Let'sEncrypt 免费通配符/泛域名SSL证书不成功

SKYIDEA 发表于 2018-4-2 07:59:40

设置的了好几遍都通不过去，执行了
export Namesilo_Key="8的730dd38b"

运行这个lnmp dnsssl namesilo
总是配置不成功。

Starting create SSL Certificate use Let's Encrypt...
Multi domain='DNS:www.yoyomay.com,DNS:yoyomay.com'
Getting domain auth token for each domain
Getting webroot for domain='www.yoyomay.com'
Getting new-authz for domain='www.yoyomay.com'
The new-authz request is ok.
Getting webroot for domain='yoyomay.com'
Getting new-authz for domain='yoyomay.com'
The new-authz request is ok.
Found domain api file: /usr/local/acme.sh/dnsapi/dns_namesilo.sh
Unable to find domain specified.
Error add txt for domain:_acme-challenge.www.yoyomay.com
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
Let's Encrypt SSL Certificate create failed!

licess 发表于 2018-4-2 09:12:16

Unable to find domain specified. 按提示是找不到你填写的域名，可以发完整的 /usr/local/acme.sh/acme.sh.log 看一下具体内容

SKYIDEA 发表于 2018-4-2 11:19:33

回复 2# 的帖子

licess 发表于 2018-4-2 12:18:58

回复 3# 的帖子

这个日志不完整，看后面的

SKYIDEA 发表于 2018-4-2 12:36:09

回复 4# 的帖子

Using config home:/usr/local/acme.sh
DOMAIN_PATH='/usr/local/nginx/conf/ssl/www.yoyomay.com'
Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
_init api for server: https://acme-v01.api.letsencrypt.org/directory
GET
url='https://acme-v01.api.letsencrypt.org/directory'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
ACME_NEW_NONCE
ACME_VERSION
Le_NextRenewTime
_on_before_issue
Le_LocalAddress
Check for domain='www.yoyomay.com'
_currentRoot='dns_namesilo'
Check for domain='yoyomay.com'
_currentRoot='dns_namesilo'
_saved_account_key_hash is not changed, skip register account.
Read key length:
_createcsr
Multi domain='DNS:www.yoyomay.com,DNS:yoyomay.com'
Getting domain auth token for each domain
Getting webroot for domain='www.yoyomay.com'
_w='dns_namesilo'
_currentRoot='dns_namesilo'
Getting new-authz for domain='www.yoyomay.com'
_init api for server: https://acme-v01.api.letsencrypt.org/directory
Try new-authz for the 0 time.
url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "www.yoyomay.com"}}'
RSA key
GET
url='https://acme-v01.api.letsencrypt.org/directory'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
POST
_post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='201'
The new-authz request is ok.
entry='"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/wa-xtRQAeJgYayNgJfadsJh1D9BaHMnksjaAOW8o7Ms/4055388845","token":"TbJJousGMLRUsvrDq2NV5S20E1GmBb_Ub-1HAtX6gZI"'
token='TbJJousGMLRUsvrDq2NV5S20E1GmBb_Ub-1HAtX6gZI'
uri='https://acme-v01.api.letsencrypt.org/acme/challenge/wa-xtRQAeJgYayNgJfadsJh1D9BaHMnksjaAOW8o7Ms/4055388845'
keyauthorization='TbJJousGMLRUsvrDq2NV5S20E1GmBb_Ub-1HAtX6gZI.gnwG22EdQL-s_f9cz1PGDXi84Z_Nnc5E2s3WbWc7Ppw'
dvlist='www.yoyomay.com#TbJJousGMLRUsvrDq2NV5S20E1GmBb_Ub-1HAtX6gZI.gnwG22EdQL-s_f9cz1PGDXi84Z_Nnc5E2s3WbWc7Ppw#https://acme-v01.api.letsencrypt.org/acme/challenge/wa-xtRQAeJgYayNgJfadsJh1D9BaHMnksjaAOW8o7Ms/4055388845#dns-01#dns_namesilo'
Getting webroot for domain='yoyomay.com'
_w='dns_namesilo'
_currentRoot='dns_namesilo'
Getting new-authz for domain='yoyomay.com'
_init api for server: https://acme-v01.api.letsencrypt.org/directory
