VPS侦探论坛 › LNMP一键安装包 › lnmp1.8 https过期续签失败

caiheqing 发表于 2022-8-30 14:02:49

lnmp1.8 https过期续签失败

如标题所示，我网站现在已经过期，然后用命令acme.sh --renew -d xxx.com
显示失败，如图所示：
http://drdbsz.oss-cn-shenzhen.aliyuncs.com/220830140253955617355.png
这个要怎么解决？

licess 发表于 2022-8-30 20:05:19

没日志的话，无法肯定确定，截图上是验证文件404，404有可能网站更改过目录或配置文件导致的，如果套了cdn也可能会导致
建议提供acme.sh.log

caiheqing 发表于 2022-8-31 09:07:57

licess 发表于 2022-8-30 20:05
没日志的话，无法肯定确定，截图上是验证文件404，404有可能网站更改过目录或配置文件导致的，如果套了cdn ...

谢谢军哥的回复，我把acme.sh.log代码贴上，麻烦军哥帮我看看，谢谢。
Running cmd: renew
_renewServer
Using config home:/usr/local/acme.sh
default_acme_server
ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
DOMAIN_PATH='/usr/local/nginx/conf/ssl/wenda.snsnz.com'
Renew: 'wenda.snsnz.com'
Le_API='https://acme-v02.api.letsencrypt.org/directory'
Renew to Le_API=https://acme-v02.api.letsencrypt.org/directory
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
_main_domain='wenda.snsnz.com'
_alt_domains='no'
Le_NextRenewTime='1659082914'
Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
_init api for server: https://acme-v02.api.letsencrypt.org/directory
GET
url='https://acme-v02.api.letsencrypt.org/directory'
timeout=
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
ret='0'
ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
ACME_NEW_AUTHZ
ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017-w-v1.3-notice.pdf'
ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
Using CA: https://acme-v02.api.letsencrypt.org/directory
_on_before_issue
_chk_main_domain='wenda.snsnz.com'
_chk_alt_domains
Le_LocalAddress
d='wenda.snsnz.com'
Check for domain='wenda.snsnz.com'
_currentRoot='/home/wwwroot/wenda.snsnz.com'
d
_saved_account_key_hash is not changed, skip register account.
Read key length:2048
_createcsr
Single domain='wenda.snsnz.com'
Getting domain auth token for each domain
d
url='https://acme-v02.api.letsencrypt.org/acme/new-order'
payload='{"identifiers": [{"type":"dns","value":"wenda.snsnz.com"}]}'
RSA key
HEAD
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g-I'
_ret='0'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
code='201'
Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/564061196/121083386897'
Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/564061196/121083386897'
url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/148001281867'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/148001281867'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
code='200'
d='wenda.snsnz.com'
Getting webroot for domain='wenda.snsnz.com'
_w='/home/wwwroot/wenda.snsnz.com'
_currentRoot='/home/wwwroot/wenda.snsnz.com'
entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/148001281867/x9QHTg","token":"n8UlriejP9I75bCeaDRpJQwBHFmDRcdwsV__a9RrwWk"'
token='n8UlriejP9I75bCeaDRpJQwBHFmDRcdwsV__a9RrwWk'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148001281867/x9QHTg'
keyauthorization='n8UlriejP9I75bCeaDRpJQwBHFmDRcdwsV__a9RrwWk.eLZTlw4_Wbes-95llQ7CaaIAslS4SFwRi4E2lZ5hFxU'
dvlist='wenda.snsnz.com#n8UlriejP9I75bCeaDRpJQwBHFmDRcdwsV__a9RrwWk.eLZTlw4_Wbes-95llQ7CaaIAslS4SFwRi4E2lZ5hFxU#https://acme-v02.api.letsencrypt.org/acme/chall-v3/148001281867/x9QHTg#http-01#/home/wwwroot/wenda.snsnz.com'
d
vlist='wenda.snsnz.com#n8UlriejP9I75bCeaDRpJQwBHFmDRcdwsV__a9RrwWk.eLZTlw4_Wbes-95llQ7CaaIAslS4SFwRi4E2lZ5hFxU#https://acme-v02.api.letsencrypt.org/acme/chall-v3/148001281867/x9QHTg#http-01#/home/wwwroot/wenda.snsnz.com,'
d='wenda.snsnz.com'
ok, let's start to verify
Verifying: wenda.snsnz.com
d='wenda.snsnz.com'
keyauthorization='n8UlriejP9I75bCeaDRpJQwBHFmDRcdwsV__a9RrwWk.eLZTlw4_Wbes-95llQ7CaaIAslS4SFwRi4E2lZ5hFxU'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148001281867/x9QHTg'
_currentRoot='/home/wwwroot/wenda.snsnz.com'
wellknown_path='/home/wwwroot/wenda.snsnz.com/.well-known/acme-challenge'
writing token:n8UlriejP9I75bCeaDRpJQwBHFmDRcdwsV__a9RrwWk to /home/wwwroot/wenda.snsnz.com/.well-known/acme-challenge/n8UlriejP9I75bCeaDRpJQwBHFmDRcdwsV__a9RrwWk
Changing owner/group of .well-known to www:www
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148001281867/x9QHTg'
payload='{}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148001281867/x9QHTg'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
code='200'
trigger validation code: 200
Pending, The CA is processing your order, please just wait. (1/30)
sleep 2 secs to verify again
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148001281867/x9QHTg'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148001281867/x9QHTg'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
code='200'
wenda.snsnz.com:Verify error:81.70.204.73: Invalid response from https://wenda.snsnz.com/.well-known/acme-challenge/n8UlriejP9I75bCeaDRpJQwBHFmDRcdwsV__a9RrwWk: 404
pid
No need to restore nginx, skip.
_clearupdns
dns_entries
skip dns.
_on_issue_err
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148001281867/x9QHTg'
payload='{}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148001281867/x9QHTg'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
code='400'

