打印

lnmp ssl 生成SSL失败

lnmp ssl 生成SSL失败

#  /bin/certbot
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find executable apachectl in PATH: /usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.

#  /bin/certbot
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find executable apachectl in PATH: /usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.


# more  /var/log/letsencrypt/letsencrypt.log
2017-07-05 05:40:59,518:DEBUG:certbot.main:certbot version: 0.15.0
2017-07-05 05:40:59,518:DEBUG:certbot.main:Arguments: []
2017-07-05 05:40:59,518:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,Plugi
nEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-07-05 05:40:59,536:DEBUG:certbot.log:Root logging level set at 20
2017-07-05 05:40:59,536:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-07-05 05:40:59,537:DEBUG:certbot.plugins.selection:Requested authenticator None and installer None
2017-07-05 05:40:59,602:WARNING:certbot.plugins.util:Failed to find executable apachectl in PATH: /usr/lib64/qt-3.3/bin:/usr/local/s
bin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
2017-07-05 05:40:59,602:DEBUG:certbot.plugins.disco:No installation (PluginEntryPoint#apache): Cannot find Apache control command ap
achectl
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/plugins/disco.py", line 127, in prepare
    self._initialized.prepare()
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot_apache/configurator.py", line 173, in prepare
    'Cannot find Apache control command {0}'.format(restart_cmd))
NoInstallationError: Cannot find Apache control command apachectl
2017-07-05 05:40:59,616:DEBUG:certbot.plugins.selection:No candidate plugin
2017-07-05 05:40:59,616:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None


# python -V
Python 2.7.13
# /usr/bin/python -V
Python 2.7.13

[ 本帖最后由 blue2008 于 2017-7-5 13:53 编辑 ]

TOP

以前的ID找不到了, 只能新注...
各位有没有遇到过的

TOP

需要生成ssl时的错误提示和生成ssl时的/var/log/letsencrypt/letsencrypt.log 日志内容

TOP

复制内容到剪贴板
代码:
# tail -n 30 /var/log/letsencrypt/letsencrypt.log   
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py", line 641, in renew_cert
    _get_and_save_cert(le_client, config, lineage=lineage)
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py", line 77, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/renewal.py", line 297, in renew_cert
    new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/client.py", line 313, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py", line 81, in get_authorizations
    self._respond(resp, best_effort)
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py", line 138, in _respond
    self._poll_challenges(chall_update, best_effort)
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. bluenoob.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://bluenoob.com/.well-known/acme-challenge/mTl7V_2-98SB9yeKn_izbN2fgv6oJtnqGIGKx81OKu8: "


   body{background-color:#FFFFFF}</style"

2017-07-05 06:22:35,417:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in
    sys.exit(main())
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py", line 743, in main
    return config.func(config, plugins)
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/main.py", line 693, in renew
    renewal.handle_renewal_request(config)
  File "/root/.local/share/letsencrypt/lib/python2.6/site-packages/certbot/renewal.py", line 436, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
Error: 5 renew failure(s), 0 parse failure(s)

TOP

blue2008 密码忘了... 找回收不到邮件...
从1楼的帖子看 , 感觉问题是不是出在python ?
最初安装的时候 , 第一次生成 ssl ,能够正常 ,
后来我发现ssl过期了 , 看了一下crontab , 手动执行了一下也不行 ,
提示 Python 2.6 is no longer supported , 我就手动更新了python到 2.7

TOP

回复 4# 的帖子

按前面返回的信息看返回的代码也不是nginx报错信息上的
看你这个域名未备案被阻断也是无法正常获取到验证文件的
你更新了python,你还需要rm -rf /root/.local/share/letsencrypt/ 重新生成新的,pip也要升级成对应python版本的

TOP

很感谢军哥解答.
/letsencrypt/   怎么重新生成?
现在去安装PIP ,
.well-known 和user.ini , 我以为没用 , 被我删过好像.....
域名被封了80 , 但是443 没有被封

TOP

对了 , 提个小小的建议 ,  LNMP 里PHP或者mysql 之类的升级降级, 脚本里能不能加个备份 php.ini 之类的配置文件 ?

TOP

还有一个问题需要请教下的 ,
就是执行lnmp ssl , 生成abc.conf , 是覆盖之前的abc.conf , 还是追加 ?

TOP

问题比较多 ,再问个
nginx的 error_log , 加在nginx.conf 上 , 还是单独vhost 做 ?
一键脚本里默认是不带的
我现在是加在vhost里单独的conf里的

TOP

尴尬, 好不容易解决了pip 的问题之后 ,才发现
   Domain: xxx.com
   Type:   unauthorized
   Detail: Invalid response from

话说 , 验证这一步 , 能用非80 端口吗

TOP

acme.sh 是支持DNS验证的, 脚本后续是否能优化下 ?

TOP

不好意思军哥 , 我没有细看 .
php是有配置的
/usr/local/oldphp2017xxxxxxxx/etc/php.ini

ACME 我测试可以用 , 支持DNS验证 , 完美解决80端口被墙

TOP

删除后再生成证书时letsencrypt都是自动生成的

你80不通肯定没法验证,他们就是通过80端口访问验证文件的

升级前都会数据配置文件、启动脚本等所有文件进行备份,而且可以完全恢复,升级教程里有说明,自行看教程:https://lnmp.org/faq/lnmp1-2-upgrade.html

error_log 在哪设置的就是记录哪个虚拟主机的,全局的就是全局的

添加到原有http站点配置后,没正常生成证书是不会添加上配置文件的

非80没法验证

支持dns-01验证,自己运行命令就行了 certbot certonly --manual --preferred-challenges=dns -d 域名   按提示操作,自己去添加记录等就可以了
certbot本来就是官网的程序需要官网进行优化

TOP