lnmp ssl 生成SSL失败

blue2008 · 发表于 2017-7-5 13:51:47

#  /bin/certbot
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find executable apachectl in PATH: /usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.

#  /bin/certbot
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find executable apachectl in PATH: /usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.

# more  /var/log/letsencrypt/letsencrypt.log
2017-07-05 05:40:59,518:DEBUG:certbot.main:certbot version: 0.15.0
2017-07-05 05:40:59,518:DEBUG:certbot.main:Arguments: []
2017-07-05 05:40:59,518:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,Plugi
nEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-07-05 05:40:59,536:DEBUG:certbot.log:Root logging level set at 20
2017-07-05 05:40:59,536:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-07-05 05:40:59,537:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2017-07-05 05:40:59,602:WARNING:certbot.plugins.util:Failed to find executable apachectl in PATH: /usr/lib64/qt-3.3/bin:/usr/local/s
bin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
2017-07-05 05:40:59,602:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#apache): Cannot find Apache control command ap
achectl
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/plugins/disco.py", line 127, in prepare
self._initialized.prepare()
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot_apache/configurator.py", line 173, in prepare
'Cannot find Apache control command {0}'.format(restart_cmd))
NoInstallationError: Cannot find Apache control command apachectl
2017-07-05 05:40:59,616:DEBUG:certbot.plugins.selection:No candidate plugin
2017-07-05 05:40:59,616:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None

# python -V
Python 2.7.13
# /usr/bin/python -V
Python 2.7.13

[ 本帖最后由 blue2008 于 2017-7-5 13:53 编辑 ]

blue2008 · 发表于 2017-7-5 13:58:23

以前的ID找不到了, 只能新注...
各位有没有遇到过的

licess · 发表于 2017-7-5 17:07:08

需要生成ssl时的错误提示和生成ssl时的/var/log/letsencrypt/letsencrypt.log 日志内容

BlueNoob · 发表于 2017-7-10 14:19:18

# tail -n 30 /var/log/letsencrypt/letsencrypt.log
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py", line 641, in renew_cert
_get_and_save_cert(le_client, config, lineage=lineage)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py", line 77, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/renewal.py", line 297, in renew_cert
new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/client.py", line 313, in obtain_certificate
self.config.allow_subset_of_names)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py", line 81, in get_authorizations
self._respond(resp, best_effort)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py", line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. bluenoob.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://bluenoob.com/.well-known/acme-challenge/mTl7V_2-98SB9yeKn_izbN2fgv6oJtnqGIGKx81OKu8: "
body{background-color:#FFFFFF}</style"
2017-07-05 06:22:35,417:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in
sys.exit(main())
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py", line 743, in main
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py", line 693, in renew
renewal.handle_renewal_request(config)
File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/renewal.py", line 436, in handle_renewal_request
len(renew_failures), len(parse_failures)))
Error: 5 renew failure(s), 0 parse failure(s)

复制代码

BlueNoob · 发表于 2017-7-10 14:26:16

blue2008 密码忘了... 找回收不到邮件...
从1楼的帖子看 , 感觉问题是不是出在python ?
最初安装的时候 , 第一次生成 ssl ,能够正常 ,
后来我发现ssl过期了 , 看了一下crontab , 手动执行了一下也不行 ,
提示 Python 2.6 is no longer supported , 我就手动更新了python到 2.7

licess · 发表于 2017-7-10 15:24:05

按前面返回的信息看返回的代码也不是nginx报错信息上的
看你这个域名未备案被阻断也是无法正常获取到验证文件的
你更新了python，你还需要rm -rf /root/.local/share/letsencrypt/ 重新生成新的，pip也要升级成对应python版本的

BlueNoob · 发表于 2017-7-10 15:51:40

很感谢军哥解答.
/letsencrypt/ 怎么重新生成?
现在去安装PIP ,
.well-known 和user.ini , 我以为没用 , 被我删过好像.....
域名被封了80 , 但是443 没有被封

BlueNoob · 发表于 2017-7-10 15:52:33

对了 , 提个小小的建议 , LNMP 里PHP或者mysql 之类的升级降级, 脚本里能不能加个备份 php.ini 之类的配置文件 ?

BlueNoob · 发表于 2017-7-10 17:05:52

还有一个问题需要请教下的 ,
就是执行lnmp ssl , 生成abc.conf , 是覆盖之前的abc.conf , 还是追加 ?

BlueNoob · 发表于 2017-7-10 17:10:53

问题比较多 ,再问个
nginx的 error_log , 加在nginx.conf 上 , 还是单独vhost 做 ?
一键脚本里默认是不带的
我现在是加在vhost里单独的conf里的

BlueNoob · 发表于 2017-7-10 18:07:10

尴尬, 好不容易解决了pip 的问题之后 ,才发现
Domain: xxx.com
Type: unauthorized
Detail: Invalid response from

话说 , 验证这一步 , 能用非80 端口吗

BlueNoob · 发表于 2017-7-10 18:12:36

acme.sh 是支持DNS验证的, 脚本后续是否能优化下 ?

BlueNoob · 发表于 2017-7-10 20:41:56

不好意思军哥 , 我没有细看 .
php是有配置的
/usr/local/oldphp2017xxxxxxxx/etc/php.ini

ACME 我测试可以用 , 支持DNS验证 , 完美解决80端口被墙

licess · 发表于 2017-7-11 09:50:20

删除后再生成证书时letsencrypt都是自动生成的

你80不通肯定没法验证，他们就是通过80端口访问验证文件的

升级前都会数据配置文件、启动脚本等所有文件进行备份，而且可以完全恢复，升级教程里有说明，自行看教程：https://lnmp.org/faq/lnmp1-2-upgrade.html

error_log 在哪设置的就是记录哪个虚拟主机的，全局的就是全局的

添加到原有http站点配置后，没正常生成证书是不会添加上配置文件的

非80没法验证

支持dns-01验证，自己运行命令就行了 certbot certonly --manual --preferred-challenges=dns -d 域名按提示操作，自己去添加记录等就可以了
certbot本来就是官网的程序需要官网进行优化

		自动登录	找回密码
密码			注册

lnmp ssl 生成SSL失败

军哥运维代购：http://shop63846532.taobao.com/

回复 4# 的帖子

军哥运维代购：http://shop63846532.taobao.com/

军哥运维代购：http://shop63846532.taobao.com/