军哥：lnmp ssl安装失败。不知道是不是python的问题。帮忙看下。

810656823

选择证书2.Lets Encrypt 报错如下，请军哥过目 ：It will be processed automatically.
/bin/certbot [found]
Starting create SSL Certificate use Let's Encrypt...
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.ef201.com
http-01 challenge for ef201.com
Using the webroot path /home/wwwroot/www.ef201.com for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.ef201.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://www.ef201.com/.well-known/acme-challenge/OtDRWlzbNREKbWH-Cds-BWS92a6pal4hAZxpU_tB9CE: Error getting validation data, ef201.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching https://ef201.com/.well-known/acme-challenge/9azR2zW6RCQpwR0AhZOC_bA5y3pBjcG2iyytC2_lPss: Error getting validation data

IMPORTANT NOTES:
- The following errors were reported by the server:

   Domain: www.ef201.com
   Type:   connection
   Detail: Fetching
   https://www.ef201.com/.well-known/acme-challenge/OtDRWlzbNREKbWH-Cds-BWS92a6pal4hAZxpU_tB9CE:
   Error getting validation data

   Domain: ef201.com
   Type:   connection
   Detail: Fetching
   https://ef201.com/.well-known/acme-challenge/9azR2zW6RCQpwR0AhZOC_bA5y3pBjcG2iyytC2_lPss:
   Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
Let's Encrypt SSL Certificate create failed!

810656823

dns和ip都没问题。正常。

810656823

防火墙443也有开启

810656823

是python2.6版本太低了吗？

licess

虽然python 2.6低点，但是目前来说还可以用
按上面的信息，应该是没解析出ip来

而且里面fetch 的url一般都是http的

可以发 /var/log/letsencrypt/letsencrypt.log 的信息看看更详细的错误信息

810656823

/var/log/letsencrypt/letsencrypt.log报错内容如下：
Domain: www.otaku.com
Type:   unauthorized
Detail: Invalid response from http://www.otaku.com/.well-known/acme-challenge/kenU3ggVNRtDZPzvPfIgMRgzi74pzq43h25fdwYl-o4: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2017-06-22 03:05:29,796:INFO:certbot.auth_handler:Cleaning up challenges
2017-06-22 03:05:29,796EBUG:certbot.plugins.webroot:Removing /home/wwwroot/www.otaku.com/.well-known/acme-challenge/kenU3ggVNRtDZPzvPfIgMRgzi74pzq43h25fdwYl-o4
2017-06-22 03:05:29,797EBUG:certbot.plugins.webroot:Removing /home/wwwroot/www.otaku.com/.well-known/acme-challenge/E0zXNqQPoVFcDoe4L4nUbiOBIlwM0eakFBHrx68MeSU
2017-06-22 03:05:29,797EBUG:certbot.plugins.webroot:All challenges cleaned up, removing /home/wwwroot/www.otaku.com/.well-known/acme-challenge
2017-06-22 03:05:29,797EBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 743, in main
    return config.func(config, plugins)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 683, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 82, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py", line 344, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/client.py", line 313, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py", line 81, in get_authorizations
    self._respond(resp, best_effort)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py", line 138, in _respond
    self._poll_challenges(chall_update, best_effort)
  File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. otaku.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://otaku.com/.well-known/acme-challenge/E0zXNqQPoVFcDoe4L4nUbiOBIlwM0eakFBHrx68MeSU: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p", www.otaku.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.otaku.com/.well-known/acme-challenge/kenU3ggVNRtDZPzvPfIgMRgzi74pzq43h25fdwYl-o4: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>

[ 本帖最后由 810656823 于 2017-6-22 11:16 编辑 ]

810656823

Starting create SSL Certificate use Let's Encrypt...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.otaku.com
http-01 challenge for otaku.com
Using the webroot path /home/wwwroot/www.otaku.com for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. otaku.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://otaku.com/.well-known/acme-challenge/ZJaju8UfCJBF7pgt4wVfD_lkqNAyOwM-SsfIjvR45JQ: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p", www.otaku.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.otaku.com/.well-known/acme-challenge/7FjOHgvy87MYsgSVZs7vpDGs8EZsyYgYO8p_qntK8nE: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p"

IMPORTANT NOTES:
- The following errors were reported by the server:

   Domain: otaku.com
   Type:   unauthorized
   Detail: Invalid response from
   http://otaku.com/.well-known/acme-challenge/ZJaju8UfCJBF7pgt4wVfD_lkqNAyOwM-SsfIjvR45JQ:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>403 Forbidden</title>
   </head><body>
   <h1>Forbidden</h1>
   <p"

   Domain: www.otaku.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.otaku.com/.well-known/acme-challenge/7FjOHgvy87MYsgSVZs7vpDGs8EZsyYgYO8p_qntK8nE:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>403 Forbidden</title>
   </head><body>
   <h1>Forbidden</h1>
   <p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.
Let's Encrypt SSL Certificate create failed!

[ 本帖最后由 810656823 于 2017-6-22 11:15 编辑 ]

licess

可能是1.3升级到1.4的为按要求修改 https://lnmp.org/faq/upgrade1-4.html
也可以自己设置了就行deny规则

810656823

我的是lamp的环境的。也要这样设置吗？

810656823

我不是升级的。我是直接安装的lnmp1.4稳定版的。然后我是lamp的环境。

licess

403的话可能是有deny规则，可以贴该域名的配置文件和网站根目录的.htaccess 看一下
再有可能是目录权限设置有问题