VPS侦探论坛 › LNMP一键安装包 › 安装ssl证书提示无效

airuib 发表于 2019-3-14 11:04:45

安装ssl证书提示无效

安装ssl证书提示无效 www.2kyb.com:Verify error:Invalid response from https://www.2kyb.com/.well-known/acme-challenge/MCeCu13r6OL1fT0eJzzF5MFwDn0gcMDmDGN       mvH20yT4 :
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
Let's Encrypt SSL Certificate create failed!


下面是日志

_main_domain='www.2kyb.com'
_alt_domains='2kyb.com'
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
DOMAIN_PATH='/usr/local/nginx/conf/ssl/www.2kyb.com'
Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
_init api for server: https://acme-v01.api.letsencrypt.org/directory
GET
url='https://acme-v01.api.letsencrypt.org/directory'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
ACME_NEW_NONCE
ACME_VERSION
_on_before_issue
_chk_main_domain='www.2kyb.com'
_chk_alt_domains='2kyb.com'
Le_LocalAddress
d='www.2kyb.com'
Check for domain='www.2kyb.com'
_currentRoot='/home/wwwroot/www.2kyb.com'
d='2kyb.com'
Check for domain='2kyb.com'
_currentRoot='/home/wwwroot/www.2kyb.com'
d
_saved_account_key_hash is not changed, skip register account.
Read key length:
Creating domain key
Use DEFAULT_DOMAIN_KEY_LENGTH=2048
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
Use length 2048
Using RSA: 2048
The domain key is here: /usr/local/nginx/conf/ssl/www.2kyb.com/www.2kyb.com.key
_createcsr
Multi domain='DNS:www.2kyb.com,DNS:2kyb.com'
Getting domain auth token for each domain
d='www.2kyb.com'
Getting webroot for domain='www.2kyb.com'
_w='/home/wwwroot/www.2kyb.com'
_currentRoot='/home/wwwroot/www.2kyb.com'
Getting new-authz for domain='www.2kyb.com'
_init api for server: https://acme-v01.api.letsencrypt.org/directory
Try new-authz for the 0 time.
url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "www.2kyb.com"}}'
RSA key
GET
url='https://acme-v01.api.letsencrypt.org/directory'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
POST
_post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='201'
The new-authz request is ok.
entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317","token":"MCeCu13r6OL1fT0eJzzF5MFwDn0gcMDmDGNmvH20yT4"'
token='MCeCu13r6OL1fT0eJzzF5MFwDn0gcMDmDGNmvH20yT4'
uri='https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317'
keyauthorization='MCeCu13r6OL1fT0eJzzF5MFwDn0gcMDmDGNmvH20yT4.9K_SVByNPPnEjmn5vKz9qFSYbvW_2hX_cvHEzZDW-y0'
dvlist='www.2kyb.com#MCeCu13r6OL1fT0eJzzF5MFwDn0gcMDmDGNmvH20yT4.9K_SVByNPPnEjmn5vKz9qFSYbvW_2hX_cvHEzZDW-y0#https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317#http-01#/home/wwwroot/www.2kyb.com'
d='2kyb.com'
Getting webroot for domain='2kyb.com'
_w='/home/wwwroot/www.2kyb.com'
_currentRoot='/home/wwwroot/www.2kyb.com'
Getting new-authz for domain='2kyb.com'
_init api for server: https://acme-v01.api.letsencrypt.org/directory
Try new-authz for the 0 time.
url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "2kyb.com"}}'
POST
_post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='201'