Try new-authz for the 0 time.
url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "yoyomay.com"}}'
POST
_post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='201'
The new-authz request is ok.
entry='"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/p2E5dVy-ibI2PRcEaDNdAagKLtv-28XQt33qGUsCCTA/4055388933","token":"IUqSd_vGrxIsSZM1KQTQvdmx9cROzI1ZDIQfq42m2oc"'
token='IUqSd_vGrxIsSZM1KQTQvdmx9cROzI1ZDIQfq42m2oc'
uri='https://acme-v01.api.letsencrypt.org/acme/challenge/p2E5dVy-ibI2PRcEaDNdAagKLtv-28XQt33qGUsCCTA/4055388933'
keyauthorization='IUqSd_vGrxIsSZM1KQTQvdmx9cROzI1ZDIQfq42m2oc.gnwG22EdQL-s_f9cz1PGDXi84Z_Nnc5E2s3WbWc7Ppw'
dvlist='yoyomay.com#IUqSd_vGrxIsSZM1KQTQvdmx9cROzI1ZDIQfq42m2oc.gnwG22EdQL-s_f9cz1PGDXi84Z_Nnc5E2s3WbWc7Ppw#https://acme-v01.api.letsencrypt.org/acme/challenge/p2E5dVy-ibI2PRcEaDNdAagKLtv-28XQt33qGUsCCTA/4055388933#dns-01#dns_namesilo'
vlist='www.yoyomay.com#TbJJousGMLRUsvrDq2NV5S20E1GmBb_Ub-1HAtX6gZI.gnwG22EdQL-s_f9cz1PGDXi84Z_Nnc5E2s3WbWc7Ppw#https://acme-v01.api.letsencrypt.org/acme/challenge/wa-xtRQAeJgYayNgJfadsJh1D9BaHMnksjaAOW8o7Ms/4055388845#dns-01#dns_namesilo,yoyomay.com#IUqSd_vGrxIsSZM1KQTQvdmx9cROzI1ZDIQfq42m2oc.gnwG22EdQL-s_f9cz1PGDXi84Z_Nnc5E2s3WbWc7Ppw#https://acme-v01.api.letsencrypt.org/acme/challenge/p2E5dVy-ibI2PRcEaDNdAagKLtv-28XQt33qGUsCCTA/4055388933#dns-01#dns_namesilo,'
d='www.yoyomay.com'
_d_alias
txtdomain='_acme-challenge.www.yoyomay.com'
txt='aGpm5JrWlhVmOa8jkWmVz-S3QVbAvssrOklVXtNEsDs'
d_api='/usr/local/acme.sh/dnsapi/dns_namesilo.sh'
Found domain api file: /usr/local/acme.sh/dnsapi/dns_namesilo.sh
GET
url='https://www.namesilo.com/api/listDomains?version=1&type=xml&key=a30fb8391491ea0cab6f****8'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
host='www.yoyomay.com'
host='yoyomay.com'
Unable to find domain specified.
Error add txt for domain:_acme-challenge.www.yoyomay.com
pid
No need to restore nginx, skip.
_clearupdns
skip dns.
_on_issue_err
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
url='https://acme-v01.api.letsencrypt.org/acme/challenge/wa-xtRQAeJgYayNgJfadsJh1D9BaHMnksjaAOW8o7Ms/4055388845'
payload='{"resource": "challenge", "keyAuthorization": "TbJJousGMLRUsvrDq2NV5S20E1GmBb_Ub-1HAtX6gZI.gnwG22EdQL-s_f9cz1PGDXi84Z_Nnc5E2s3WbWc7Ppw"}'
POST
_post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/wa-xtRQAeJgYayNgJfadsJh1D9BaHMnksjaAOW8o7Ms/4055388845'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='202'
url='https://acme-v01.api.letsencrypt.org/acme/challenge/p2E5dVy-ibI2PRcEaDNdAagKLtv-28XQt33qGUsCCTA/4055388933'
payload='{"resource": "challenge", "keyAuthorization": "IUqSd_vGrxIsSZM1KQTQvdmx9cROzI1ZDIQfq42m2oc.gnwG22EdQL-s_f9cz1PGDXi84Z_Nnc5E2s3WbWc7Ppw"}'
POST
_post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/p2E5dVy-ibI2PRcEaDNdAagKLtv-28XQt33qGUsCCTA/4055388933'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='202'
j前面的日志太长了，我清空了，重新生成的，请军哥帮忙看看。谢谢。

[ 本帖最后由 SKYIDEA 于 2018-4-2 12:44 编辑 ]

licess 发表于 2018-4-2 19:11:31

回复 5# 的帖子

不大清楚原因，按前面的提示是没找到域名，你先 /usr/local/acme.sh/acme.sh --upgrade 升级一下acme.sh，然后
你把不带www的域名在前面做第一个域名试试

401773133 发表于 2018-4-3 17:20:29

已被屏蔽。

已被屏蔽。

[ 本帖最后由 401773133 于 2018-5-14 20:48 编辑 ]

