Lnmp添加ssl失败

miniday 发表于 2018-4-4 11:10:19

添加已有域名manage.ewwe.netssl创建失败
系统是Centos7.4
Lnmp已经升级到1.5

下面是记录

# lnmp ssl add
+-------------------------------------------+
| Manager for LNMP, Written by Licess |
+-------------------------------------------+
|          https://lnmp.org          |
+-------------------------------------------+
Please enter domain(example: www.lnmp.org): manage.ewwe.net
Your domain: manage.ewwe.net
Enter more domain name(example: lnmp.org *.lnmp.org):
Please enter the directory for domain manage.ewwe.net: /home/wwwroot/manage.ewwe                .net
Allow Rewrite rule? (y/n) n
You choose rewrite: none
Allow access log? (y/n) y
Enter access log filename(Default:manage.ewwe.net.log):
You access log filename: manage.ewwe.net.log
Enable PHP Pathinfo? (y/n) n
Disable pathinfo.
1: Use your own SSL Certificate and Key
2: Use Let's Encrypt to create SSL Certificate and Key
Enter 1 or 2: 2
It will be processed automatically.
/usr/local/acme.sh/acme.sh
Starting create SSL Certificate use Let's Encrypt...
Registering account
Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
Can not connect to https://acme-v01.api.letsencrypt.org/directory to get nonce.
Register account Error: {
"gAf_FkzjRgY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
   "letsencrypt.org"
],
"terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
Let's Encrypt SSL Certificate create failed!
#

有用Lnmp1.5的命令重新试了一下，还是不行。
https://i.loli.net/2018/04/04/5ac446786dbf9.png

[ 本帖最后由 miniday 于 2018-4-4 11:28 编辑 ]

licess 发表于 2018-4-11 09:11:23

# lnmp ssl add
+-------------------------------------------+
| Manager for LNMP, Written by Licess |
+-------------------------------------------+
| https://lnmp.org |
+-------------------------------------------+
Please enter domain(example: www.lnmp.org): www.lyfhtzy.com
Your domain: www.lyfhtzy.com
Enter more domain name(example: lnmp.org *.lnmp.org):
Please enter the directory for domain www.lyfhtzy.com: /home/wwwroot/www.lyfhtzy.com
Allow Rewrite rule? (y/n)
You choose rewrite: none
Allow access log? (y/n)
Disable access log.
Enable PHP Pathinfo? (y/n)
Disable pathinfo.
1: Use your own SSL Certificate and Key
2: Use Let's Encrypt to create SSL Certificate and Key
Enter 1 or 2: 2
It will be processed automatically.
/usr/local/acme.sh/acme.sh
Starting create SSL Certificate use Let's Encrypt...
Single domain='www.lyfhtzy.com'
Getting domain auth token for each domain
Getting webroot for domain='www.lyfhtzy.com'
Getting new-authz for domain='www.lyfhtzy.com'
The new-authz request is ok.
Verifying:www.lyfhtzy.com
Pending
Success
Verify finished, start to sign.
Cert success.
Your cert is in/usr/local/nginx/conf/ssl/www.lyfhtzy.com/www.lyfhtzy.com.cer
Your cert key is in/usr/local/nginx/conf/ssl/www.lyfhtzy.com/www.lyfhtzy.com.key
The intermediate CA cert is in/usr/local/nginx/conf/ssl/www.lyfhtzy.com/ca.cer
And the full chain certs is there:/usr/local/nginx/conf/ssl/www.lyfhtzy.com/fullchain.cer
Run reload cmd: /etc/init.d/nginx reload
Reload service nginx...done
Reload success
Let's Encrypt SSL Certificate create successfully.
升级到1.5后，添加完全正常

licess 发表于 2018-4-4 12:19:56

你发的日志里按错误信息看你机器连接不上letsencrypt的服务器

发一下新的日志看一下，或者export api参数后执行 /usr/local/acme.sh/acme.sh --issue -d manage.ewwe.net --dns dns_dp --log-level 2 --debug 2 看一下

