ssl 创建证书失败
Running cmd: issue_main_domain='auc.topdoit.com'
_alt_domains='no'
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
DOMAIN_PATH='/usr/local/nginx/conf/ssl/auc.topdoit.com'
Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
_init api for server: https://acme-v02.api.letsencrypt.org/directory
Retrying GET
GET
url='https://acme-v02.api.letsencrypt.org/directory'
timeout=
displayError='1'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
ret='0'
_hcode='0'
ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
ACME_NEW_AUTHZ
ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
Using CA: https://acme-v02.api.letsencrypt.org/directory
_on_before_issue
_chk_main_domain='auc.topdoit.com'
_chk_alt_domains
Le_LocalAddress
d='auc.topdoit.com'
Check for domain='auc.topdoit.com'
_currentRoot='/home/wwwroot/auc.topdoit.com'
d
_saved_account_key_hash is not changed, skip register account.
Read key length:
Creating domain key
Use DEFAULT_DOMAIN_KEY_LENGTH=2048
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
Use length 2048
Using RSA: 2048
The domain key is here: /usr/local/nginx/conf/ssl/auc.topdoit.com/auc.topdoit.com.key
_createcsr
Single domain='auc.topdoit.com'
Getting domain auth token for each domain
d
url='https://acme-v02.api.letsencrypt.org/acme/new-order'
payload='{"identifiers": [{"type":"dns","value":"auc.topdoit.com"}]}'
RSA key
Retrying post
HEAD
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g-I'
_ret='0'
_hcode='0'
Retrying post
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
_hcode='0'
code='201'
Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/172280710/49245762250'
Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/172280710/49245762250'
url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/60895511920'
payload
Retrying post
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/60895511920'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
_hcode='0'
code='200'
d='auc.topdoit.com'
Getting webroot for domain='auc.topdoit.com'
_w='/home/wwwroot/auc.topdoit.com'
_currentRoot='/home/wwwroot/auc.topdoit.com'
entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/60895511920/xHlnOA","token":"qYzYCX9iQgjnUEnA6Ih6bGQ7R5UM29l1S1JzpkGV_7E"'
token='qYzYCX9iQgjnUEnA6Ih6bGQ7R5UM29l1S1JzpkGV_7E'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/60895511920/xHlnOA'
keyauthorization='qYzYCX9iQgjnUEnA6Ih6bGQ7R5UM29l1S1JzpkGV_7E.XpyY5y2hcocYLBOcO3lH65PgNePhn9jSThD_T6sXez8'
dvlist='auc.topdoit.com#qYzYCX9iQgjnUEnA6Ih6bGQ7R5UM29l1S1JzpkGV_7E.XpyY5y2hcocYLBOcO3lH65PgNePhn9jSThD_T6sXez8#https://acme-v02.api.letsencrypt.org/acme/chall-v3/60895511920/xHlnOA#http-01#/home/wwwroot/auc.topdoit.com'
d
vlist='auc.topdoit.com#qYzYCX9iQgjnUEnA6Ih6bGQ7R5UM29l1S1JzpkGV_7E.XpyY5y2hcocYLBOcO3lH65PgNePhn9jSThD_T6sXez8#https://acme-v02.api.letsencrypt.org/acme/chall-v3/60895511920/xHlnOA#http-01#/home/wwwroot/auc.topdoit.com,'
d='auc.topdoit.com'
ok, let's start to verify
Verifying: auc.topdoit.com
d='auc.topdoit.com'
keyauthorization='qYzYCX9iQgjnUEnA6Ih6bGQ7R5UM29l1S1JzpkGV_7E.XpyY5y2hcocYLBOcO3lH65PgNePhn9jSThD_T6sXez8'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/60895511920/xHlnOA'
_currentRoot='/home/wwwroot/auc.topdoit.com'
wellknown_path='/home/wwwroot/auc.topdoit.com/.well-known/acme-challenge'
writing token:qYzYCX9iQgjnUEnA6Ih6bGQ7R5UM29l1S1JzpkGV_7E to /home/wwwroot/auc.topdoit.com/.well-known/acme-challenge/qYzYCX9iQgjnUEnA6Ih6bGQ7R5UM29l1S1JzpkGV_7E
Changing owner/group of .well-known to www:www
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/60895511920/xHlnOA'
payload='{}'
Retrying post
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/60895511920/xHlnOA'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
_hcode='0'
code='200'
trigger validation code: 200
Pending, The CA is processing your order, please just wait. (1/30)
sleep 2 secs to verify again
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/60895511920/xHlnOA'
payload
Retrying post
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/60895511920/xHlnOA'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
_hcode='0'
code='200'
auc.topdoit.com:Verify error:Invalid response from http://auc.topdoit.com/.well-known/acme-challenge/qYzYCX9iQgjnUEnA6Ih6bGQ7R5UM29l1S1JzpkGV_7E :
pid
No need to restore nginx, skip.
_clearupdns
dns_entries
skip dns.
_on_issue_err
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/60895511920/xHlnOA'
payload='{}'
Retrying post
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/60895511920/xHlnOA'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
_hcode='0'
code='400'
Starting create SSL Certificate use Let's Encrypt...
Using CA: https://acme-v02.api.letsencrypt.org/directory
Creating domain key
The domain key is here: /usr/local/nginx/conf/ssl/auc.topdoit.com/auc.topdoit.com.key
Single domain='auc.topdoit.com'
Getting domain auth token for each domain
Getting webroot for domain='auc.topdoit.com'
Verifying: auc.topdoit.com
Pending, The CA is processing your order, please just wait. (1/30)
auc.topdoit.com:Verify error:Invalid response from http://auc.topdoit.com/.well-known/acme-challenge/qYzYCX9iQgjnUEnA6Ih6bGQ7R5UM29l1S1JzpkGV_7E :
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
Let's Encrypt SSL Certificate create failed!
访问验证文件404,可能你添加的虚拟主机未生效或者添加过程中报错或之前nginx上就存在错误
最简单的方法 去 /home/wwwlogs/access.log 查看 如果有 /.well-known/acme-challenge/qYzYCX9iQgjnUEnA6Ih6bGQ7R5UM29l1S1JzpkGV_7E 这个那就肯定是访问的默认虚拟主机,而不是你新添加的这个上 按照你的方法查了,access.log 没有相关记录,可以排除这个错误,单昨天debug时发现有这个错误
Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/",
"status": 429
}
hnqdgyj 发表于 2021-12-23 11:26
按照你的方法查了,access.log 没有相关记录,可以排除这个错误,单昨天debug时发现有这个错误
...
这个是你目前已经超限额了,请求次数过多了
可以尝试选择zerossl或buypass licess 发表于 2021-12-23 19:47
这个是你目前已经超限额了,请求次数过多了
可以尝试选择zerossl或buypass
lnmp1.7 貌似没得选,只有,1,2选择2就是letsencrypt的。 hnqdgyj 发表于 2021-12-24 08:35
lnmp1.7 貌似没得选,只有,1,2选择2就是letsencrypt的。
先在你创建的虚拟主机目录下随便放个index.html 或 index.php 内容随意,确定是否正常生效
lnmp 1.7的话可以用lnmp 1.8的脚本升级一下管理脚本,要不就只能等letsencrypt的限制解除 licess 发表于 2021-12-24 10:36
先在你创建的虚拟主机目录下随便放个index.html 或 index.php 内容随意,确定是否正常生效
lnmp 1.7的话 ...
感谢军哥,已搞定。:victory:
页:
[1]