VPS侦探论坛 › LNMP一键安装包 › lnmp1.5 生成通配符ssl问题！

unosky 发表于 2018-4-26 23:14:45

lnmp1.5 生成通配符ssl问题！

生成证书出现问题后 再次生成出现如下提示：Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:malformed","detail":"Error creating new order :: Domain name \"www.xxx.com\" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.","status": 400}




下面是acme日志
_main_domain='www.xxx.com'
_alt_domains='xxx.com,*.xxx.com'
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
DOMAIN_PATH='/usr/local/nginx/conf/ssl/www.xxx.com'
Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
_init api for server: https://acme-v02.api.letsencrypt.org/directory
GET
url='https://acme-v02.api.letsencrypt.org/directory'
timeout=
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
ret='0'
ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
ACME_NEW_AUTHZ
ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
ACME_VERSION='2'
_on_before_issue
_chk_main_domain='www.xxx.com'
_chk_alt_domains='xxx.com,*.xxx.com'
Le_LocalAddress
d='www.xxx.com'
Check for domain='www.xxx.com'
_currentRoot='dns_dp'
d='xxx.com'
Check for domain='xxx.com'
_currentRoot='dns_dp'
d='*.xxx.com'
Check for domain='*.xxx.com'
_currentRoot='dns_dp'
d
_saved_account_key_hash is not changed, skip register account.
Read key length:
Creating domain key
Use DEFAULT_DOMAIN_KEY_LENGTH=2048
Using config home:/usr/local/acme.sh
ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
Use length 2048
Using RSA: 2048
The domain key is here: /usr/local/nginx/conf/ssl/www.xxx.com/www.xxx.com.key
_createcsr
Multi domain='DNS:www.xxx.com,DNS:xxx.com,DNS:*.xxx.com'
Getting domain auth token for each domain
d='xxx.com'
d='*.xxx.com'
d
url='https://acme-v02.api.letsencrypt.org/acme/new-order'
payload='{"identifiers": [{"type":"dns","value":"www.xxx.com"},{"type":"dns","value":"xxx.com"},{"type":"dns","value":"*.xxx.com"}]}'
RSA key
HEAD
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
POST
_post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
_CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header-g '
_ret='0'
code='400'
Le_OrderFinalize
Create new order error. Le_OrderFinalize not found. {"type":"urn:ietf:params:acme:error:malformed","detail":"Error creating new order :: Domain name \"www.xxx.com\" is redundant with a wildcard domain in the same request. Remove one or the other from the certificate request.","status": 400}
pid
No need to restore nginx, skip.
_clearupdns
skip dns.
_on_issue_err
Please check log file for more details: /usr/local/acme.sh/acme.sh.log

licess 发表于 2018-4-27 10:19:07

回复 1# 的帖子

生成通配符域名证书不要加带www的域名

unosky 发表于 2018-5-2 16:30:37

回复 2# 的帖子

还有个问题就是为已存在的网站申请系统会新建2个server段。。。是否优化下

查看完整版本: lnmp1.5 生成通配符ssl问题！