打印

1.3升级到1.4添,添加ssl主机失败

1.3升级到1.4添,添加ssl主机失败

参考了这个 https://lnmp.org/faq/upgrade1-4.html
lnmp由1.3升级到1.4后添加的

探针这么显示
服务器域名/IP地址www.lnmp.org(10.244.37.20)
服务器标识Linux localhost.localdomain 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64
服务器操作系统Linux  内核版本:3.10.0-327.el7.x86_64服务器解译引擎nginx/1.12.0
服务器语言zh-CN,zh;q=0.8服务器端口8888
服务器主机名localhost.localdomain绝对路径/home/wwwroot/default
管理员邮箱探针路径/home/wwwroot/default/pxxxxxxxxx.php


以下是全过程
-----------------------------------------------------------------------------------------
[root@localhost wwwroot]# lnmp vhost add
+-------------------------------------------+
|    Manager for LNMP, Written by Licess    |
+-------------------------------------------+
|              https://lnmp.org             |
+-------------------------------------------+
Please enter domain(example: www.lnmp.org): wx.AAAA.com
Your domain: wx.AAAA.com
Enter more domain name(example: lnmp.org *.lnmp.org):
Please enter the directory for the domain: wx.qyzg.com
Default directory: /home/wwwroot/wx.AAAA.com:
Virtual Host Directory: /home/wwwroot/wx.AAAA.com
Allow Rewrite rule? (y/n) y
Please enter the rewrite of programme,
wordpress,discuz,typecho,sablog,typecho rewrite was exist.
(Default rewrite: other):
You choose rewrite: other
Allow access log? (y/n) y
Enter access log filename(Default:wx.qyzg.com.log):
You access log filename: wx.qyzg.com.log
Create database and MySQL user with same name (y/n) n
Create ftp account (y/n) n
Add SSL Certificate (y/n) y
1: Use your own SSL Certificate and Key
2: Use Let's Encrypt to create SSL Certificate and Key
Enter 1 or 2: 2
Please enter your email address: XXXXXX@foxmail.com
It will be processed automatically.

Press any key to start create virtul host...
Create Virtul Host directory......
set permissions of Virtual Host directory......
You select the exist rewrite rule:/usr/local/nginx/conf/other.conf
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
Gracefully shutting down php-fpm . done
Starting php-fpm  done
You select the exist rewrite rule:/usr/local/nginx/conf/other.conf
Test Nginx configure file......
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......
/bin/certbot [found]
index-url = https://pypi.doubanio.com/simple/
pip.conf exist.
Starting create SSL Certificate use Let's Encrypt...
Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no              -bootstrap)
yum 是 /bin/yum
已加载插件:fastestmirror, langpacks
base                                                     | 3.6 kB     00:00
epel/x86_64/metalink                                     | 5.8 kB     00:00
epel                                                     | 4.3 kB     00:00
extras                                                   | 3.4 kB     00:00
updates                                                  | 3.4 kB     00:00
(1/2): epel/x86_64/updateinfo                              | 832 kB   00:00
(2/2): epel/x86_64/primary_db                              | 4.8 MB   00:04
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* epel: mirrors.tongji.edu.cn
* extras: mirrors.163.com
* updates: mirrors.163.com
软件包 gcc-4.8.5-16.el7.x86_64 已安装并且是最新版本
软件包 augeas-libs-1.4.0-2.el7_4.1.x86_64 已安装并且是最新版本
软件包 1penssl-1.0.2k-8.el7.x86_64 已安装并且是最新版本
软件包 1penssl-devel-1.0.2k-8.el7.x86_64 已安装并且是最新版本
软件包 libffi-devel-3.0.13-18.el7.x86_64 已安装并且是最新版本
软件包 redhat-rpm-config-9.1.0-76.el7.centos.noarch 已安装并且是最新版本
软件包 ca-certificates-2017.2.14-71.el7.noarch 已安装并且是最新版本
软件包 python-2.7.5-58.el7.x86_64 已安装并且是最新版本
软件包 python-devel-2.7.5-58.el7.x86_64 已安装并且是最新版本
软件包 python-virtualenv-1.10.1-4.el7.noarch 已安装并且是最新版本
软件包 python-tools-2.7.5-58.el7.x86_64 已安装并且是最新版本
软件包 python2-pip-8.1.2-5.el7.noarch 已安装并且是最新版本
无须任何处理
Upgrading certbot-auto 0.18.1 to 0.18.2...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wx.AAAA.com
Using the webroot path /home/wwwroot/wx.AAAA.com for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. wx.AAAA.com (http-01): urn:acme:error:unauthoriz              ed :: The client lacks sufficient authorization :: Invalid response from http://              wx.AAAA.com/.well-known/acme-challenge/1mj6-m2p-6vuaz3J4f6jswxbqfeiFwjV3a7_xhAD6              0k: "<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>"

