ssl手动续期失败

1576696143

/usr/local/acme.sh/acme.sh --cron --home "/usr              /local/acme.sh"
[Mon May 24 15:24:25 CST 2021] ===Starting cron===
[Mon May 24 15:24:26 CST 2021] Already uptodate!
[Mon May 24 15:24:26 CST 2021] Upgrade success!
[Mon May 24 15:24:26 CST 2021] Auto upgraded to: 2.9.0
[Mon May 24 15:24:26 CST 2021] Renew: 'www.0524.com'
[Mon May 24 15:24:26 CST 2021] Skip invalid cert for: www.0524.com
[Mon May 24 15:24:26 CST 2021] Skipped www.0524.com
[Mon May 24 15:24:26 CST 2021] Renew: 'www.tvst.cn'
[Mon May 24 15:24:29 CST 2021] Using CA: https://acme-v02.api.letsencrypt.org/di              rectory
[Mon May 24 15:24:29 CST 2021] Multi domain='DNS:www.tvst.cn,DNS:tvst.cn'
[Mon May 24 15:24:29 CST 2021] Getting domain auth token for each domain
[Mon May 24 15:24:34 CST 2021] Getting webroot for domain='www.tvst.cn'
[Mon May 24 15:24:34 CST 2021] Getting webroot for domain='tvst.cn'
[Mon May 24 15:24:34 CST 2021] Verifying: www.tvst.cn
[Mon May 24 15:24:39 CST 2021] www.tvst.cn:Verify error:Invalid response from ht              tps://www.tvst.cn/.well-known/acme-challenge/b4ygHVHzTRmMWl6Q36aOqw111656wWXxeRG              TkAdolwk [59.110.230.113]:
[Mon May 24 15:24:39 CST 2021] Please check log file for more details: /usr/loca              l/acme.sh/acme.sh.log
[Mon May 24 15:24:42 CST 2021] Error renew www.tvst.cn.
[Mon May 24 15:24:42 CST 2021] ===End cron===

licess

是否更改过网站的配置文件？如更改贴出
是否增加了301跳转，如有，是否按官网教程设置的301

1576696143

1. server
   
2.     {
   
3.         listen 80;
   
4.         #listen [::]:80;
   
5.         server_name www.tvst.cn tvst.cn;
   
6.         index index.html index.htm index.php default.html default.htm default.php;
   
7.         root  /data/web/www.tvst.cn/tp-site;
   
8. 
   
9.         client_max_body_size 1000m;
   
10. 
    
11.         include rewrite/other.conf;
    
12.         #error_page   404   /404.html;
    
13.         return      301 https://$server_name$request_uri;
    
14.         # Deny access to PHP files in specific directory
    
15.         #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
    
16. 
    
17.         include enable-php-pathinfo.conf;
    
18. 
    
19.         location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    
20.         {
    
21.             expires      30d;
    
22.         }
    
23. 
    
24.         location ~ .*\.(js|css)?$
    
25.         {
    
26.             expires      12h;
    
27.         }
    
28. 
    
29.         location ~ /.well-known {
    
30.             allow all;
    
31.         }
    
32.       
    
33. 
    
34.         location ~ /\.
    
35.         {
    
36.             deny all;
    
37.         }
    
38.         location / {
    
39.            if (!-e $request_filename) {
    
40.            rewrite  ^(.*)nbsp; /index.php?s=/$1  last;
    
41.            break;
    
42.             }
    
43.         }
    
44. 
    
45.         access_log  /home/wwwlogs/www.tvst.cn.log;
    
46.     }
    
47. 
    
48. server
    
49.     {
    
50.         listen 443 ssl http2;
    
51.         #listen [::]:443 ssl http2;
    
52.         server_name www.tvst.cn tvst.cn;
    
53.         index index.html index.htm index.php default.html default.htm default.php;
    
54.         root  /data/web/www.tvst.cn/tp-site;
    
55. 
    
56.         client_max_body_size 1000m;
    
57. 
    
58.         
    
59.         ssl_certificate /usr/local/nginx/conf/ssl/www.tvst.cn/fullchain.cer;
    
60.         ssl_certificate_key /usr/local/nginx/conf/ssl/www.tvst.cn/www.tvst.cn.key;
    
61.         ssl_session_timeout 5m;
    
62.         ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    
63.         ssl_prefer_server_ciphers on;
    
64.         ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    
65.         ssl_session_cache builtin:1000 shared:SSL:10m;
    
66.         # openssl dhparam -out /usr/local/nginx/conf/ssl/dhparam.pem 2048
    
67.         ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem;
    
68. 
    
69.         include rewrite/other.conf;
    
70.         #error_page   404   /404.html;
    
71. 
    
72.         # Deny access to PHP files in specific directory
    
73.         #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }
    
74. 
    
75.         include enable-php-pathinfo.conf;
    
76. 
    
77.         location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    
78.         {
    
79.             expires      30d;
    
80.         }
    
81. 
    
82.         location ~ .*\.(js|css)?$
    
83.         {
    
84.             expires      12h;
    
85.         }
    
86. 
    
87.         location ~ /.well-known {
    
88.             allow all;
    
89.         }
    
90. 
    
91.         location ~ /\.
    
92.         {
    
93.             deny all;
    
94.         }
    
95.         location / {
    
96.            if (!-e $request_filename) {
    
97.               rewrite ^/index.php(.*)$ /index.php?s=$1 last;
    
98.               rewrite  ^(.*)nbsp; /index.php?s=/$1  last;
    
99.               break;
    
100.             }
     
101.         }
     
102.         access_log  /home/wwwlogs/www.tvst.cn.log;
     
103.     }
     

复制代码

1576696143

licess 发表于 2021-5-25 08:00
是否更改过网站的配置文件？如更改贴出
是否增加了301跳转，如有，是否按官网教程设置的301 ...

虚拟主机配置在上面，301就是那个return 301了

licess

1576696143 发表于 2021-5-29 11:18
虚拟主机配置在上面，301就是那个return 301了

首先，网站目录你都改了肯定不行，你要自定义或改目录必须在生成ssl证书前或更改目录后自己去改对应letsencrypt ssl证书目录下的配置文件
其次，前面已经和你说过了使用免费letsencrypt证书必须要按官网教程设置301，否则无法续期
再就是如果你不确定网站程序是否需要pathinfo就不要开启