设为首页收藏本站
切换到窄版

VPS侦探论坛

 找回密码
 注册
VPS侦探论坛»VPS侦探论坛 技术交流区 LNMP一键安装包 ssl 证书添加失败
返回列表 发新帖
查看: 3666|回复: 5

ssl 证书添加失败

[复制链接]
haaid
发表于 2020-3-24 23:44:37 | 显示全部楼层 |阅读模式

本帖最后由 haaid 于 2020-3-24 23:45 编辑

今天发现添加 ssl 证书失败,请军哥帮忙看看什么问题

我看了看 dnspod 的日志,就没有 token 操作记录

acme.sh.log 如下:

  1. [Tue Mar 24 23:39:41 CST 2020] Running cmd: issue
  2. [Tue Mar 24 23:39:41 CST 2020] _main_domain='test.xx.com'
  3. [Tue Mar 24 23:39:41 CST 2020] _alt_domains='no'
  4. [Tue Mar 24 23:39:41 CST 2020] Using config home:/usr/local/acme.sh
  5. [Tue Mar 24 23:39:41 CST 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
  6. [Tue Mar 24 23:39:41 CST 2020] DOMAIN_PATH='/usr/local/nginx/conf/ssl/test.xx.com'
  7. [Tue Mar 24 23:39:41 CST 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
  8. [Tue Mar 24 23:39:41 CST 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
  9. [Tue Mar 24 23:39:41 CST 2020] GET
  10. [Tue Mar 24 23:39:41 CST 2020] url='https://acme-v02.api.letsencrypt.org/directory'
  11. [Tue Mar 24 23:39:41 CST 2020] timeout=
  12. [Tue Mar 24 23:39:41 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
  13. [Tue Mar 24 23:39:44 CST 2020] ret='0'
  14. [Tue Mar 24 23:39:44 CST 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
  15. [Tue Mar 24 23:39:44 CST 2020] ACME_NEW_AUTHZ
  16. [Tue Mar 24 23:39:44 CST 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
  17. [Tue Mar 24 23:39:44 CST 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
  18. [Tue Mar 24 23:39:44 CST 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
  19. [Tue Mar 24 23:39:44 CST 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
  20. [Tue Mar 24 23:39:44 CST 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
  21. [Tue Mar 24 23:39:44 CST 2020] ACME_VERSION='2'
  22. [Tue Mar 24 23:39:44 CST 2020] Le_NextRenewTime
  23. [Tue Mar 24 23:39:44 CST 2020] _on_before_issue
  24. [Tue Mar 24 23:39:44 CST 2020] _chk_main_domain='test.xx.com'
  25. [Tue Mar 24 23:39:44 CST 2020] _chk_alt_domains
  26. [Tue Mar 24 23:39:44 CST 2020] Le_LocalAddress
  27. [Tue Mar 24 23:39:44 CST 2020] d='test.xx.com'
  28. [Tue Mar 24 23:39:44 CST 2020] Check for domain='test.xx.com'
  29. [Tue Mar 24 23:39:44 CST 2020] _currentRoot='dns_dp'
  30. [Tue Mar 24 23:39:44 CST 2020] d
  31. [Tue Mar 24 23:39:44 CST 2020] _saved_account_key_hash is not changed, skip register account.
  32. [Tue Mar 24 23:39:44 CST 2020] Read key length:
  33. [Tue Mar 24 23:39:44 CST 2020] _createcsr
  34. [Tue Mar 24 23:39:44 CST 2020] Single domain='test.xx.com'
  35. [Tue Mar 24 23:39:44 CST 2020] Getting domain auth token for each domain
  36. [Tue Mar 24 23:39:44 CST 2020] d
  37. [Tue Mar 24 23:39:44 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
  38. [Tue Mar 24 23:39:44 CST 2020] payload='{"identifiers": [{"type":"dns","value":"test.xx.com"}]}'
  39. [Tue Mar 24 23:39:44 CST 2020] RSA key
  40. [Tue Mar 24 23:39:44 CST 2020] HEAD
  41. [Tue Mar 24 23:39:44 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
  42. [Tue Mar 24 23:39:44 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g  -I  '
  43. [Tue Mar 24 23:39:51 CST 2020] _ret='0'
  44. [Tue Mar 24 23:39:51 CST 2020] POST
  45. [Tue Mar 24 23:39:51 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
  46. [Tue Mar 24 23:39:51 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
  47. [Tue Mar 24 23:39:55 CST 2020] _ret='0'
  48. [Tue Mar 24 23:39:55 CST 2020] code='201'
  49. [Tue Mar 24 23:39:55 CST 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/54431310/2764804268'
  50. [Tue Mar 24 23:39:55 CST 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/54431310/2764804268'
  51. [Tue Mar 24 23:39:55 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/3542018340'
  52. [Tue Mar 24 23:39:55 CST 2020] payload
  53. [Tue Mar 24 23:39:55 CST 2020] POST
  54. [Tue Mar 24 23:39:55 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/3542018340'
  55. [Tue Mar 24 23:39:56 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
  56. [Tue Mar 24 23:40:01 CST 2020] _ret='0'
