无法更新证书了是怎么回事呢?
之前搭建了网站,后来网站升级吧源文件夹删除了换成了新的,现在证书无法更新了,手动更新出现一下问题:Fri Dec 31 02:02:21 CST 2021] Processing, The CA is processing your order, please just wait. (28/30)
Processing, The CA is processing your order, please just wait. (29/30)
wiki.wandersky.org:Timeout
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
查看日志:
Running cmd: renew
Using config home:/usr/local/acme.sh
default_acme_server
ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
DOMAIN_PATH='/usr/local/nginx/conf/ssl/wiki.wandersky.org'
Renew: 'wiki.wandersky.org'
Le_API='https://acme.zerossl.com/v2/DV90'
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
_main_domain='wiki.wandersky.org'
_alt_domains='no'
Le_NextRenewTime='1637132823'
Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
_init api for server: https://acme.zerossl.com/v2/DV90
Retrying GET
GET
url='https://acme.zerossl.com/v2/DV90'
timeout=
displayError='1'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
ret='0'
_hcode='0'
ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
ACME_NEW_AUTHZ
ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20201020_Certificate_Subscriber_Agreement_v_2_4_click.pdf'
ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
Using CA: https://acme.zerossl.com/v2/DV90
_on_before_issue
_chk_main_domain='wiki.wandersky.org'
_chk_alt_domains
Le_LocalAddress
d='wiki.wandersky.org'
Check for domain='wiki.wandersky.org'
_currentRoot='/home/wwwroot/wiki.wandersky.org'
d
_saved_account_key_hash is not changed, skip register account.
Read key length:
_createcsr
Single domain='wiki.wandersky.org'
Getting domain auth token for each domain
d
url='https://acme.zerossl.com/v2/DV90/newOrder'
payload='{"identifiers": [{"type":"dns","value":"wiki.wandersky.org"}]}'
RSA key
Retrying post
HEAD
_post_url='https://acme.zerossl.com/v2/DV90/newNonce'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g-I'
_ret='0'
_hcode='0'
Retrying post
POST
_post_url='https://acme.zerossl.com/v2/DV90/newOrder'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
_hcode='0'
code='201'
Le_LinkOrder='https://acme.zerossl.com/v2/DV90/order/Y6CTHRgFGt9NtH8CepZQVg'
Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/Y6CTHRgFGt9NtH8CepZQVg/finalize'
url='https://acme.zerossl.com/v2/DV90/authz/A87XjFOlR4FtbeAfdBuJtg'
payload
Retrying post
POST
_post_url='https://acme.zerossl.com/v2/DV90/authz/A87XjFOlR4FtbeAfdBuJtg'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
_hcode='0'
code='200'
d='wiki.wandersky.org'
Getting webroot for domain='wiki.wandersky.org'
_w='/home/wwwroot/wiki.wandersky.org'
_currentRoot='/home/wwwroot/wiki.wandersky.org'
entry='"type":"http-01","url":"https://acme.zerossl.com/v2/DV90/chall/9i1Oq1SYaQI3a61Nj6roxQ","status":"pending","token":"boUl7fvjahfXqIDCD_sZPgmNCCmSkYVMxDaD16Emhkc"'
token='boUl7fvjahfXqIDCD_sZPgmNCCmSkYVMxDaD16Emhkc'
uri='https://acme.zerossl.com/v2/DV90/chall/9i1Oq1SYaQI3a61Nj6roxQ'
keyauthorization='boUl7fvjahfXqIDCD_sZPgmNCCmSkYVMxDaD16Emhkc.n9misyNDKa5bFJ6DxJjVJXRbAO1FlFPfnyf-5qikpZU'
dvlist='wiki.wandersky.org#boUl7fvjahfXqIDCD_sZPgmNCCmSkYVMxDaD16Emhkc.n9misyNDKa5bFJ6DxJjVJXRbAO1FlFPfnyf-5qikpZU#https://acme.zerossl.com/v2/DV90/chall/9i1Oq1SYaQI3a61Nj6roxQ#http-01#/home/wwwroot/wiki.wandersky.org'
d
vlist='wiki.wandersky.org#boUl7fvjahfXqIDCD_sZPgmNCCmSkYVMxDaD16Emhkc.n9misyNDKa5bFJ6DxJjVJXRbAO1FlFPfnyf-5qikpZU#https://acme.zerossl.com/v2/DV90/chall/9i1Oq1SYaQI3a61Nj6roxQ#http-01#/home/wwwroot/wiki.wandersky.org,'
d='wiki.wandersky.org'
