lamp 1.4 Let'sEncrypt SSL证书 续期失败

leubao

# /bin/certbot renew --disable-hook-validation --renew-hook "/etc/init.d/httpd restart"
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/kf.leubao.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for kf.leubao.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (kf.leubao.com) from /etc/letsencrypt/renewal/kf.leubao.com.conf produced an unexpected error: F
ailed authorization procedure. kf.leubao.com (http-01): urn:acme:error:connection :: The server could not connect to the
client to verify the domain :: Fetching https://kf.leubao.com.well-known/acme-challenge/6wC1NB47utbuXFTs9dYAvp5GIqykmzsvT
4RwnuCQrLE: Error getting validation data. Skipping.


我按照https://lnmp.org/notice/fix-certbot-renew.html所述进行操作，不知道为什么总是提示上述错误，烦请军哥指教

licess

仅按上面的信息是letsencrypt无法访问你的网站

leubao

IMPORTANT NOTES:
- The following errors were reported by the server:

   Domain: api.alizhiyou.com
   Type:   connection
   Detail: Fetching
   https://api.alizhiyou.com.well-known/acme-challenge/HgbG6X4W66SLTAuGdLi03ZuaB4fw3_jqyulgDjuEviE:
   Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
- The following errors were reported by the server:

   Domain: kf.leubao.com
   Type:   connection
   Detail: Fetching
   https://kf.leubao.com.well-known/acme-challenge/7__ed3goyA76YchO3actxJwV2TPrjJELz4xY7FaoG2E:
   Error getting validation data

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

完整的错误是这样的

leubao

我这边可以打开我的站点   https://kf.leubao.com.well-known/acme-challenge/7__ed3goyA76YchO3actxJwV2TPrjJELz4xY7FaoG2E:  这个在网站目录下确实没找到

licess

不清楚你这里面的域名后面为什么缺少了个 /

建议还是升级到1.5，重新迁移下证书 https://lnmp.org/notice/lnmp-v1-5-beta.html#upgrade

紫色郁金香

你好，我是升级到1.5生成的证书，请问自动续期还是1.4的方法吗？

licess

不一样，自动续期的，只要不更改配置文件、网站能正常访问都会自动续期
crontab里有续期命令，可以crontab -l 查看

紫色郁金香

有一条
45 0 * * * "/usr/local/acme.sh"/acme.sh --cron --home "/usr/local/acme.sh" > /dev/null
这个就是自动续期证书的定时任务？

licess

对对