yisou 发表于 2021-9-15 06:41:13

lets encrypt自动续期失败

Running cmd: renew
Using config home:/usr/local/acme.sh
default_acme_server
ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
DOMAIN_PATH='/usr/local/nginx/conf/ssl/www.gloryeyeglasses.com'
Renew: 'www.gloryeyeglasses.com'
Le_API='https://acme-v02.api.letsencrypt.org/directory'
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
_init api for server: https://acme-v02.api.letsencrypt.org/directory
Retrying GET
GET
url='https://acme-v02.api.letsencrypt.org/directory'
timeout=
displayError='1'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
ret='0'
_hcode='0'
ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
ACME_NEW_AUTHZ
ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
_main_domain='www.gloryeyeglasses.com'
_alt_domains='gloryeyeglasses.com'
Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
_init api for server: https://acme-v02.api.letsencrypt.org/directory
Le_NextRenewTime='1627891544'
Using CA: https://acme-v02.api.letsencrypt.org/directory
_on_before_issue
_chk_main_domain='www.gloryeyeglasses.com'
_chk_alt_domains='gloryeyeglasses.com'
Le_LocalAddress
d='www.gloryeyeglasses.com'
Check for domain='www.gloryeyeglasses.com'
_currentRoot='/home/wwwroot/www.gloryeyeglasses.com'
d='gloryeyeglasses.com'
Check for domain='gloryeyeglasses.com'
_currentRoot='/home/wwwroot/www.gloryeyeglasses.com'
d
_saved_account_key_hash is not changed, skip register account.
Read key length:
_createcsr
Multi domain='DNS:www.gloryeyeglasses.com,DNS:gloryeyeglasses.com'
Getting domain auth token for each domain
d='gloryeyeglasses.com'
d
url='https://acme-v02.api.letsencrypt.org/acme/new-order'
payload='{"identifiers": [{"type":"dns","value":"www.gloryeyeglasses.com"},{"type":"dns","value":"gloryeyeglasses.com"}]}'
RSA key
Retrying post
HEAD
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g-I'
_ret='0'
_hcode='0'
Retrying post
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
_hcode='0'
code='201'
Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/114724297/24490370240'
Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/114724297/24490370240'
url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/31028173300'

payload
Retrying post
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/31028173300'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
_hcode='0'
code='200'
url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/31028173310'



licess 发表于 2021-9-15 09:56:48

你网站开了301,需要按 https://lnmp.org/faq/lnmp-nginx-301-rewrite.html 单独设置用于续期的规则

yisou 发表于 2021-9-15 06:41:18

payload

Retrying post

POST

_post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/31028173310'

_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '

_ret='0'

_hcode='0'

code='200'

d='www.gloryeyeglasses.com'

Getting webroot for domain='www.gloryeyeglasses.com'

_w='/home/wwwroot/www.gloryeyeglasses.com'

_currentRoot='/home/wwwroot/www.gloryeyeglasses.com'

entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173310/



APGT-Q","token":"5Yvj9okGYctHvKhFxWsq5WrTymHhhEe6rcIW-fPV57g"'

token='5Yvj9okGYctHvKhFxWsq5WrTymHhhEe6rcIW-fPV57g'

uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173310/APGT-Q'

keyauthorization='5Yvj9okGYctHvKhFxWsq5WrTymHhhEe6rcIW-fPV57g.XDGnNDeZCG-q4Bh49vrE86kYo0Mb5MYNzYgVIf4Ur9U'

dvlist='www.gloryeyeglasses.com#5Yvj9okGYctHvKhFxWsq5WrTymHhhEe6rcIW-fPV57g.XDGnNDeZCG-q4Bh49vrE86kYo0Mb5MYNzYgVIf4Ur9U#https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173310/APGT-Q#http-01#/home/wwwroot/www.gloryeyeglasses.com'

d='gloryeyeglasses.com'

Getting webroot for domain='gloryeyeglasses.com'

_w='/home/wwwroot/www.gloryeyeglasses.com'