airuib 发表于 2019-3-14 11:04:49

The new-authz request is ok.
entry='"type":"http-01","status":"valid","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/rn3riMBeLUdPOlBjt_fGwoOx8OFWwQx7dHiuIBgSI9I/13628546515","token":"HLtkXSSU2aP9PN52oEs7CkKjaFmk73QHC8-6D4C1svU","validationRecord":[{"url":"http://2kyb.com/.well-known/acme-challenge/HLtkXSSU2aP9PN52oEs7CkKjaFmk73QHC8-6D4C1svU","hostname":"2kyb.com","port":"80","addressesResolved":["172.247.246.119","172.247.246.101","172.247.246.113","23.225.74.137","23.225.74.138","23.225.94.27","23.225.94.37","23.225.94.32","172.247.246.106"],"addressUsed":"172.247.246.119"'
token='HLtkXSSU2aP9PN52oEs7CkKjaFmk73QHC8-6D4C1svU'
uri='https://acme-v01.api.letsencrypt.org/acme/challenge/rn3riMBeLUdPOlBjt_fGwoOx8OFWwQx7dHiuIBgSI9I/13628546515'
keyauthorization='HLtkXSSU2aP9PN52oEs7CkKjaFmk73QHC8-6D4C1svU.9K_SVByNPPnEjmn5vKz9qFSYbvW_2hX_cvHEzZDW-y0'
2kyb.com is already verified.
keyauthorization='verified_ok'
dvlist='2kyb.com#verified_ok#https://acme-v01.api.letsencrypt.org/acme/challenge/rn3riMBeLUdPOlBjt_fGwoOx8OFWwQx7dHiuIBgSI9I/13628546515#http-01#/home/wwwroot/www.2kyb.com'
d
vlist='www.2kyb.com#MCeCu13r6OL1fT0eJzzF5MFwDn0gcMDmDGNmvH20yT4.9K_SVByNPPnEjmn5vKz9qFSYbvW_2hX_cvHEzZDW-y0#https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317#http-01#/home/wwwroot/www.2kyb.com,2kyb.com#verified_ok#https://acme-v01.api.letsencrypt.org/acme/challenge/rn3riMBeLUdPOlBjt_fGwoOx8OFWwQx7dHiuIBgSI9I/13628546515#http-01#/home/wwwroot/www.2kyb.com,'
d='www.2kyb.com'
d='2kyb.com'
2kyb.com is already verified, skip http-01.
ok, let's start to verify
Verifying:www.2kyb.com
d='www.2kyb.com'
keyauthorization='MCeCu13r6OL1fT0eJzzF5MFwDn0gcMDmDGNmvH20yT4.9K_SVByNPPnEjmn5vKz9qFSYbvW_2hX_cvHEzZDW-y0'
uri='https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317'
_currentRoot='/home/wwwroot/www.2kyb.com'
wellknown_path='/home/wwwroot/www.2kyb.com/.well-known/acme-challenge'
writing token:MCeCu13r6OL1fT0eJzzF5MFwDn0gcMDmDGNmvH20yT4 to /home/wwwroot/www.2kyb.com/.well-known/acme-challenge/MCeCu13r6OL1fT0eJzzF5MFwDn0gcMDmDGNmvH20yT4
Changing owner/group of .well-known to www:www
url='https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317'
payload='{"resource": "challenge", "keyAuthorization": "MCeCu13r6OL1fT0eJzzF5MFwDn0gcMDmDGNmvH20yT4.9K_SVByNPPnEjmn5vKz9qFSYbvW_2hX_cvHEzZDW-y0"}'
POST
_post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='202'
sleep 2 secs to verify
checking
GET
url='https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
Pending
sleep 2 secs to verify
checking
GET
url='https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
Pending
sleep 2 secs to verify
checking
GET
url='https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
Pending
sleep 2 secs to verify
checking
GET
url='https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
Pending
sleep 2 secs to verify
checking
GET
url='https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
Pending
sleep 2 secs to verify
checking
GET
url='https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
www.2kyb.com:Verify error:Invalid response from https://www.2kyb.com/.well-known/acme-challenge/MCeCu13r6OL1fT0eJzzF5MFwDn0gcMDmDGNmvH20yT4 :
pid
No need to restore nginx, skip.
_clearupdns
skip dns.
_on_issue_err
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
url='https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317'
payload='{"resource": "challenge", "keyAuthorization": "MCeCu13r6OL1fT0eJzzF5MFwDn0gcMDmDGNmvH20yT4.9K_SVByNPPnEjmn5vKz9qFSYbvW_2hX_cvHEzZDW-y0"}'
POST
_post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/RT-pOOp8tX3Vj1c5d8jnqWX0qhBRPaJcgKmSI4rl2iE/13629904317'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='400'
url='https://acme-v01.api.letsencrypt.org/acme/challenge/rn3riMBeLUdPOlBjt_fGwoOx8OFWwQx7dHiuIBgSI9I/13628546515'
payload='{"resource": "challenge", "keyAuthorization": "verified_ok"}'
POST
_post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/rn3riMBeLUdPOlBjt_fGwoOx8OFWwQx7dHiuIBgSI9I/13628546515'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='202'

airuib 发表于 2019-3-14 11:05:05

怎么回事
以前都可以正常安装

licess 发表于 2019-3-14 13:26:43

网站都无法访问，肯定是无法生成ssl证书的

查看完整版本: 安装ssl证书提示无效