ok, let's start to verify
Verifying: wiki.wandersky.org
d='wiki.wandersky.org'
keyauthorization='boUl7fvjahfXqIDCD_sZPgmNCCmSkYVMxDaD16Emhkc.n9misyNDKa5bFJ6DxJjVJXRbAO1FlFPfnyf-5qikpZU'
uri='https://acme.zerossl.com/v2/DV90/chall/9i1Oq1SYaQI3a61Nj6roxQ'
_currentRoot='/home/wwwroot/wiki.wandersky.org'
wellknown_path='/home/wwwroot/wiki.wandersky.org/.well-known/acme-challenge'
writing token:boUl7fvjahfXqIDCD_sZPgmNCCmSkYVMxDaD16Emhkc to /home/wwwroot/wiki.wandersky.org/.well-known/acme-challenge/boUl7fvjahfXqIDCD_sZPgmNCCmSkYVMxDaD16Emhkc
Changing owner/group of .well-known to www:www
url='https://acme.zerossl.com/v2/DV90/chall/9i1Oq1SYaQI3a61Nj6roxQ'
payload='{}'
Retrying post
POST
_post_url='https://acme.zerossl.com/v2/DV90/chall/9i1Oq1SYaQI3a61Nj6roxQ'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
_hcode='0'
code='200'
trigger validation code: 200
sleep 2 secs to verify again
checking
url='https://acme.zerossl.com/v2/DV90/chall/9i1Oq1SYaQI3a61Nj6roxQ'
payload
Retrying post
POST
_post_url='https://acme.zerossl.com/v2/DV90/chall/9i1Oq1SYaQI3a61Nj6roxQ'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
_hcode='0'
code='200'
wiki.wandersky.org:Timeout
pid
No need to restore nginx, skip.
_clearupdns
dns_entries
skip dns.
_on_issue_err
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
url='https://acme.zerossl.com/v2/DV90/chall/9i1Oq1SYaQI3a61Nj6roxQ'
payload='{}'
Retrying post
POST
_post_url='https://acme.zerossl.com/v2/DV90/chall/9i1Oq1SYaQI3a61Nj6roxQ'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
_hcode='0'
code='200'
{"type":"urn:ietf:params:acme:error:malformed","status":405,"detail":"The request message was malformed"}
不确定什么原因引起的,可以尝试升级一下:/usr/local/acme.sh/acme.sh --upgrade再续期看一下
licess 发表于 2021-12-31 08:53
不确定什么原因引起的,可以尝试升级一下:/usr/local/acme.sh/acme.sh --upgrade再续期看一下
...
不行,更新后还是这样 licess 发表于 2021-12-31 08:53
不确定什么原因引起的,可以尝试升级一下:/usr/local/acme.sh/acme.sh --upgrade再续期看一下
...
这个站点是wiki,不是php项目,而是vue+go+node,所以使用lnmp创建站点的时候有点问题了 dajf 发表于 2022-1-18 10:08
这个站点是wiki,不是php项目,而是vue+go+node,所以使用lnmp创建站点的时候有点问题了 ...
设置了反向代理到你的wiki项目吗?贴这个域名的虚拟主机配置文件看一下 licess 发表于 2022-1-18 14:18
设置了反向代理到你的wiki项目吗?贴这个域名的虚拟主机配置文件看一下
server
{
listen 80;
#listen [::]:80;
server_name wiki.wandersky.org ;
index index.html index.htm index.php default.html default.htm default.php;
root/home/wwwroot/wiki.wandersky.org;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto$scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
access_log/home/wwwlogs/wiki_access.log;
error_log /home/wwwlogs/wiki_error.log;
}
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name wiki.wandersky.org ;
index index.html index.htm index.php default.html default.htm default.php;
root/home/wwwroot/wiki.wandersky.org;
ssl_certificate /usr/local/nginx/conf/ssl/wiki.wandersky.org/fullchain.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/wiki.wandersky.org/wiki.wandersky.org.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
# openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto$scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
access_log/home/wwwlogs/wiki_access.log;
error_log /home/wwwlogs/wiki_error.log;
}
华为云,阿里云这些都能申请免费证书,挺香的,我在腾讯云的域名都跑到华为云申请域名证书。这段时间腾讯云老发加价通知,以后不在腾讯云玩了。 dajf 发表于 2022-1-21 01:53
按 https://lnmp.org/faq/lnmp-nginx-301-rewrite.html 在 location / 该行上面加上 location ~ /.well-known {
allow all;
}
的配置 licess 发表于 2022-1-21 15:41
按 https://lnmp.org/faq/lnmp-nginx-301-rewrite.html 在 location / 该行上面加上
的配置
可以了,感谢
页:
[1]