_currentRoot='/home/wwwroot/www.gloryeyeglasses.com'

entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173300/q_UDAQ","token":"-TFaPjVXijhJ2oAvqlpAU92ZI0H5gg2_IafD4JtBPuY"'

token='-TFaPjVXijhJ2oAvqlpAU92ZI0H5gg2_IafD4JtBPuY'

uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173300/q_UDAQ'

keyauthorization='-TFaPjVXijhJ2oAvqlpAU92ZI0H5gg2_IafD4JtBPuY.XDGnNDeZCG-q4Bh49vrE86kYo0Mb5MYNzYgVIf4Ur9U'

dvlist='gloryeyeglasses.com#-TFaPjVXijhJ2oAvqlpAU92ZI0H5gg2_IafD4JtBPuY.XDGnNDeZCG-q4Bh49vrE86kYo0Mb5MYNzYgVIf4Ur9U#https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173300/q_UDAQ#http-01#/home/wwwroot/www.gloryeyeglasses.com'

d

vlist='www.gloryeyeglasses.com#5Yvj9okGYctHvKhFxWsq5WrTymHhhEe6rcIW-fPV57g.XDGnNDeZCG-q4Bh49vrE86kYo0Mb5MYNzYgVIf4Ur9U#https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173310/APGT-Q#http-01#/home/wwwroot/www.gloryeyeglasses.com,gloryeyeglasses.com#-TFaPjVXijhJ2oAvqlpAU92ZI0H5gg2_IafD4JtBPuY.XDGnNDeZCG-q4Bh49vrE86kYo0Mb5MYNzYgVIf4Ur9U#https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173300/q_UDAQ#http-01#/home/wwwroot/www.gloryeyeglasses.com,'

d='www.gloryeyeglasses.com'

d='gloryeyeglasses.com'

ok, let's start to verify

Verifying: www.gloryeyeglasses.com

d='www.gloryeyeglasses.com'

keyauthorization='5Yvj9okGYctHvKhFxWsq5WrTymHhhEe6rcIW-fPV57g.XDGnNDeZCG-q4Bh49vrE86kYo0Mb5MYNzYgVIf4Ur9U'

uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173310/APGT-Q'

_currentRoot='/home/wwwroot/www.gloryeyeglasses.com'

wellknown_path='/home/wwwroot/www.gloryeyeglasses.com/.well-known/acme-challenge'

writing token:5Yvj9okGYctHvKhFxWsq5WrTymHhhEe6rcIW-fPV57g to /home/wwwroot/www.gloryeyeglasses.com/.well-known/acme-challenge/5Yvj9okGYctHvKhFxWsq5WrTymHhhEe6rcIW-fPV57g

Changing owner/group of .well-known to www:www

url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173310/APGT-Q'

payload='{}'

Retrying post

POST

_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173310/APGT-Q'

_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '

_ret='0'

_hcode='0'

code='200'

trigger validation code: 200

Pending, The CA is processing your order, please just wait. (1/30)

sleep 2 secs to verify again

checking

url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173310/APGT-Q'

payload

Retrying post

POST

_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173310/APGT-Q'

_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '

_ret='0'

_hcode='0'

code='200'

Pending, The CA is processing your order, please just wait. (2/30)

sleep 2 secs to verify again

checking

url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173310/APGT-Q'

payload

Retrying post

POST

_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173310/APGT-Q'

_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '

_ret='0'

_hcode='0'

code='200'

www.gloryeyeglasses.com:Verify error:Invalid response from https://www.gloryeyeglasses.com/.well-known/acme-challenge/5Yvj9okGYctHvKhFxWsq5WrTymHhhEe6rcIW-fPV57g :

pid

No need to restore nginx, skip.

_clearupdns

dns_entries

skip dns.

_on_issue_err

Please check log file for more details: /usr/local/acme.sh/acme.sh.log

url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173310/APGT-Q'

payload='{}'

Retrying post

POST

_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173310/APGT-Q'

_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '

_ret='0'

_hcode='0'

code='400'

url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173300/q_UDAQ'

payload='{}'

Retrying post

POST

_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/31028173300/q_UDAQ'

_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '

_ret='0'

_hcode='0'

code='200'


军哥, 请问这如何处理呀。 谢谢了!
页: [1]
查看完整版本: lets encrypt自动续期失败