求助 acme配置问题
本帖最后由 sushome 于 2024-7-17 16:03 编辑这个问题困扰我几年了,最近一直想搞好,每次ssl过期都手动申请然后替换文件太痛苦了,我是在freessl中通过acme专属链接去申请证书的:
当前lnmp版本1.4
acme.sh --issue -d domain.com --dns dns_dp --server https://acme.freessl.cn/v2/DV90/directory/xxx然后就报这个错:
Error creating new order. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Trace-ID: 2ecba9be28aeb3df2354f5fa1e350679, KeyID header contained an invalid account URL: \"https://acme.freessl.cn/acme/acct/1187\"",
"status": 400
}
Please check log file for more details: /root/.acme.sh/acme.sh.log我已经配置了一个80端口和443端口,80端口重定向到443,但是一直这个问题,以下是log:
LE_WORKING_DIR='/root/.acme.sh'
Running cmd: issue
_main_domain='domain.com'
_alt_domains='no'
Using config home: /root/.acme.sh
ACME_DIRECTORY='https://acme.freessl.cn/v2/DV90/directory/xxx'
_ACME_SERVER_HOST='acme.freessl.cn'
_ACME_SERVER_PATH='v2/DV90/directory/xxx'
DOMAIN_PATH='/root/.acme.sh/domain.com_ecc'
'dns_dp' does not contain 'dns'
Le_NextRenewTime
Using ACME_DIRECTORY: https://acme.freessl.cn/v2/DV90/directory/xxx
_init API for server: https://acme.freessl.cn/v2/DV90/directory/xxx
GET
url='https://acme.freessl.cn/v2/DV90/directory/xxx'
timeout=
_CURL='curl --silent --dump-header /root/.acme.sh/http.header-L-g '
ret='0'
response='{
字数限制此处省略
}'
ACME_KEY_CHANGE='https://acme.freessl.cn/v2/DV90/key-change/xxx'
ACME_NEW_AUTHZ
ACME_NEW_ORDER='https://acme.freessl.cn/v2/DV90/new-order/xxx'
ACME_NEW_ACCOUNT='https://acme.freessl.cn/v2/DV90/new-account/xxx'
ACME_REVOKE_CERT='https://acme.freessl.cn/v2/DV90/revoke-cert/xxx'
ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20201020_Certificate_Subscriber_Agreement_v_2_4_click.pdf'
ACME_NEW_NONCE='https://acme.freessl.cn/v2/DV90/new-nonce/xxx'
Using CA: https://acme.freessl.cn/v2/DV90/directory/xxx
_on_before_issue
_chk_main_domain='domain.com'
_chk_alt_domains
'dns_dp' does not contain 'no'
Le_LocalAddress
d='domain.com'
Checking for domain='domain.com'
_currentRoot='dns_dp'
d
'dns_dp' does not contain 'apache'
_saved_account_key_hash='SRiWDVHyGE80gxpaoQEU7R70B1rlhmYJIDfIo9oZK1g='
_saved_account_key_hash was not changed, skipping account registration.
Read key length: ec-256
_createcsr
domain='domain.com'
domainlist
csrkey='/root/.acme.sh/domain.com_ecc/domain.com.key'
csr='/root/.acme.sh/domain.com_ecc/domain.com.csr'
csrconf='/root/.acme.sh/domain.com_ecc/domain.com.csr.conf'
Single domain='domain.com'
seg='domain'
_is_idn_d='domain.com'
_idn_temp
_is_idn_d='domain.com'
_idn_temp
_csr_cn='domain.com'
seg='domain'
Getting domain auth token for each domain
seg='domain'
_is_idn_d='domain.com'
_idn_temp
d
_identifiers='{"type":"dns","value":"domain.com"}'
_notBefore
_notAfter
STEP 1, Ordering a Certificate
=======Sending Signed Request=======
url='https://acme.freessl.cn/v2/DV90/new-order/xxx'
payload='{"identifiers": [{"type":"dns","value":"domain.com"}]}'
RSA key
_URGLY_PRINTF
xargs
_URGLY_PRINTF
xargs
Get nonce with HEAD. ACME_NEW_NONCE='https://acme.freessl.cn/v2/DV90/new-nonce/xxx'