licess 发表于 2018-4-3 18:30:28

回复 7# 的帖子

# lnmp dnsssl cx
+-------------------------------------------+
| Manager for LNMP, Written by Licess |
+-------------------------------------------+
| https://lnmp.org |
+-------------------------------------------+
/usr/local/acme.sh/acme.sh
Please enter domain(example: www.lnmp.org): p2.vpszt.com
Your domain: p2.vpszt.com
Enter more domain name(example: lnmp.org *.lnmp.org):
Please enter the directory for domain p2.vpszt.com: /home/wwwroot/p2.vpszt.com
Allow Rewrite rule? (y/n)
You choose rewrite: none
Allow access log? (y/n)
Disable access log.
Enable PHP Pathinfo? (y/n)
Disable pathinfo.
Starting create SSL Certificate use Let's Encrypt...
Registering account
Registered
ACCOUNT_THUMBPRINT='r6xDfGgErzbSCvV7nekA_1zonrWQnJUoO38Sj5460mU'
Creating domain key
The domain key is here: /usr/local/nginx/conf/ssl/p2.vpszt.com/p2.vpszt.com.key
Single domain='p2.vpszt.com'
Getting domain auth token for each domain
Getting webroot for domain='p2.vpszt.com'
Getting new-authz for domain='p2.vpszt.com'
The new-authz request is ok.
Found domain api file: /usr/local/acme.sh/dnsapi/dns_cx.sh
Adding record
Sleep 120 seconds for the txt records to take effect
Verifying:p2.vpszt.com
Success
Removing DNS records.
Deleted record _acme-challenge.p2.vpszt.com
Verify finished, start to sign.
Cert success.
Your cert is in/usr/local/nginx/conf/ssl/p2.vpszt.com/p2.vpszt.com.cer
Your cert key is in/usr/local/nginx/conf/ssl/p2.vpszt.com/p2.vpszt.com.key
The intermediate CA cert is in/usr/local/nginx/conf/ssl/p2.vpszt.com/ca.cer
And the full chain certs is there:/usr/local/nginx/conf/ssl/p2.vpszt.com/fullchain.cer
Run reload cmd: /etc/init.d/nginx reload
Reload service nginx...done
Reload success
Create Virtul Host directory......
set permissions of Virtual Host directory......
You select the exist rewrite rule:/usr/local/nginx/conf/rewrite/none.conf
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
Create dhparam.pem...
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
..........+.............+................+...+............................+...................................................................................................................................................................................................+................................................................................................................................................................................................................+.......+...........................................................................................................+....................................+..............................+..+......................................+............................+...........................................................................................................................................+......................................................................................+..............................................................................+.....................................................................................................................+.......................................................................+.....................+........................................................................................+...............................................................................................................................................................................+..............................................................+..................................................................................................................................................+.............................................................................................................................................................................................+.............................................................................................................................................................................................................................................................................................................................+...........................+......+...............................+..........................................................................................................................................................................................................................................................................+.......................................................................................................++*++*
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
Let's Encrypt SSL Certificate create successfully.
# lnmp dnsssl cx
+-------------------------------------------+
| Manager for LNMP, Written by Licess |
+-------------------------------------------+
| https://lnmp.org |
+-------------------------------------------+
/usr/local/acme.sh/acme.sh
Please enter domain(example: www.lnmp.org): pzea.vpszt.com
Your domain: pzea.vpszt.com
Enter more domain name(example: lnmp.org *.lnmp.org): *.pzea.vpszt.com
domain list: *.pzea.vpszt.com
Please enter the directory for domain pzea.vpszt.com: /home/wwwroot/pzea.vpszt.com
Allow Rewrite rule? (y/n)
You choose rewrite: none
Allow access log? (y/n)
Disable access log.
Enable PHP Pathinfo? (y/n)
Disable pathinfo.
Starting create SSL Certificate use Let's Encrypt...
Registering account

Registered
ACCOUNT_THUMBPRINT='-BRzwkpQeISUY0H0T-NTwyxvzO2gE66wUt-6uZpZKGs'
Creating domain key
The domain key is here: /usr/local/nginx/conf/ssl/pzea.vpszt.com/pzea.vpszt.com.key
Multi domain='DNS:pzea.vpszt.com,DNS:*.pzea.vpszt.com'
Getting domain auth token for each domain
Getting webroot for domain='pzea.vpszt.com'
Getting webroot for domain='*.pzea.vpszt.com'
Found domain api file: /usr/local/acme.sh/dnsapi/dns_cx.sh
Adding record
Found domain api file: /usr/local/acme.sh/dnsapi/dns_cx.sh
Adding record
Sleep 120 seconds for the txt records to take effect
Verifying:pzea.vpszt.com
Success
Verifying:*.pzea.vpszt.com
Success
Removing DNS records.
Deleted record _acme-challenge.pzea.vpszt.com
Deleted record _acme-challenge.pzea.vpszt.com
Verify finished, start to sign.
Cert success.
Your cert is in/usr/local/nginx/conf/ssl/pzea.vpszt.com/pzea.vpszt.com.cer
Your cert key is in/usr/local/nginx/conf/ssl/pzea.vpszt.com/pzea.vpszt.com.key
The intermediate CA cert is in/usr/local/nginx/conf/ssl/pzea.vpszt.com/ca.cer
And the full chain certs is there:/usr/local/nginx/conf/ssl/pzea.vpszt.com/fullchain.cer
Run reload cmd: /etc/init.d/nginx reload
Reload service nginx...done
Reload success
Create Virtul Host directory......
set permissions of Virtual Host directory......
You select the exist rewrite rule:/usr/local/nginx/conf/rewrite/none.conf
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
Let's Encrypt SSL Certificate create successfully.
新装2个环境测试看均没问题

页: [1]

VPS侦探论坛's Archiver