  57. [Tue Mar 24 23:40:01 CST 2020] code='200'
  58. [Tue Mar 24 23:40:01 CST 2020] d='test.xx.com'
  59. [Tue Mar 24 23:40:02 CST 2020] Getting webroot for domain='test.xx.com'
  60. [Tue Mar 24 23:40:02 CST 2020] _w='dns_dp'
  61. [Tue Mar 24 23:40:02 CST 2020] _currentRoot='dns_dp'
  62. [Tue Mar 24 23:40:02 CST 2020] entry='"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/3542018340/8vRlKg","token":"fAFx2OtYKGC5CuIj66BAE1Lsr_yNivKhVJB4m0j-OEA"'
  63. [Tue Mar 24 23:40:02 CST 2020] token='fAFx2OtYKGC5CuIj66BAE1Lsr_yNivKhVJB4m0j-OEA'
  64. [Tue Mar 24 23:40:02 CST 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/3542018340/8vRlKg'
  65. [Tue Mar 24 23:40:02 CST 2020] keyauthorization='fAFx2OtYKGC5CuIj66BAE1Lsr_yNivKhVJB4m0j-OEA.cIe8hstUX_SsdChRTvNKGOxVpJi93odrubgYyo_4e9Y'
  66. [Tue Mar 24 23:40:02 CST 2020] dvlist='test.xx.com#fAFx2OtYKGC5CuIj66BAE1Lsr_yNivKhVJB4m0j-OEA.cIe8hstUX_SsdChRTvNKGOxVpJi93odrubgYyo_4e9Y#https://acme-v02.api.letsencrypt.org/acme/chall-v3/3542018340/8vRlKg#dns-01#dns_dp'
  67. [Tue Mar 24 23:40:02 CST 2020] d
  68. [Tue Mar 24 23:40:02 CST 2020] vlist='test.xx.com#fAFx2OtYKGC5CuIj66BAE1Lsr_yNivKhVJB4m0j-OEA.cIe8hstUX_SsdChRTvNKGOxVpJi93odrubgYyo_4e9Y#https://acme-v02.api.letsencrypt.org/acme/chall-v3/3542018340/8vRlKg#dns-01#dns_dp,'
  69. [Tue Mar 24 23:40:02 CST 2020] d='test.xx.com'
  70. [Tue Mar 24 23:40:02 CST 2020] _d_alias
  71. [Tue Mar 24 23:40:02 CST 2020] txtdomain='_acme-challenge.test.xx.com'
  72. [Tue Mar 24 23:40:02 CST 2020] txt='bi-fQ_GVWp49TUEwGInAPzIfBM-Li_qGC5tn49nYFUQ'
  73. [Tue Mar 24 23:40:02 CST 2020] d_api='/usr/local/acme.sh/dnsapi/dns_dp.sh'
  74. [Tue Mar 24 23:40:02 CST 2020] Found domain api file: /usr/local/acme.sh/dnsapi/dns_dp.sh
  75. [Tue Mar 24 23:40:02 CST 2020] Adding txt value: bi-fQ_GVWp49TUEwGInAPzIfBM-Li_qGC5tn49nYFUQ for domain:  _acme-challenge.test.xx.com
  76. [Tue Mar 24 23:40:02 CST 2020] First detect the root zone
  77. [Tue Mar 24 23:40:02 CST 2020] Domain.Info
  78. [Tue Mar 24 23:40:02 CST 2020] url='https://dnsapi.cn/Domain.Info'
  79. [Tue Mar 24 23:40:02 CST 2020] POST
  80. [Tue Mar 24 23:40:02 CST 2020] _post_url='https://dnsapi.cn/Domain.Info'
  81. [Tue Mar 24 23:40:02 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
  82. [Tue Mar 24 23:40:02 CST 2020] _ret='0'
  83. [Tue Mar 24 23:40:02 CST 2020] Domain.Info
  84. [Tue Mar 24 23:40:02 CST 2020] url='https://dnsapi.cn/Domain.Info'
  85. [Tue Mar 24 23:40:02 CST 2020] POST
  86. [Tue Mar 24 23:40:02 CST 2020] _post_url='https://dnsapi.cn/Domain.Info'
  87. [Tue Mar 24 23:40:02 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
  88. [Tue Mar 24 23:40:02 CST 2020] _ret='0'
  89. [Tue Mar 24 23:40:02 CST 2020] Domain.Info
  90. [Tue Mar 24 23:40:02 CST 2020] url='https://dnsapi.cn/Domain.Info'
  91. [Tue Mar 24 23:40:02 CST 2020] POST
  92. [Tue Mar 24 23:40:02 CST 2020] _post_url='https://dnsapi.cn/Domain.Info'
  93. [Tue Mar 24 23:40:02 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
  94. [Tue Mar 24 23:40:03 CST 2020] _ret='0'
  95. [Tue Mar 24 23:40:03 CST 2020] invalid domain
  96. [Tue Mar 24 23:40:03 CST 2020] Error add txt for domain:_acme-challenge.test.xx.com
  97. [Tue Mar 24 23:40:03 CST 2020] _on_issue_err
  98. [Tue Mar 24 23:40:03 CST 2020] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
  99. [Tue Mar 24 23:40:03 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/3542018340/8vRlKg'
  100. [Tue Mar 24 23:40:03 CST 2020] payload='{}'
  101. [Tue Mar 24 23:40:03 CST 2020] POST
  102. [Tue Mar 24 23:40:03 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/3542018340/8vRlKg'
  103. [Tue Mar 24 23:40:03 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
  104. [Tue Mar 24 23:40:06 CST 2020] _ret='0'
  105. [Tue Mar 24 23:40:06 CST 2020] code='200'
  106. [Tue Mar 24 23:40:06 CST 2020] pid
  107. [Tue Mar 24 23:40:06 CST 2020] No need to restore nginx, skip.
  108. [Tue Mar 24 23:40:06 CST 2020] _clearupdns
  109. [Tue Mar 24 23:40:06 CST 2020] dns_entries
  110. [Tue Mar 24 23:40:06 CST 2020] skip dns.
复制代码


