系统自带的ssl证书续期失败了

l9950925

军哥新年好，遇到了一个问题需要请教你

安装的是lnmp1.6

添加了一个二级域名，并使用了系统自带的Let'sEncrypt的证书，但是我把crontab的自动更新脚本删除了。。。

现在证书马上就要到期了，我使用手动升级命令： acme.sh --renew -d 域名

但是出现了问题，麻烦你看一下我要怎么解决。



日志：

1. [Sat Feb 15 15:06:37 CST 2020] Running cmd: renew
   
2. [Sat Feb 15 15:06:37 CST 2020] Using config home:/usr/local/acme.sh
   
3. [Sat Feb 15 15:06:37 CST 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
   
4. [Sat Feb 15 15:06:37 CST 2020] DOMAIN_PATH='/usr/local/nginx/conf/ssl/tlryjg.jiaohusheji.net'
   
5. [Sat Feb 15 15:06:37 CST 2020] Renew: 'tlryjg.jiaohusheji.net'
   
6. [Sat Feb 15 15:06:37 CST 2020] Le_API
   
7. [Sat Feb 15 15:06:37 CST 2020] _main_domain='tlryjg.jiaohusheji.net'
   
8. [Sat Feb 15 15:06:37 CST 2020] _alt_domains='no'
   
9. [Sat Feb 15 15:06:37 CST 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
   
10. [Sat Feb 15 15:06:37 CST 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
    
11. [Sat Feb 15 15:06:37 CST 2020] GET
    
12. [Sat Feb 15 15:06:37 CST 2020] url='https://acme-v02.api.letsencrypt.org/directory'
    
13. [Sat Feb 15 15:06:37 CST 2020] timeout=
    
14. [Sat Feb 15 15:06:37 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
    
15. [Sat Feb 15 15:06:38 CST 2020] ret='0'
    
16. [Sat Feb 15 15:06:39 CST 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
    
17. [Sat Feb 15 15:06:39 CST 2020] ACME_NEW_AUTHZ
    
18. [Sat Feb 15 15:06:39 CST 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
    
19. [Sat Feb 15 15:06:39 CST 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
    
20. [Sat Feb 15 15:06:39 CST 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
    
21. [Sat Feb 15 15:06:39 CST 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
    
22. [Sat Feb 15 15:06:39 CST 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    
23. [Sat Feb 15 15:06:39 CST 2020] ACME_VERSION='2'
    
24. [Sat Feb 15 15:06:39 CST 2020] Le_NextRenewTime='1580446350'
    
25. [Sat Feb 15 15:06:39 CST 2020] _on_before_issue
    
26. [Sat Feb 15 15:06:39 CST 2020] _chk_main_domain='tlryjg.jiaohusheji.net'
    
27. [Sat Feb 15 15:06:39 CST 2020] _chk_alt_domains
    
28. [Sat Feb 15 15:06:39 CST 2020] Le_LocalAddress
    
29. [Sat Feb 15 15:06:39 CST 2020] d='tlryjg.jiaohusheji.net'
    
30. [Sat Feb 15 15:06:39 CST 2020] Check for domain='tlryjg.jiaohusheji.net'
    
31. [Sat Feb 15 15:06:39 CST 2020] _currentRoot='/home/wwwroot/tlryjg.jiaohusheji.net'
    
32. [Sat Feb 15 15:06:39 CST 2020] d
    
33. [Sat Feb 15 15:06:39 CST 2020] _saved_account_key_hash is not changed, skip register account.
    
