1.3升级到1.4添,添加ssl主机失败
参考了这个 https://lnmp.org/faq/upgrade1-4.htmllnmp由1.3升级到1.4后添加的
探针这么显示
服务器域名/IP地址www.lnmp.org(10.244.37.20)服务器标识Linux localhost.localdomain 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64服务器操作系统Linux内核版本:3.10.0-327.el7.x86_64服务器解译引擎nginx/1.12.0服务器语言zh-CN,zh;q=0.8服务器端口8888服务器主机名localhost.localdomain绝对路径/home/wwwroot/default管理员邮箱探针路径/home/wwwroot/default/pxxxxxxxxx.php
以下是全过程
-----------------------------------------------------------------------------------------
# lnmp vhost add
+-------------------------------------------+
| Manager for LNMP, Written by Licess |
+-------------------------------------------+
| https://lnmp.org |
+-------------------------------------------+
Please enter domain(example: www.lnmp.org): wx.AAAA.com
Your domain: wx.AAAA.com
Enter more domain name(example: lnmp.org *.lnmp.org):
Please enter the directory for the domain: wx.qyzg.com
Default directory: /home/wwwroot/wx.AAAA.com:
Virtual Host Directory: /home/wwwroot/wx.AAAA.com
Allow Rewrite rule? (y/n) y
Please enter the rewrite of programme,
wordpress,discuz,typecho,sablog,typecho rewrite was exist.
(Default rewrite: other):
You choose rewrite: other
Allow access log? (y/n) y
Enter access log filename(Default:wx.qyzg.com.log):
You access log filename: wx.qyzg.com.log
Create database and MySQL user with same name (y/n) n
Create ftp account (y/n) n
Add SSL Certificate (y/n) y
1: Use your own SSL Certificate and Key
2: Use Let's Encrypt to create SSL Certificate and Key
Enter 1 or 2: 2
Please enter your email address: XXXXXX@foxmail.com
It will be processed automatically.
Press any key to start create virtul host...
Create Virtul Host directory......
set permissions of Virtual Host directory......
You select the exist rewrite rule:/usr/local/nginx/conf/other.conf
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
Gracefully shutting down php-fpm . done
Starting php-fpmdone
You select the exist rewrite rule:/usr/local/nginx/conf/other.conf
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
/bin/certbot
index-url = https://pypi.doubanio.com/simple/
pip.conf exist.
Starting create SSL Certificate use Let's Encrypt...
Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no -bootstrap)
yum 是 /bin/yum
已加载插件:fastestmirror, langpacks
base | 3.6 kB 00:00
epel/x86_64/metalink | 5.8 kB 00:00
epel | 4.3 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
(1/2): epel/x86_64/updateinfo | 832 kB 00:00
(2/2): epel/x86_64/primary_db | 4.8 MB 00:04
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* epel: mirrors.tongji.edu.cn
* extras: mirrors.163.com
* updates: mirrors.163.com
软件包 gcc-4.8.5-16.el7.x86_64 已安装并且是最新版本
软件包 augeas-libs-1.4.0-2.el7_4.1.x86_64 已安装并且是最新版本
软件包 1:openssl-1.0.2k-8.el7.x86_64 已安装并且是最新版本
软件包 1:openssl-devel-1.0.2k-8.el7.x86_64 已安装并且是最新版本
软件包 libffi-devel-3.0.13-18.el7.x86_64 已安装并且是最新版本
软件包 redhat-rpm-config-9.1.0-76.el7.centos.noarch 已安装并且是最新版本
软件包 ca-certificates-2017.2.14-71.el7.noarch 已安装并且是最新版本
软件包 python-2.7.5-58.el7.x86_64 已安装并且是最新版本
软件包 python-devel-2.7.5-58.el7.x86_64 已安装并且是最新版本
软件包 python-virtualenv-1.10.1-4.el7.noarch 已安装并且是最新版本
软件包 python-tools-2.7.5-58.el7.x86_64 已安装并且是最新版本
软件包 python2-pip-8.1.2-5.el7.noarch 已安装并且是最新版本
无须任何处理
Upgrading certbot-auto 0.18.1 to 0.18.2...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wx.AAAA.com
Using the webroot path /home/wwwroot/wx.AAAA.com for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. wx.AAAA.com (http-01): urn:acme:error:unauthoriz ed :: The client lacks sufficient authorization :: Invalid response from http:// wx.AAAA.com/.well-known/acme-challenge/1mj6-m2p-6vuaz3J4f6jswxbqfeiFwjV3a7_xhAD6 0k: "<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: wx.AAAA.com
Type: unauthorized
Detail: Invalid response from
http://wx.AAAA.com/.well-known/acme-challenge/1mj6-m2p-6vuaz3J4f6jswxbqfeiFwj V3a7_xhAD60k:
"<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
Let's Encrypt SSL Certificate create failed!
================================================
Virtualhost infomation:
Your domain: wx.AAAA.com
Home Directory: /home/wwwroot/wx.AAAA.com
Rewrite: other
Enable log: yes
Create database: no
Create ftp account: no
Enable SSL: yes
=>Let's Encrypt
================================================
#
--------------------------------------------------------------------------------------------------------------
# vi wx.AAAA.com.conf
include enable-php.conf;
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
}
location ~ .*\.(js|css)?$
{
expires 12h;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log/home/wwwlogs/wx.AAAA.com.log;
}
------------------------------------------------------------------------------------- 按返回详细看是403
看配置文件是正常的
可以看一下 /var/log/letsencrypt/letsencrypt.log 中日志的具体信息
有些NS服务器可能不支持 看不太懂~~
2017-09-29 08:31:44,668:DEBUG:certbot.reporter:Reporting to user: The followingerrors were reported by the server:
Domain: wx.AAAA.com
Type: unauthorized
Detail: Invalid response from http://wx.AAAA.com/.well-known/acme-challenge/1mj6-m2p-6vuaz3J4f6jswxbqfeiFwjV3a7_xhAD60k: "<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2017-09-29 08:31:44,668:INFO:certbot.auth_handler:Cleaning up challenges
2017-09-29 08:31:44,668:DEBUG:certbot.plugins.webroot:Removing /home/wwwroot/wx.AAAA.com/.well-known/acme-challenge/1mj6-m2p-6vuaz3J4f6jswxbqfeiFwjV3a7_xhAD60k
2017-09-29 08:31:44,669:DEBUG:certbot.plugins.webroot:All challenges cleaned up,removing /home/wwwroot/wx.AAAA.com/.well-known/acme-challenge
2017-09-29 08:31:44,669:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py",line 755, in main
return config.func(config, plugins)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py",line 694, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py",line 82, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 357, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 318, in obtain_certificate
self.config.allow_subset_of_names)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 81, in get_authorizations
self._respond(resp, best_effort)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. wx.AAAA.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://wx.AAAA.com/.well-known/acme-challenge/1mj6-m2p-6vuaz3J4f6jswxbqfeiFwjV3a7_xhAD60k: "<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>"
回复 3# 的帖子
如果解析没错误等话,可能目录权限有问题或者更换ns后再试试 NS服务器指的是?:L不是域名服务器吧...回复 5# 的帖子
DNS服务器
页:
[1]