l9950925 发表于 2020-2-15 15:14:58

系统自带的ssl证书续期失败了

军哥新年好,遇到了一个问题需要请教你

安装的是lnmp1.6

添加了一个二级域名,并使用了系统自带的Let'sEncrypt的证书,但是我把crontab的自动更新脚本删除了。。。

现在证书马上就要到期了,我使用手动升级命令: acme.sh --renew -d 域名

但是出现了问题,麻烦你看一下我要怎么解决。



日志:
Running cmd: renew
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
DOMAIN_PATH='/usr/local/nginx/conf/ssl/tlryjg.jiaohusheji.net'
Renew: 'tlryjg.jiaohusheji.net'
Le_API
_main_domain='tlryjg.jiaohusheji.net'
_alt_domains='no'
Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
_init api for server: https://acme-v02.api.letsencrypt.org/directory
GET
url='https://acme-v02.api.letsencrypt.org/directory'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
ACME_NEW_AUTHZ
ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
ACME_VERSION='2'
Le_NextRenewTime='1580446350'
_on_before_issue
_chk_main_domain='tlryjg.jiaohusheji.net'
_chk_alt_domains
Le_LocalAddress
d='tlryjg.jiaohusheji.net'
Check for domain='tlryjg.jiaohusheji.net'
_currentRoot='/home/wwwroot/tlryjg.jiaohusheji.net'
d
_saved_account_key_hash is not changed, skip register account.
Read key length:
_createcsr
Single domain='tlryjg.jiaohusheji.net'
Getting domain auth token for each domain
d
url='https://acme-v02.api.letsencrypt.org/acme/new-order'
payload='{"identifiers": [{"type":"dns","value":"tlryjg.jiaohusheji.net"}]}'
RSA key
HEAD
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g-I'
_ret='0'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='201'
Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/69649468/2337235879'
Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/69649468/2337235879'
url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/2826459960'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/2826459960'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
d='tlryjg.jiaohusheji.net'
Getting webroot for domain='tlryjg.jiaohusheji.net'
_w='/home/wwwroot/tlryjg.jiaohusheji.net'
_currentRoot='/home/wwwroot/tlryjg.jiaohusheji.net'
entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A","token":"aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ"'
token='aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
keyauthorization='aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ.MRUZ5DWTAV3hva6TT0QYRS_Na049T9UclLzLWAR7UhA'
dvlist='tlryjg.jiaohusheji.net#aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ.MRUZ5DWTAV3hva6TT0QYRS_Na049T9UclLzLWAR7UhA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A#http-01#/home/wwwroot/tlryjg.jiaohusheji.net'
d
vlist='tlryjg.jiaohusheji.net#aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ.MRUZ5DWTAV3hva6TT0QYRS_Na049T9UclLzLWAR7UhA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A#http-01#/home/wwwroot/tlryjg.jiaohusheji.net,'
d='tlryjg.jiaohusheji.net'
ok, let's start to verify
Verifying: tlryjg.jiaohusheji.net
d='tlryjg.jiaohusheji.net'
keyauthorization='aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ.MRUZ5DWTAV3hva6TT0QYRS_Na049T9UclLzLWAR7UhA'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
_currentRoot='/home/wwwroot/tlryjg.jiaohusheji.net'
wellknown_path='/home/wwwroot/tlryjg.jiaohusheji.net/.well-known/acme-challenge'
writing token:aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ to /home/wwwroot/tlryjg.jiaohusheji.net/.well-known/acme-challenge/aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ
Changing owner/group of .well-known to www:www
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
payload='{}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
trigger validation code: 200
sleep 2 secs to verify
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
tlryjg.jiaohusheji.net:Verify error:Invalid response from https://tlryjg.jiaohusheji.net/.well-known/acme-challenge/aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ :
pid
No need to restore nginx, skip.
_clearupdns
dns_entries
skip dns.
_on_issue_err
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
payload='{}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='400'


licess 发表于 2020-2-15 19:15:43

crontab 里面你可以自己再重新添加一下:
40 0 * * * "/usr/local/acme.sh"/acme.sh --cron --home "/usr/local/acme.sh" > /dev/null
手动续期的话可以执行 "/usr/local/acme.sh"/acme.sh --cron --home "/usr/local/acme.sh" 这样试一下

你这个域名的验证文件不存在,可能你更改过该域名对应的配置文件设置,如root网站目录、或设置过其他一些影响续期的配置
页: [1]
查看完整版本: 系统自带的ssl证书续期失败了