VPS侦探论坛 › LNMP一键安装包 › Let's Encrypt SSL Certificate create failed!

ms3307 发表于 2020-7-21 16:50:38

Let's Encrypt SSL Certificate create failed!

创建虚拟主机的时候，我的域名ssl一直创建不了。军哥，是域名解析的问题吗？

ms3307 发表于 2020-7-21 16:51:16

/usr/local/acme.sh/acme.sh
Starting create SSL Certificate use Let's Encrypt...
Creating domain key
The domain key is here: /usr/local/nginx/conf/ssl                                                                           /xinliuyi.ws1268.com/xinliuyi.ws1268.com.key
Single domain='xinliuyi.ws1268.com'
Getting domain auth token for each domain
Getting webroot for domain='xinliuyi.ws1268.com'
Verifying: xinliuyi.ws1268.com
xinliuyi.ws1268.com:Verify error:Fetching http://xinliuyi.ws1268.com/.well-known/acme-challenge/YhJ3_C4                     tduaQIk_NEOZgxP7IpJbgxu30VRMzT9UCtEM: Connection reset by peer
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
Let's Encrypt SSL Certificate create failed!

ms3307 发表于 2020-7-21 16:51:47

Running cmd: issue
_main_domain='xinliuyi.ws1268.com'
_alt_domains='no'
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
DOMAIN_PATH='/usr/local/nginx/conf/ssl/xinliuyi.ws1268.com'
Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
_init api for server: https://acme-v02.api.letsencrypt.org/directory
GET
url='https://acme-v02.api.letsencrypt.org/directory'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
ACME_NEW_AUTHZ
ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
ACME_VERSION='2'
_on_before_issue
_chk_main_domain='xinliuyi.ws1268.com'
_chk_alt_domains
Le_LocalAddress
d='xinliuyi.ws1268.com'
Check for domain='xinliuyi.ws1268.com'
_currentRoot='/home/wwwroot/xinliuyi.ws1268.com'
d
_saved_account_key_hash is not changed, skip register account.
Read key length:
Creating domain key
Use DEFAULT_DOMAIN_KEY_LENGTH=2048
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
Use length 2048
Using RSA: 2048
The domain key is here: /usr/local/nginx/conf/ssl/xinliuyi.ws1268.com/xinliuyi.ws1268.com.key
_createcsr
Single domain='xinliuyi.ws1268.com'
Getting domain auth token for each domain
d
url='https://acme-v02.api.letsencrypt.org/acme/new-order'
payload='{"identifiers": [{"type":"dns","value":"xinliuyi.ws1268.com"}]}'
RSA key
HEAD
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g-I'
_ret='0'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='201'
Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/71717027/4305056408'
Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/71717027/4305056408'
url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/6015350539'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/6015350539'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
d='xinliuyi.ws1268.com'
Getting webroot for domain='xinliuyi.ws1268.com'
_w='/home/wwwroot/xinliuyi.ws1268.com'
_currentRoot='/home/wwwroot/xinliuyi.ws1268.com'
entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/6015350539/CZhcpw","token":"YhJ3_C4tduaQIk_NEOZgxP7IpJbgxu30VRMzT9UCtEM"'
token='YhJ3_C4tduaQIk_NEOZgxP7IpJbgxu30VRMzT9UCtEM'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6015350539/CZhcpw'
keyauthorization='YhJ3_C4tduaQIk_NEOZgxP7IpJbgxu30VRMzT9UCtEM.GWGcA_WZB-v9Y1H8QUOpUVUxWwqX_XRlWIMnNrGNPyA'
dvlist='xinliuyi.ws1268.com#YhJ3_C4tduaQIk_NEOZgxP7IpJbgxu30VRMzT9UCtEM.GWGcA_WZB-v9Y1H8QUOpUVUxWwqX_XRlWIMnNrGNPyA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/6015350539/CZhcpw#http-01#/home/wwwroot/xinliuyi.ws1268.com'
d
vlist='xinliuyi.ws1268.com#YhJ3_C4tduaQIk_NEOZgxP7IpJbgxu30VRMzT9UCtEM.GWGcA_WZB-v9Y1H8QUOpUVUxWwqX_XRlWIMnNrGNPyA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/6015350539/CZhcpw#http-01#/home/wwwroot/xinliuyi.ws1268.com,'
d='xinliuyi.ws1268.com'
ok, let's start to verify
Verifying: xinliuyi.ws1268.com
d='xinliuyi.ws1268.com'
keyauthorization='YhJ3_C4tduaQIk_NEOZgxP7IpJbgxu30VRMzT9UCtEM.GWGcA_WZB-v9Y1H8QUOpUVUxWwqX_XRlWIMnNrGNPyA'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6015350539/CZhcpw'
_currentRoot='/home/wwwroot/xinliuyi.ws1268.com'
wellknown_path='/home/wwwroot/xinliuyi.ws1268.com/.well-known/acme-challenge'
writing token:YhJ3_C4tduaQIk_NEOZgxP7IpJbgxu30VRMzT9UCtEM to /home/wwwroot/xinliuyi.ws1268.com/.well-known/acme-challenge/YhJ3_C4tduaQIk_NEOZgxP7IpJbgxu30VRMzT9UCtEM
Changing owner/group of .well-known to www:www
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6015350539/CZhcpw'
payload='{}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6015350539/CZhcpw'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
trigger validation code: 200
sleep 2 secs to verify
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6015350539/CZhcpw'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6015350539/CZhcpw'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='200'
xinliuyi.ws1268.com:Verify error:Fetching http://xinliuyi.ws1268.com/.well-known/acme-challenge/YhJ3_C4tduaQIk_NEOZgxP7IpJbgxu30VRMzT9UCtEM: Connection reset by peer
pid
No need to restore nginx, skip.
_clearupdns
dns_entries
skip dns.
_on_issue_err
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6015350539/CZhcpw'
payload='{}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/6015350539/CZhcpw'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='400'

ms3307 发表于 2020-7-21 16:53:31

后面两个帖子，一个命令返回的信息，一个是复制的日志文件

licess 发表于 2020-7-21 20:32:17

你这域名被墙了，虽然现在是国内的机器，国内可以访问但是国外是无法访问的，所以也就无法验证域名生成ssl证书，只能用泛域名方式生成ssl证书

ms3307 发表于 2020-7-22 10:38:15

好，我配置泛域名增加ssl，感谢:kiss::D

查看完整版本: Let's Encrypt SSL Certificate create failed!