HEAD
_post_url='https://acme.freessl.cn/v2/DV90/new-nonce/xxx'
body
_postContentType='application/jose+json'
_CURL='curl --silent --dump-header /root/.acme.sh/http.header-L-g-I'
_ret='0'
_headers='HTTP/1.1 200 OK
Date: Wed, 17 Jul 2024 07:27:01 GMT
Connection: keep-alive
Cache-Control: no-store
Link: <https://acme.freessl.cn/v2/DV90/directory/xxx>;rel="index"
Replay-Nonce: tnjwvoL8wKi-yFZT9s9Crf8JXquWuGq-4vcrIq7a-Io
X-Trace-Id: 000c89ad320e4976f44cfb43895cef0b
Server: nginx
'
_CACHED_NONCE='tnjwvoL8wKi-yFZT9s9Crf8JXquWuGq-4vcrIq7a-Io'
nonce='tnjwvoL8wKi-yFZT9s9Crf8JXquWuGq-4vcrIq7a-Io'
POST
_post_url='https://acme.freessl.cn/v2/DV90/new-order/xxx'
body='{"protected": "eyJub25jZSI6ICJ0bmp3dm9MOHdLaS15RlpUOXM5Q3JmOEpYcXVXdUdxLTR2Y3JJcTdhLUlvIiwgInVybCI6ICJodHRwczovL2FjbWUuZnJlZXNzbC5jbi92Mi9EVjkwL25ldy1vcmRlci9iczMydm84cGZ6dWE5d2tzMTRtMiIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS5mcmVlc3NsLmNuL2FjbWUvYWNjdC8xMTg3In0", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6InN1c2hvbWUudXMifV19", "signature": "orCWYYfOxtSSRJjwabcxuUoZwqariasJUuF0_S0tlR60tyeLt2iUzmCds9w3J8dAfCFukp7GadOE5PCroSMTg1QZklmVMymVs0QXVBZxzoK4BD81PdOKWgGgKiZRyJST_tGUSMm4T5t6AZvNoWriLKxYtFopvSlZsq5BFzgBQv46h22SueEyudFBr4hpcdL7pZKDFCNZStSNqH9qrLtisJs7MuknUUxMnZWnrSMLqRUv9IFzwojEgSOYr-YCRrb1-Xx8UhXQsUA-RWdH-hSODLYmmwG-1SxQeydFs7-cf-PqVW9VloHQf7PvTUpGUseXytjbvQO0cTigDAq5XOvxqQ"}'
_postContentType='application/jose+json'
Http already initialized.
_CURL='curl --silent --dump-header /root/.acme.sh/http.header-L-g '
_ret='0'
responseHeaders='HTTP/1.1 400 Bad Request
Date: Wed, 17 Jul 2024 07:27:03 GMT
Content-Type: application/problem+json
Content-Length: 218
Connection: keep-alive
Cache-Control: no-store
Link: <https://acme.freessl.cn/v2/DV90/directory/xxx>;rel="index"
Replay-Nonce: P5ClDaTWcHsQptuPzxYNgNEs3HE_p1r-g6OGarrxVdE
X-Trace-Id: 33edf47a336eb04e262ec0d0f82be84f
Server: nginx
'
code='400'
original='{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Trace-ID: 33edf47a336eb04e262ec0d0f82be84f, KeyID header contained an invalid account URL: \"https://acme.freessl.cn/acme/acct/1187\"",
"status": 400
}'
response='{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Trace-ID: 33edf47a336eb04e262ec0d0f82be84f, KeyID header contained an invalid account URL: \"https://acme.freessl.cn/acme/acct/1187\"",
"status": 400
}'
Le_LinkOrder
Le_OrderFinalize
Error creating new order. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:malformed",
"detail": "Trace-ID: 33edf47a336eb04e262ec0d0f82be84f, KeyID header contained an invalid account URL: \"https://acme.freessl.cn/acme/acct/1187\"",
"status": 400
}
pid
No need to restore nginx config, skipping.
_clearupdns
dns_entries
Skipping dns.
_on_issue_err
Please check log file for more details: /root/.acme.sh/acme.sh.log
_chk_vlist
一直不知道咋整,一发帖立马就找到原因,已解决:
卸载acme.sh,清理acme.sh缓存信息,重装acme.sh,重新生成证书。
a. 卸载acme.sh
acme.sh –uninstall
b. 清理acme.sh缓存
cd /root/.acme.sh
rm -rf *
c. 重装acme.sh
页:
[1]