今天使用lnmp1.6添加免费的ssl证书失败
具体失败的位置 是在证书验证的地方。说是访问失败。jybox.jdrj.top:Verify error:Fetching http://jybox.jdrj.top/.well-known/acme-challenge/uqvDyxKKol_-TrJqdgxfTgtqFZzcUmhp-0Oz-netHlI: Timeout during connect (likely firewall problem)
报错说连接不上。我看了下。www目录下并没有生成.well-known目录,试过多次均无效。不知道是哪里出了问题。
刚刚又试了一次。还是不行。下面是刚刚试的日志:
Running cmd: issue
_main_domain='mp.jy52bb.com'
_alt_domains='jy52bb.jdrj.top'
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
DOMAIN_PATH='/usr/local/nginx/conf/ssl/mp.jy52bb.com'
Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
_init api for server: https://acme-v02.api.letsencrypt.org/directory
GET
url='https://acme-v02.api.letsencrypt.org/directory'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
ACME_NEW_AUTHZ
ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
ACME_VERSION='2'
_on_before_issue
_chk_main_domain='mp.jy52bb.com'
_chk_alt_domains='jy52bb.jdrj.top'
Le_LocalAddress
d='mp.jy52bb.com'
Check for domain='mp.jy52bb.com'
_currentRoot='/home/wwwroot/mp.jy52bb.com'
d='jy52bb.jdrj.top'
Check for domain='jy52bb.jdrj.top'
_currentRoot='/home/wwwroot/mp.jy52bb.com'
d
config file is empty, can not read CA_KEY_HASH
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
_init api for server: https://acme-v02.api.letsencrypt.org/directory
Use default length 2048
length='2048'
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
Use length 2048
Using RSA: 2048
Create account key ok.
RSA key
Registering account
url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
payload='{"termsOfServiceAgreed": true}'
HEAD
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g-I'
_ret='0'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-acct'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='201'
Registered
_accUri='https://acme-v02.api.letsencrypt.org/acme/acct/71759430'
Calc CA_KEY_HASH='hDgN0Mw7HWuUDQ2OIJp3O04yBKxZu2t+Hx51jdn79S4='
ACCOUNT_THUMBPRINT='buIc7w-VeeedjONRUWOLJp8U-jACvzp-m7RwB8vZKaQ'
Read key length:
Creating domain key
Use DEFAULT_DOMAIN_KEY_LENGTH=2048
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
Use length 2048
Using RSA: 2048
The domain key is here: /usr/local/nginx/conf/ssl/mp.jy52bb.com/mp.jy52bb.com.key
_createcsr
Multi domain='DNS:mp.jy52bb.com,DNS:jy52bb.jdrj.top'
Getting domain auth token for each domain
d='jy52bb.jdrj.top'
d
url='https://acme-v02.api.letsencrypt.org/acme/new-order'
payload='{"identifiers": [{"type":"dns","value":"mp.jy52bb.com"},{"type":"dns","value":"jy52bb.jdrj.top"}]}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='201'
Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/71759430/1510305126'
Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/71759430/1510305126'
url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1233885076'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1233885076'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1233885077'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1233885077'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
d='mp.jy52bb.com'
Getting webroot for domain='mp.jy52bb.com'
_w='/home/wwwroot/mp.jy52bb.com'
_currentRoot='/home/wwwroot/mp.jy52bb.com'
entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA","token":"5LnUZ9IpodvcOGMiRlCvD1e4T0yBAN75zPkqasDY7xs"'
token='5LnUZ9IpodvcOGMiRlCvD1e4T0yBAN75zPkqasDY7xs'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA'