caiheqing 发表于 2022-8-31 17:44:15

caiheqing 发表于 2022-8-31 09:07
谢谢军哥的回复，我把acme.sh.log代码贴上，麻烦军哥帮我看看，谢谢。




军哥，我换了DNS之后就出现下图这个错误：
http://www.meijiehang.com/Uploadfiles/UEditor/Picfile/20220831/6379756465307898687428540.png
acmd.sh.log代码如下：

d
vlist='wenda.snsnz.com#UqaGfuUtoLCjMeG0HVTrD89Hzmhg_pA0semMlQRaTuE.eLZTlw4_Wbes-95llQ7CaaIAslS4SFwRi4E2lZ5hFxU#https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg#http-01#/home/wwwroot/wenda.snsnz.com,'
d='wenda.snsnz.com'
ok, let's start to verify
Verifying: wenda.snsnz.com
d='wenda.snsnz.com'
keyauthorization='UqaGfuUtoLCjMeG0HVTrD89Hzmhg_pA0semMlQRaTuE.eLZTlw4_Wbes-95llQ7CaaIAslS4SFwRi4E2lZ5hFxU'
uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
_currentRoot='/home/wwwroot/wenda.snsnz.com'
wellknown_path='/home/wwwroot/wenda.snsnz.com/.well-known/acme-challenge'
writing token:UqaGfuUtoLCjMeG0HVTrD89Hzmhg_pA0semMlQRaTuE to /home/wwwroot/wenda.snsnz.com/.well-known/acme-challenge/UqaGfuUtoLCjMeG0HVTrD89Hzmhg_pA0semMlQRaTuE
Changing owner/group of .well-known to www:www
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
payload='{}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
code='200'
trigger validation code: 200
Pending, The CA is processing your order, please just wait. (1/30)
sleep 2 secs to verify again
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
code='200'
Pending, The CA is processing your order, please just wait. (2/30)
sleep 2 secs to verify again
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
code='200'
Pending, The CA is processing your order, please just wait. (3/30)
sleep 2 secs to verify again
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
code='200'
Pending, The CA is processing your order, please just wait. (4/30)
sleep 2 secs to verify again
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
code='200'
Pending, The CA is processing your order, please just wait. (5/30)
sleep 2 secs to verify again
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
code='200'
Pending, The CA is processing your order, please just wait. (6/30)
sleep 2 secs to verify again
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
code='200'
Pending, The CA is processing your order, please just wait. (7/30)
sleep 2 secs to verify again
checking
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
payload
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
code='200'
wenda.snsnz.com:Verify error:DNS problem: query timed out looking up A for wenda.snsnz.com; DNS problem: query timed out looking up AAAA for wenda.snsnz.com
pid
No need to restore nginx, skip.
_clearupdns
dns_entries
skip dns.
_on_issue_err
Please check log file for more details: /usr/local/acme.sh/acme.sh.log
url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
payload='{}'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/148133227317/ByMtKg'
_CURL='curl --silent --dump-header /usr/local/acme.sh/http.header-L-g '
_ret='0'
code='400'

