使用反向代理https证书的更新问题

Thinking

请教军哥。我的网站使用的Linode服务器，前面加上了香港的服务器作为反代（域名均解析到香港反代服务器）。网站使用的Let'sEncrypt免费证书，每三个月自动更新一次。由于12月初网站证书即将到期，到目前为止证书仍然没有自动更新，不太清楚使用反代的Linode服务器是否还能够自动更新证书？如果不行，可否有方式自动更新还是必须手动更新？谢谢！

licess

/usr/local/acme.sh/acme.sh --upgrade 升级一下
并 /usr/local/acme.sh/acme.sh --cron --home "/usr/local/acme.sh" 手动续期看看，不成功的话需要提供日志才能确定原因

Thinking

感谢军哥的回复。我使用第一个命令升级提示成功，结果如下：
=============================
[root@123 ~]# /usr/local/acme.sh/acme.sh --upgrade
[Wed Nov 27 02:01:03 CST 2019] Installing from online archive.
[Wed Nov 27 02:01:03 CST 2019] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
[Wed Nov 27 02:01:04 CST 2019] Extracting master.tar.gz
[Wed Nov 27 02:01:04 CST 2019] It is recommended to install socat first.
[Wed Nov 27 02:01:04 CST 2019] We use socat for standalone server if you use standalone mode.
[Wed Nov 27 02:01:04 CST 2019] If you don't use standalone mode, just ignore this warning.
[Wed Nov 27 02:01:04 CST 2019] Installing to /usr/local/acme.sh
[Wed Nov 27 02:01:04 CST 2019] Installed to /usr/local/acme.sh/acme.sh
[Wed Nov 27 02:01:04 CST 2019] Good, bash is found, so change the shebang to use bash as preferred.
[Wed Nov 27 02:01:05 CST 2019] OK
[Wed Nov 27 02:01:05 CST 2019] Install success!
[Wed Nov 27 02:01:05 CST 2019] Upgrade success!
=============================

使用第二个命令时报错，屏幕显示如下：
=============================
[root@123 ~]# /usr/local/acme.sh/acme.sh --cron --home "/usr/local/acme.sh"
[Wed Nov 27 02:02:04 CST 2019] ===Starting cron===
[Wed Nov 27 02:02:04 CST 2019] Renew: 'blog.musway.net'
[Wed Nov 27 02:02:05 CST 2019] Single domain='blog.musway.net'
[Wed Nov 27 02:02:05 CST 2019] Getting domain auth token for each domain
[Wed Nov 27 02:02:08 CST 2019] Getting webroot for domain='blog.musway.net'
[Wed Nov 27 02:02:08 CST 2019] Verifying: blog.musway.net
[Wed Nov 27 02:02:11 CST 2019] blog.musway.net:Verify error:Invalid response from https://blog.musway.net/.well-known/acme-challenge/fnqGGm_gDpKW3bdURTOwjAnlPYgZESfgiyhUheWRPJI [103.192.226.217]:
[Wed Nov 27 02:02:11 CST 2019] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
[Wed Nov 27 02:02:12 CST 2019] Error renew blog.musway.net.
[Wed Nov 27 02:02:12 CST 2019] Renew: 'www.chinamidi.cn'
[Wed Nov 27 02:02:13 CST 2019] Single domain='www.chinamidi.cn'
[Wed Nov 27 02:02:13 CST 2019] Getting domain auth token for each domain
[Wed Nov 27 02:02:16 CST 2019] Getting webroot for domain='www.chinamidi.cn'
[Wed Nov 27 02:02:16 CST 2019] Verifying: www.chinamidi.cn
[Wed Nov 27 02:02:20 CST 2019] www.chinamidi.cn:Verify error:Invalid response from https://www.chinamidi.cn/.well-known/acme-challenge/yYpRtIXmxg0PMQ99OSqX4jb-KQSVIcqJconRxPtjhoU [103.192.226.217]:
[Wed Nov 27 02:02:20 CST 2019] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
[Wed Nov 27 02:02:20 CST 2019] Error renew www.chinamidi.cn.
[Wed Nov 27 02:02:20 CST 2019] ===End cron===
=============================
个人分析似乎应该是续期的时候找的反代服务器的IP，但是反代服务器里并没有网站文件，所以导致没有响应。
不知道该如何解决了。
附件是相关的日志文件，请军哥帮忙再看一下，谢谢！

licess

Thinking 发表于 2019-11-27 02:18
感谢军哥的回复。我使用第一个命令升级提示成功，结果如下：
=============================
[root@123 ~]# ...

需要在源服务上才行，反代服务商上生成了验证文件，但是源服务器上是没法远程自动生成的。
这个是需要装在源服务器上的，非要在前段服务器上设置的话就需要删除前端服务器上的证书，使用dns方式进行验证，可以查看 https://www.vpser.net/manage/lnm ... card-ssl-howto.html

Thinking

解决了，感谢军哥！