34. [Sat Feb 15 15:06:39 CST 2020] Read key length:
    
35. [Sat Feb 15 15:06:39 CST 2020] _createcsr
    
36. [Sat Feb 15 15:06:39 CST 2020] Single domain='tlryjg.jiaohusheji.net'
    
37. [Sat Feb 15 15:06:39 CST 2020] Getting domain auth token for each domain
    
38. [Sat Feb 15 15:06:39 CST 2020] d
    
39. [Sat Feb 15 15:06:39 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
    
40. [Sat Feb 15 15:06:39 CST 2020] payload='{"identifiers": [{"type":"dns","value":"tlryjg.jiaohusheji.net"}]}'
    
41. [Sat Feb 15 15:06:39 CST 2020] RSA key
    
42. [Sat Feb 15 15:06:39 CST 2020] HEAD
    
43. [Sat Feb 15 15:06:39 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    
44. [Sat Feb 15 15:06:39 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g  -I  '
    
45. [Sat Feb 15 15:06:40 CST 2020] _ret='0'
    
46. [Sat Feb 15 15:06:40 CST 2020] POST
    
47. [Sat Feb 15 15:06:40 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
    
48. [Sat Feb 15 15:06:40 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
    
49. [Sat Feb 15 15:06:43 CST 2020] _ret='0'
    
50. [Sat Feb 15 15:06:43 CST 2020] code='201'
    
51. [Sat Feb 15 15:06:43 CST 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/69649468/2337235879'
    
52. [Sat Feb 15 15:06:43 CST 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/69649468/2337235879'
    
53. [Sat Feb 15 15:06:43 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/2826459960'
    
54. [Sat Feb 15 15:06:43 CST 2020] payload
    
55. [Sat Feb 15 15:06:43 CST 2020] POST
    
56. [Sat Feb 15 15:06:43 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/2826459960'
    
57. [Sat Feb 15 15:06:43 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
    
58. [Sat Feb 15 15:06:44 CST 2020] _ret='0'
    
59. [Sat Feb 15 15:06:44 CST 2020] code='200'
    
60. [Sat Feb 15 15:06:44 CST 2020] d='tlryjg.jiaohusheji.net'
    
61. [Sat Feb 15 15:06:44 CST 2020] Getting webroot for domain='tlryjg.jiaohusheji.net'
    
62. [Sat Feb 15 15:06:44 CST 2020] _w='/home/wwwroot/tlryjg.jiaohusheji.net'
    
63. [Sat Feb 15 15:06:44 CST 2020] _currentRoot='/home/wwwroot/tlryjg.jiaohusheji.net'
    
64. [Sat Feb 15 15:06:44 CST 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A","token":"aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ"'
    
65. [Sat Feb 15 15:06:44 CST 2020] token='aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ'
    
66. [Sat Feb 15 15:06:44 CST 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
    
67. [Sat Feb 15 15:06:44 CST 2020] keyauthorization='aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ.MRUZ5DWTAV3hva6TT0QYRS_Na049T9UclLzLWAR7UhA'
    
68. [Sat Feb 15 15:06:44 CST 2020] dvlist='tlryjg.jiaohusheji.net#aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ.MRUZ5DWTAV3hva6TT0QYRS_Na049T9UclLzLWAR7UhA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A#http-01#/home/wwwroot/tlryjg.jiaohusheji.net'
    
69. [Sat Feb 15 15:06:44 CST 2020] d
    
70. [Sat Feb 15 15:06:44 CST 2020] vlist='tlryjg.jiaohusheji.net#aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ.MRUZ5DWTAV3hva6TT0QYRS_Na049T9UclLzLWAR7UhA#https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A#http-01#/home/wwwroot/tlryjg.jiaohusheji.net,'
    
71. [Sat Feb 15 15:06:44 CST 2020] d='tlryjg.jiaohusheji.net'
    
72. [Sat Feb 15 15:06:44 CST 2020] ok, let's start to verify
    
73. [Sat Feb 15 15:06:44 CST 2020] Verifying: tlryjg.jiaohusheji.net
    
74. [Sat Feb 15 15:06:44 CST 2020] d='tlryjg.jiaohusheji.net'
    
75. [Sat Feb 15 15:06:44 CST 2020] keyauthorization='aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ.MRUZ5DWTAV3hva6TT0QYRS_Na049T9UclLzLWAR7UhA'
    