IMPORTANT NOTES:
- The following errors were reported by the server:

   Domain: wx.AAAA.com
   Type:   unauthorized
   Detail: Invalid response from
   http://wx.AAAA.com/.well-known/acme-challenge/1mj6-m2p-6vuaz3J4f6jswxbqfeiFwj              V3a7_xhAD60k:
   "<html>
   <head><title>403 Forbidden</title></head>
   <body bgcolor="white">
   <center><h1>403 Forbidden</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
- Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
Let's Encrypt SSL Certificate create failed!
================================================
Virtualhost infomation:
Your domain: wx.AAAA.com
Home Directory: /home/wwwroot/wx.AAAA.com
Rewrite: other
Enable log: yes
Create database: no
Create ftp account: no
Enable SSL: yes
  =>Let's Encrypt
================================================
[root@localhost wwwroot]#
--------------------------------------------------------------------------------------------------------------

[root@localhost vhost]# vi wx.AAAA.com.conf
        include enable-php.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }

        access_log  /home/wwwlogs/wx.AAAA.com.log;
    }
-------------------------------------------------------------------------------------

TOP

按返回详细看是403
看配置文件是正常的
可以看一下 /var/log/letsencrypt/letsencrypt.log 中日志的具体信息
有些NS服务器可能不支持

TOP

看不太懂~~
2017-09-29 08:31:44,668EBUG:certbot.reporter:Reporting to user: The followingerrors were reported by the server:

Domain: wx.AAAA.com
Type:   unauthorized
Detail: Invalid response from http://wx.AAAA.com/.well-known/acme-challenge/1mj6-m2p-6vuaz3J4f6jswxbqfeiFwjV3a7_xhAD60k: "<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2017-09-29 08:31:44,668:INFO:certbot.auth_handler:Cleaning up challenges
2017-09-29 08:31:44,668EBUG:certbot.plugins.webroot:Removing /home/wwwroot/wx.AAAA.com/.well-known/acme-challenge/1mj6-m2p-6vuaz3J4f6jswxbqfeiFwjV3a7_xhAD60k
2017-09-29 08:31:44,669EBUG:certbot.plugins.webroot:All challenges cleaned up,removing /home/wwwroot/wx.AAAA.com/.well-known/acme-challenge
2017-09-29 08:31:44,669EBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py",line 755, in main
    return config.func(config, plugins)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py",line 694, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py",line 82, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 357, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/client.py", line 318, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 81, in get_authorizations
    self._respond(resp, best_effort)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 138, in _respond
    self._poll_challenges(chall_update, best_effort)
  File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. wx.AAAA.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://wx.AAAA.com/.well-known/acme-challenge/1mj6-m2p-6vuaz3J4f6jswxbqfeiFwjV3a7_xhAD60k: "<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>"

TOP

回复 3# 的帖子

如果解析没错误等话,可能目录权限有问题或者更换ns后再试试

TOP

NS服务器指的是?不是域名服务器吧...

TOP

回复 5# 的帖子

DNS服务器

TOP