美国VPS推荐: 遨游主机LinodeLOCVPS主机云搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
回复

举报

licess
发表于 2020-3-25 09:01:50 | 显示全部楼层


只能看到错误是添加失败,不清楚什么原因,api上面你看一下开白名单了吗?
也可以改一下 /usr/local/acme.sh/account.conf 将 里面的 #LOG_LEVEL=1  改成 LOG_LEVEL=2 然后重新生成证书,记录更详细的日志看看
Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org
回复 支持 反对

举报

haaid
 楼主| 发表于 2020-3-25 12:50:30 | 显示全部楼层

licess 发表于 2020-3-25 09:01
只能看到错误是添加失败,不清楚什么原因,api上面你看一下开白名单了吗?
也可以改一下 /usr/local/acme.s ...
  1. [Wed Mar 25 12:43:34 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
  2. [Wed Mar 25 12:43:35 CST 2020] _ret='0'
  3. [Wed Mar 25 12:43:35 CST 2020] response='{"status":{"code":"8","message":"\u57df\u540d\u4e0d\u6b63\u786e\uff0c\u8bf7\u8f93\u5165\u4e3b\u57df\u540d\uff0c\u5982 dnspod.cn","created_at":"2020-03-25 12:43:35"}}'
  4. [Wed Mar 25 12:43:35 CST 2020] invalid domain
  5. [Wed Mar 25 12:43:35 CST 2020] Error add txt for domain:_acme-challenge.beta.api.xc.cool
  6. [Wed Mar 25 12:43:35 CST 2020] _on_issue_err
  7. [Wed Mar 25 12:43:35 CST 2020] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
复制代码


api 没开白名单,是不是这个 response 的错
美国VPS推荐: 遨游主机LinodeLOCVPS主机云搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
回复 支持 反对

举报

licess
发表于 2020-3-25 13:50:05 | 显示全部楼层



haaid 发表于 2020-3-25 12:50
api 没开白名单,是不是这个 response 的错

上面的\u57df\u540d\u4e0d\u6b63\u786e\uff0c\u8bf7\u8f93\u5165\u4e3b\u57df\u540d\uff0c\u5982 dnspod.cn
unicode转换过来就是: 域名不正确,请输入主域名,如 dnspod.cn
Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org
回复 支持 反对

举报

foboy
发表于 2020-3-27 23:25:08 | 显示全部楼层

本帖最后由 foboy 于 2020-3-27 23:33 编辑

DNSPOD最近好像坏了,我买的新域名和以前成功过的老域名,现在全部添加记录时失败。提示:invalid domain
更换其他的DNS服务商就正常了。

军哥运维代购:http://shop63846532.taobao.com/
回复 支持 反对

举报

haaid
 楼主| 发表于 2020-4-2 23:05:46 | 显示全部楼层

确实是 dnspod 抽风,过了一段时间好了
回复 支持 反对

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|VPS侦探 ( 鲁ICP备16040043号-1 )

GMT+8, 2024-10-18 13:00 , Processed in 0.027324 second(s), 17 queries .

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表