licess 发表于 2022-8-31 20:34:12

caiheqing 发表于 2022-8-31 09:07
谢谢军哥的回复，我把acme.sh.log代码贴上，麻烦军哥帮我看看，谢谢。




你这个301的设置就有问题，301的设置 https://lnmp.org 官网上有教程，可以用关键词搜索：301
如果网站目录、配置文件什么的没改动的话应该就可以续期

licess 发表于 2022-8-31 20:34:39

caiheqing 发表于 2022-8-31 17:44
军哥，我换了DNS之后就出现下图这个错误：

acmd.sh.log代码如下：


你用的哪家dns？返回结果上都是超时获取不到A记录

caiheqing 发表于 2022-8-31 22:53:18

licess 发表于 2022-8-31 20:34
你用的哪家dns？返回结果上都是超时获取不到A记录

我用的是这家的dns:
ns3.diymysite.com
ns4.diymysite.com
或者军哥推荐一下哪个DNS记录，我试试

caiheqing 发表于 2022-8-31 23:34:54

licess 发表于 2022-8-31 20:34
你这个301的设置就有问题，301的设置 https://lnmp.org 官网上有教程，可以用关键词搜索：301
如果网站目 ...

我就是按你官网设置的，我把代码贴一下：
server
    {
      listen 80;
      #listen [::]:80;
      server_name wenda.snsnz.com ;
        return 301 https://wenda.snsnz.com$request_uri;
      index index.php;
      root/home/wwwroot/wenda.snsnz.com/public;

      #error_page   404   /404.html;

      # Deny access to PHP files in specific directory
      #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

      include proxy-pass-php.conf;

      location ~ .*\.(js|css)?$
      {
            expires      12h;
      }

      location ~ /.well-known {
            allow all;
      }

      location ~ /\.
      {
            deny all;
      }

      access_log/home/wwwlogs/wenda.snsnz.com.log;
    }我如果在location ~ /.well-known {allow all;}下面加上这个代码就会报错，显示有重复的location,不知道什么原因
location / {
return 301 https://$host$request_uri;
}

caiheqing 发表于 2022-9-1 13:20:47

licess 发表于 2022-8-30 20:05
没日志的话，无法肯定确定，截图上是验证文件404，404有可能网站更改过目录或配置文件导致的，如果套了cdn ...

军哥，我现在用DNSPOD解析，现在我按照命令直接续签证书显示下面，怎么解决？
http://drdbsz.oss-cn-shenzhen.aliyuncs.com/22090113211293989919.png

licess 发表于 2022-9-1 19:31:39

caiheqing 发表于 2022-8-31 23:34
我就是按你官网设置的，我把代码贴一下：
我如果在location ~ /.well-known {allow all;}下面加上这个代 ...

你说前面我问过你几次是否改动过网站目录、配置文件！！！
root/home/wwwroot/wenda.snsnz.com/public;
你这明显和日志中是不一样的目录，目录更改了肯定就无法续期

licess 发表于 2022-9-1 19:32:06

caiheqing 发表于 2022-9-1 13:20
军哥，我现在用DNSPOD解析，现在我按照命令直接续签证书显示下面，怎么解决？




截图上提示你用的dns手动模式这种模式无法自动续期
你要用dns api方式官网上有详细的教程，删除 /usr/local/nginx/conf/ssl/域名 目录后重新生成

caiheqing 发表于 2022-9-1 23:47:09

licess 发表于 2022-9-1 19:32
截图上提示你用的dns手动模式这种模式无法自动续期
你要用dns api方式官网上有详细的教程，删除 /usr/loc ...

谢谢军哥，辛苦了！我好像搞明白了，再咨询一个问题，为什么在301里面我加一个location{return 301 https://$host$request_uri}就报错，nginx -t就显示重复多余的location段，代码如下：server
    {
/*此处省略。。。*/
      location ~ .*\.(js|css)?$
      {
            expires      12h;
      }

      location ~ /.well-known {
            allow all;
      }

      location ~ /\.
      {
            deny all;
      }

       location / {
            return 301 https://$host$request_uri;
      }
    }

licess 发表于 2022-9-2 19:32:49

caiheqing 发表于 2022-9-1 23:47
谢谢军哥，辛苦了！我好像搞明白了，再咨询一个问题，为什么在301里面我加一个location{return 301 https ...

include proxy-pass-php.conf; 这一行注释掉

查看完整版本: lnmp1.8 https过期续签失败