keyauthorization='5LnUZ9IpodvcOGMiRlCvD1e4T0yBAN75zPkqasDY7xs.buIc7w-VeeedjONRUWOLJp8U-jACvzp-m7RwB8vZKaQ'
dvlist='mp.jy52bb.com#5LnUZ9IpodvcOGMiRlCvD1e4T0yBAN75zPkqasDY7xs.buIc7w-VeeedjONRUWOLJp8U-jACvzp-m7RwB8vZKaQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA#http-01#/home/wwwroot/mp.jy52bb.com'
d='jy52bb.jdrj.top'
Getting webroot for domain='jy52bb.jdrj.top'
_w='/home/wwwroot/mp.jy52bb.com'
_currentRoot='/home/wwwroot/mp.jy52bb.com'
entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885076/2AC0pA","token":"mggA4dHrrmlR3U9EohTBmOMBCPfaIhUhLiWUbitPFUs"'
token='mggA4dHrrmlR3U9EohTBmOMBCPfaIhUhLiWUbitPFUs'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885076/2AC0pA'
keyauthorization='mggA4dHrrmlR3U9EohTBmOMBCPfaIhUhLiWUbitPFUs.buIc7w-VeeedjONRUWOLJp8U-jACvzp-m7RwB8vZKaQ'
dvlist='jy52bb.jdrj.top#mggA4dHrrmlR3U9EohTBmOMBCPfaIhUhLiWUbitPFUs.buIc7w-VeeedjONRUWOLJp8U-jACvzp-m7RwB8vZKaQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885076/2AC0pA#http-01#/home/wwwroot/mp.jy52bb.com'
d
vlist='mp.jy52bb.com#5LnUZ9IpodvcOGMiRlCvD1e4T0yBAN75zPkqasDY7xs.buIc7w-VeeedjONRUWOLJp8U-jACvzp-m7RwB8vZKaQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA#http-01#/home/wwwroot/mp.jy52bb.com,jy52bb.jdrj.top#mggA4dHrrmlR3U9EohTBmOMBCPfaIhUhLiWUbitPFUs.buIc7w-VeeedjONRUWOLJp8U-jACvzp-m7RwB8vZKaQ#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885076/2AC0pA#http-01#/home/wwwroot/mp.jy52bb.com,'
d='mp.jy52bb.com'
d='jy52bb.jdrj.top'
ok, let's start to verify
Verifying: mp.jy52bb.com
d='mp.jy52bb.com'
keyauthorization='5LnUZ9IpodvcOGMiRlCvD1e4T0yBAN75zPkqasDY7xs.buIc7w-VeeedjONRUWOLJp8U-jACvzp-m7RwB8vZKaQ'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA'
_currentRoot='/home/wwwroot/mp.jy52bb.com'
wellknown_path='/home/wwwroot/mp.jy52bb.com/.well-known/acme-challenge'
writing token:5LnUZ9IpodvcOGMiRlCvD1e4T0yBAN75zPkqasDY7xs to /home/wwwroot/mp.jy52bb.com/.well-known/acme-challenge/5LnUZ9IpodvcOGMiRlCvD1e4T0yBAN75zPkqasDY7xs
Changing owner/group of .well-known to www:www
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA'
payload='{}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
trigger validation code: 200
sleep 2 secs to verify
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
Pending
sleep 2 secs to verify
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
Pending
sleep 2 secs to verify
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
Pending
sleep 2 secs to verify
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
mp.jy52bb.com:Verify error:Fetching http://mp.jy52bb.com/.well-known/acme-challenge/5LnUZ9IpodvcOGMiRlCvD1e4T0yBAN75zPkqasDY7xs: Timeout during connect (likely firewall problem)
pid
No need to restore nginx, skip.
_clearupdns
dns_entries
skip dns.
_on_issue_err
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA'
payload='{}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885077/pXQchA'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='400'
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885076/2AC0pA'
payload='{}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1233885076/2AC0pA'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200' 你top这个域名都没解析肯定,无法进行验证
mp的域名lestencrypt访问不到,返回的400错误
验证目录 .well-known 都是自动添加删除的,你去看肯定没有 刚刚试了下,成功了。但是这期间解析没有调整过。难道是之前解析生效需要很长时间的原因。不过之前都有过了半天再试,也失败。不管啥原因了。反正现在OK就好;P
页:
[1]