,518:DEBUG:certbot.main:certbot version: 0.15.0
2017-07-05 05:40:59,518:DEBUG:certbot.main:Arguments: []
2017-07-05 05:40:59,518:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,Plugi
nEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-07-05 05:40:59,536:DEBUG:certbot.log:Root logging level set at 20
2017-07-05 05:40:59,536:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-07-05 05:40:59,537:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2017-07-05 05:40:59,602:WARNING:certbot.plugins.util:Failed to find executable apachectl in PATH: /usr/lib64/qt-3.3/bin:/usr/local/s
bin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
2017-07-05 05:40:59,602:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#apache): Cannot find Apache control command ap
achectl
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/plugins/disco.py", line 127, in prepare
self._initialized.prepare()
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot_apache/configurator.py", line 173, in prepare
'Cannot find Apache control command {0}'.format(restart_cmd))
NoInstallationError: Cannot find Apache control command apachectl
2017-07-05 05:40:59,616:DEBUG:certbot.plugins.selection:No candidate plugin
2017-07-05 05:40:59,616:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
# python -V
Python 2.7.13
# /usr/bin/python -V
Python 2.7.13
[ 本帖最后由 blue2008 于 2017-7-5 13:53 编辑 ] 以前的ID找不到了, 只能新注...
各位有没有遇到过的 需要生成ssl时的错误提示和生成ssl时的/var/log/letsencrypt/letsencrypt.log 日志内容 # tail -n 30 /var/log/letsencrypt/letsencrypt.log
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py", line 641, in renew_cert
_get_and_save_cert(le_client, config, lineage=lineage)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py", line 77, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/renewal.py", line 297, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/client.py", line 313, in obtain_certificate
self.config.allow_subset_of_names)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py", line 81, in get_authorizations
self._respond(resp, best_effort)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py", line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. bluenoob.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://bluenoob.com/.well-known/acme-challenge/mTl7V_2-98SB9yeKn_izbN2fgv6oJtnqGIGKx81OKu8: "
body{background-color:#FFFFFF}</style"
2017-07-05 06:22:35,417:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in
sys.exit(main())
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py", line 743, in main
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py", line 693, in renew
renewal.handle_renewal_request(config)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/renewal.py", line 436, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 5 renew failure(s), 0 parse failure(s) blue2008 密码忘了... 找回收不到邮件...
从1楼的帖子看 , 感觉问题是不是出在python ?
最初安装的时候 , 第一次生成 ssl ,能够正常 ,
后来我发现ssl过期了 , 看了一下crontab , 手动执行了一下也不行 ,
提示 Python 2.6 is no longer supported , 我就手动更新了python到 2.7
回复 4# 的帖子
按前面返回的信息看返回的代码也不是nginx报错信息上的看你这个域名未备案被阻断也是无法正常获取到验证文件的
你更新了python,你还需要rm -rf /root/.local/share/letsencrypt/ 重新生成新的,pip也要升级成对应python版本的 很感谢军哥解答.
/letsencrypt/ 怎么重新生成?
现在去安装PIP ,
.well-known 和user.ini , 我以为没用 , 被我删过好像.....
域名被封了80 , 但是443 没有被封 对了 , 提个小小的建议 ,LNMP 里PHP或者mysql 之类的升级降级, 脚本里能不能加个备份 php.ini 之类的配置文件 ? 还有一个问题需要请教下的 ,
就是执行lnmp ssl , 生成abc.conf , 是覆盖之前的abc.conf , 还是追加 ? 问题比较多 ,再问个
nginx的 error_log , 加在nginx.conf 上 , 还是单独vhost 做 ?
一键脚本里默认是不带的
我现在是加在vhost里单独的conf里的 尴尬, 好不容易解决了pip 的问题之后 ,才发现
Domain: xxx.com
Type: unauthorized
Detail: Invalid response from
话说 , 验证这一步 , 能用非80 端口吗 acme.sh 是支持DNS验证的, 脚本后续是否能优化下 ? 不好意思军哥 , 我没有细看 .
php是有配置的
/usr/local/oldphp2017xxxxxxxx/etc/php.ini
ACME 我测试可以用 , 支持DNS验证 , 完美解决80端口被墙 删除后再生成证书时letsencrypt都是自动生成的
你80不通肯定没法验证,他们就是通过80端口访问验证文件的
升级前都会数据配置文件、启动脚本等所有文件进行备份,而且可以完全恢复,升级教程里有说明,自行看教程:https://lnmp.org/faq/lnmp1-2-upgrade.html
error_log 在哪设置的就是记录哪个虚拟主机的,全局的就是全局的
添加到原有http站点配置后,没正常生成证书是不会添加上配置文件的
非80没法验证
支持dns-01验证,自己运行命令就行了 certbot certonly --manual --preferred-challenges=dns -d 域名 按提示操作,自己去添加记录等就可以了
certbot本来就是官网的程序需要官网进行优化
页:
[1]