76. [Sat Feb 15 15:06:44 CST 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
    
77. [Sat Feb 15 15:06:44 CST 2020] _currentRoot='/home/wwwroot/tlryjg.jiaohusheji.net'
    
78. [Sat Feb 15 15:06:44 CST 2020] wellknown_path='/home/wwwroot/tlryjg.jiaohusheji.net/.well-known/acme-challenge'
    
79. [Sat Feb 15 15:06:44 CST 2020] writing token:aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ to /home/wwwroot/tlryjg.jiaohusheji.net/.well-known/acme-challenge/aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ
    
80. [Sat Feb 15 15:06:44 CST 2020] Changing owner/group of .well-known to www:www
    
81. [Sat Feb 15 15:06:44 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
    
82. [Sat Feb 15 15:06:44 CST 2020] payload='{}'
    
83. [Sat Feb 15 15:06:44 CST 2020] POST
    
84. [Sat Feb 15 15:06:44 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
    
85. [Sat Feb 15 15:06:44 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
    
86. [Sat Feb 15 15:06:46 CST 2020] _ret='0'
    
87. [Sat Feb 15 15:06:46 CST 2020] code='200'
    
88. [Sat Feb 15 15:06:46 CST 2020] trigger validation code: 200
    
89. [Sat Feb 15 15:06:46 CST 2020] sleep 2 secs to verify
    
90. [Sat Feb 15 15:06:48 CST 2020] checking
    
91. [Sat Feb 15 15:06:48 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
    
92. [Sat Feb 15 15:06:48 CST 2020] payload
    
93. [Sat Feb 15 15:06:48 CST 2020] POST
    
94. [Sat Feb 15 15:06:48 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
    
95. [Sat Feb 15 15:06:48 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
    
96. [Sat Feb 15 15:06:51 CST 2020] _ret='0'
    
97. [Sat Feb 15 15:06:51 CST 2020] code='200'
    
98. [Sat Feb 15 15:06:51 CST 2020] tlryjg.jiaohusheji.net:Verify error:Invalid response from https://tlryjg.jiaohusheji.net/.well-known/acme-challenge/aPP6IRwWEQSMcjPrU0t_W-xMsfpQLij7Sik4Lm7obbQ [58.211.137.142]:
    
99. [Sat Feb 15 15:06:51 CST 2020] pid
    
100. [Sat Feb 15 15:06:51 CST 2020] No need to restore nginx, skip.
     
101. [Sat Feb 15 15:06:51 CST 2020] _clearupdns
     
102. [Sat Feb 15 15:06:51 CST 2020] dns_entries
     
103. [Sat Feb 15 15:06:51 CST 2020] skip dns.
     
104. [Sat Feb 15 15:06:51 CST 2020] _on_issue_err
     
105. [Sat Feb 15 15:06:51 CST 2020] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
     
106. [Sat Feb 15 15:06:51 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
     
107. [Sat Feb 15 15:06:51 CST 2020] payload='{}'
     
108. [Sat Feb 15 15:06:51 CST 2020] POST
     
109. [Sat Feb 15 15:06:51 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2826459960/k-UA8A'
     
110. [Sat Feb 15 15:06:51 CST 2020] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  -g '
     
111. [Sat Feb 15 15:06:52 CST 2020] _ret='0'
     
112. [Sat Feb 15 15:06:52 CST 2020] code='400'
     

复制代码

licess

crontab 里面你可以自己再重新添加一下：
40 0 * * * "/usr/local/acme.sh"/acme.sh --cron --home "/usr/local/acme.sh" > /dev/null
手动续期的话可以执行 "/usr/local/acme.sh"/acme.sh --cron --home "/usr/local/acme.sh" 这样试一下

你这个域名的验证文件不存在，可能你更改过该域名对应的配置文件设置，如root网站目录、或设置过其他一些影响续期的配置