miniday 发表于 2018-4-4 14:10:50

补一下新的日志

服务器是香港腾讯云，不知道为什么会连接不上呢。
下面是执行命令后的输出
、、

#/usr/local/acme.sh/acme.sh --issue -d manage.ewwe.net --dns dns_dp --log                      -level 2 --debug 2
Lets find script dir.
_SCRIPT_='/usr/local/acme.sh/acme.sh'
_script='/usr/local/acme.sh/acme.sh'
_script_home='/usr/local/acme.sh'
Using config home:/usr/local/acme.sh
LE_WORKING_DIR='/usr/local/acme.sh'
https://github.com/Neilpang/acme.sh
v2.7.7
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
_ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
DOMAIN_PATH='/usr/local/nginx/conf/ssl/manage.ewwe.net'
Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
_init api for server: https://acme-v01.api.letsencrypt.org/directory
GET
url='https://acme-v01.api.letsencrypt.org/directory'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header--trace-ascii                      /tmp/tmp.k6BDdILEWj-g '
ret='0'
response='{
"VqT5JaJ0BPM": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
   "letsencrypt.org"
],
"terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}'
ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
ACME_NEW_NONCE
ACME_VERSION
Le_NextRenewTime
_on_before_issue
'dns_dp' does not contain 'no'
Le_LocalAddress
Check for domain='manage.ewwe.net'
_currentRoot='dns_dp'
'dns_dp' does not contain 'apache'
_saved_account_key_hash='RPHbiK2M5EX6pPAtI0iUpHzlZTkB24NxlR9MPQgWgys='
_saved_account_key_hash is not changed, skip register account.
Read key length:
_createcsr
domain='manage.ewwe.net'
domainlist
csrkey='/usr/local/nginx/conf/ssl/manage.ewwe.net/manage.ewwe.net.key'
csr='/usr/local/nginx/conf/ssl/manage.ewwe.net/manage.ewwe.net.csr'
csrconf='/usr/local/nginx/conf/ssl/manage.ewwe.net/manage.ewwe.net.csr.conf'
Single domain='manage.ewwe.net'
_is_idn_d='manage.ewwe.net'
_idn_temp
_csr_cn='manage.ewwe.net'
Getting domain auth token for each domain
Getting webroot for domain='manage.ewwe.net'
_w='dns_dp'
_currentRoot='dns_dp'
Getting new-authz for domain='manage.ewwe.net'
_init api for server: https://acme-v01.api.letsencrypt.org/directory
Try new-authz for the 0 time.
_is_idn_d='manage.ewwe.net'
_idn_temp
url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "manage.ew                      we.net"}}'
RSA key
Get nonce. ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
GET
url='https://acme-v01.api.letsencrypt.org/directory'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header--trace-ascii                      /tmp/tmp.8sSbk0joxx-g '
ret='0'
_headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 658
Replay-Nonce: EWzNgLSgHukX3BcOaBE5I0Gb8bCvLpyozrpOjfak5ZU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 04 Apr 2018 06:10:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 Apr 2018 06:10:08 GMT
Connection: keep-alive
'
_CACHED_NONCE='EWzNgLSgHukX3BcOaBE5I0Gb8bCvLpyozrpOjfak5ZU'
nonce='EWzNgLSgHukX3BcOaBE5I0Gb8bCvLpyozrpOjfak5ZU'
POST
_post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "xDVlJkFFs                      tU0f-vplhWtwELca5HbXuaXj2HZVhPe_EPt2QJ1iOei5Vykdv_8mJU6yZHx6idA-i-2nCFlqPKYJ9asaFp0zs-rDDrBc-HfuaZ9lpCK5luksd-fstFy                      EmCtlowxI40NSRNpJSxyvPcJT_Gj0SJgcPNUybR_KWBYdIfIdSnxOPUd2EqqclApYC_OtLCH0j3kzSWahxNWKuDMmPVcO7IVOsy7_kxqimExVfWNKC1                      Lfnbu_QacBMMDtQJ6cLimZH-D58Y0r06O0NoYbjtthhkuHtcuHOj7NrZiXNiuj2yOprIi809aG9EmKrkJSH8ScCWAvKhKu6CXHwIXbQ"}}, "protec                      ted": "eyJub25jZSI6ICJFV3pOZ0xTZ0h1a1gzQmNPYUJFNUkwR2I4YkN2THB5b3pycE9qZmFrNVpVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAx                      LmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYXV0aHoiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0E                      iLCAibiI6ICJ4RFZsSmtGRnN0VTBmLXZwbGhXdHdFTGNhNUhiWHVhWGoySFpWaFBlX0VQdDJRSjFpT2V空格P空格NVZ5a2R2XzhtSlU2eVpIeDZpZEEtaS0ybk                      NGbHFQS1lKOWFzYUZwMHpzLXJERHJCYy1IZnVhWjlscENLNWx1a3NkLWZzdEZ5RW1DdGxvd3hJNDBOU1JOcEpTeHl2UGNKVF9HajBTSmdjUE5VeWJSX                      0tXQllkSWZJZFNueE9QVWQyRXFxY2xBcFlDX090TENIMGoza3pTV2FoeE5XS3VETW1QVmNPN0lWT3N5N19reHFpbUV4VmZXTktDMUxmbmJ1X1FhY0JN                      TUR0UUo2Y0xpbVpILUQ1OFkwcjA2TzBOb1lianR0aGhrdUh0Y3VIT2o3TnJaaVhOaXVqMnlPcHJJaTgwOWFHOUVtS3JrSlNIOFNjQ1dBdktoS3U2Q1h                      Id0lYYlEifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAi                      bWFuYWdlLmV3d2UubmV0In19", "signature": "kR1ZKPMER2ID1cMrOeO9_cgGAgEMArItRz4M6rQPVAZ9QfE_EY01s-Hn4DfIqUtvUXlcoBfqCH                      kfMPSKobHwKnQ6qToMVJ5mU9XEvnREwlsv0vr4G1MkkYO8VjRVl0x7H97vbjGfuv3pArHrqG7BOBSF-gdyvQ3RtyGV60gqo2J_Pr0jLzL89Bt_HfEbz                      SYVy_spp3o0NpidktGMI8Iqj_FjIAbzCwoZyfAWEHT2ZWuokFpif7IxPGOFgGvrbL6SZnl0_hcoLsygzzxiohfwreDlBQJF14v3PPc-nymKb0bNSTw5                      GHQmqDNppyUnLHPzrMp54Md_4gqKAWX0H_kMCw"}'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header--trace-ascii                      /tmp/tmp.ptWU1WZt18-g '

