lnmp ssl 证书问题,请军哥帮忙看看。
本帖最后由 linuxsir 于 2019-11-19 14:47 编辑概述:
域名:@www都做了 域名dns A解析。
http://fastimg.info/2019/11/19/399ed045d0fd49039221c40818d930e0.jpg
系统关闭了 防火墙,检查了 80 443端口都开放。
Running cmd: issue
_main_domain='wacatka.com'
_alt_domains='www.wacatka.com'
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
DOMAIN_PATH='/usr/local/nginx/conf/ssl/wacatka.com'
Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
_init api for server: https://acme-v02.api.letsencrypt.org/directory
GET
url='https://acme-v02.api.letsencrypt.org/directory'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
ACME_NEW_AUTHZ
ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
ACME_VERSION='2'
Le_NextRenewTime
_on_before_issue
_chk_main_domain='wacatka.com'
_chk_alt_domains='www.wacatka.com'
Le_LocalAddress
d='wacatka.com'
Check for domain='wacatka.com'
_currentRoot='/home/wwwroot/wacatka.com'
d='www.wacatka.com'
Check for domain='www.wacatka.com'
_currentRoot='/home/wwwroot/wacatka.com'
d
_saved_account_key_hash is not changed, skip register account.
Read key length:
_createcsr
Multi domain='DNS:wacatka.com,DNS:www.wacatka.com'
Getting domain auth token for each domain
d='www.wacatka.com'
d
url='https://acme-v02.api.letsencrypt.org/acme/new-order'
payload='{"identifiers": [{"type":"dns","value":"wacatka.com"},{"type":"dns","value":"www.wacatka.com"}]}'
RSA key
HEAD
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g-I'
_ret='0'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='201'
Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/71072502/1547259470'
Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/71072502/1547259470'
url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1305454472'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1305454472'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1305454473'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1305454473'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
d='wacatka.com'
Getting webroot for domain='wacatka.com'
_w='/home/wwwroot/wacatka.com'
_currentRoot='/home/wwwroot/wacatka.com'
entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ","token":"VO76HqcyFK0f1KHu8bq36UUrXvk-uzTc7C1uC0MVmx4"'
token='VO76HqcyFK0f1KHu8bq36UUrXvk-uzTc7C1uC0MVmx4'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
keyauthorization='VO76HqcyFK0f1KHu8bq36UUrXvk-uzTc7C1uC0MVmx4.iPx-Na_34Kgw9hEjz-apFxl0jUd9PEpRToPJ1OHyVNg'
dvlist='wacatka.com#VO76HqcyFK0f1KHu8bq36UUrXvk-uzTc7C1uC0MVmx4.iPx-Na_34Kgw9hEjz-apFxl0jUd9PEpRToPJ1OHyVNg#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ#http-01#/home/wwwroot/wacatka.com'
d='www.wacatka.com'
Getting webroot for domain='www.wacatka.com'
_w='/home/wwwroot/wacatka.com'
_currentRoot='/home/wwwroot/wacatka.com'
entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454473/hHhoag","token":"Wsw2uE8FwTbgoSiQChEHB6S17RKhmOo4QBKvXNVkAoQ"'
token='Wsw2uE8FwTbgoSiQChEHB6S17RKhmOo4QBKvXNVkAoQ'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454473/hHhoag'
keyauthorization='Wsw2uE8FwTbgoSiQChEHB6S17RKhmOo4QBKvXNVkAoQ.iPx-Na_34Kgw9hEjz-apFxl0jUd9PEpRToPJ1OHyVNg'
dvlist='www.wacatka.com#Wsw2uE8FwTbgoSiQChEHB6S17RKhmOo4QBKvXNVkAoQ.iPx-Na_34Kgw9hEjz-apFxl0jUd9PEpRToPJ1OHyVNg#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454473/hHhoag#http-01#/home/wwwroot/wacatka.com'
d
vlist='wacatka.com#VO76HqcyFK0f1KHu8bq36UUrXvk-uzTc7C1uC0MVmx4.iPx-Na_34Kgw9hEjz-apFxl0jUd9PEpRToPJ1OHyVNg#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ#http-01#/home/wwwroot/wacatka.com,www.wacatka.com#Wsw2uE8FwTbgoSiQChEHB6S17RKhmOo4QBKvXNVkAoQ.iPx-Na_34Kgw9hEjz-apFxl0jUd9PEpRToPJ1OHyVNg#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454473/hHhoag#http-01#/home/wwwroot/wacatka.com,'
d='wacatka.com'
d='www.wacatka.com'
ok, let's start to verify
Verifying: wacatka.com
d='wacatka.com'
keyauthorization='VO76HqcyFK0f1KHu8bq36UUrXvk-uzTc7C1uC0MVmx4.iPx-Na_34Kgw9hEjz-apFxl0jUd9PEpRToPJ1OHyVNg'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
_currentRoot='/home/wwwroot/wacatka.com'
wellknown_path='/home/wwwroot/wacatka.com/.well-known/acme-challenge'
writing token:VO76HqcyFK0f1KHu8bq36UUrXvk-uzTc7C1uC0MVmx4 to /home/wwwroot/wacatka.com/.well-known/acme-challenge/VO76HqcyFK0f1KHu8bq36UUrXvk-uzTc7C1uC0MVmx4
Changing owner/group of .well-known to www:www
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
payload='{}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
本帖最后由 linuxsir 于 2019-11-19 14:51 编辑
trigger validation code: 200
sleep 2 secs to verify
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
Pending
sleep 2 secs to verify
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
Pending
sleep 2 secs to verify
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
Pending
sleep 2 secs to verify
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
Pending
sleep 2 secs to verify
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
Pending
sleep 2 secs to verify
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
wacatka.com:Verify error:Fetching http://wacatka.com/.well-known/acme-challenge/VO76HqcyFK0f1KHu8bq36UUrXvk-uzTc7C1uC0MVmx4: Timeout during connect (likely firewall problem)
pid
No need to restore nginx, skip.
_clearupdns
dns_entries
skip dns.
_on_issue_err
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
payload='{}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454472/Z3jlxQ'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='400'
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454473/hHhoag'
payload='{}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1305454473/hHhoag'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
按日志看是网站无法访问
你自己在网站目录下放个文件自己访问测试看看
页:
[1]