licess 发表于 2018-4-4 19:02:24

回复 3# 的帖子

附件里的日志还是上午的

上面贴出的日志中没有错误信息

miniday 发表于 2018-4-8 09:54:37

补一份最新的日志

补一份最新的日志，今天我有升级了一下acme还是不行啊、

[ 本帖最后由 miniday 于 2018-4-8 09:57 编辑 ]

licess 发表于 2018-4-8 10:32:04

回复 5# 的帖子

看你日志里 Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
这个错误的话是连不上他们的服务器
连不上他们服务器是没法生成证书的

要不你pm我ip和root密码我看一下

miniday 发表于 2018-4-9 09:26:52

回复 6# 的帖子

我已经私聊给你了、由于现在的这个服务器服务多，我给了另外一台，不过问题可以重现，应该是一样的问题。

opstyle 发表于 2018-4-10 14:03:24

我也遇到同样的问题，不知道怎么解决，能否提供下解决方案？

我的也是腾讯云香港节点。

licess 发表于 2018-4-10 14:39:36

回复 8# 的帖子

没有具体的日志没法确定原因

miniday 发表于 2018-4-10 16:18:42

原帖由 licess 于 2018-4-8 10:32 发表 http://bbs.vpser.net/images/common/back.gif
看你日志里 Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
这个错误的话是连不上他们的服务器
连不上他们服务器是没法生成证书的

要不你pm我ip和root密码我看一下 ...

------------------------------------------------------------------、

军哥，帮忙看了没？账号密码私聊给你了。

opstyle 发表于 2018-4-10 17:18:58

我也遇到这个问题，自己排查没看出啥原因，可可能是我技术太渣了
现在只好使用 own ssl汗，
期待军哥，把这个问题攻克。

感谢

licess 发表于 2018-4-10 19:40:33

回复 10# 的帖子

早就给你回复过短消息了

licess 发表于 2018-4-10 19:40:50

回复 11# 的帖子

错误信息日志都没有无法进行排查

null 发表于 2018-4-10 19:42:09

改host，github可能被服务商墙了

腾讯云改host后升级成功

miniday 发表于 2018-4-10 22:08:43

原帖由 licess 于 2018-4-10 19:40 发表 http://bbs.vpser.net/images/common/back.gif
早就给你回复过短消息了

额，看到了，不经常玩论坛，没注意短消息，一直看的帖子。

这台服务器可以给你实验用，模拟一下环境，我看也有人出现类似的情形，应该不是个别问题。希望能找到解决办法。

页: [1] 2

VPS侦探论坛's Archiver