打印

【求助】lnmp ssl 无法更新

【求助】lnmp ssl 无法更新

安装完LNMP后,网站开启了SSL,刚检查发现过几天SSL到期,无法更新。
1. 输入官网解决方案无效:自动更新命令:wget -O - http://soft.vpser.net/lnmp/ext/fix_renewssl.sh|bash

2.按照其他帖子解决方案也不行:
输入:/bin/certbot renew --force-renewal --disable-hook-validation --renew-hook "/etc/init.d/nginx reload"

我看着提示是DNS解析错误,
A记录没问题(网站一直可访问),AAAA记录没填。
请问我该如何操作呢?(新手,如果方便的话请尽量告知具体命令,不胜感激)

以下为提示输入代码后提示内容:
复制内容到剪贴板
代码:
[root@2016071346856 ~]# /bin/certbot renew --force-renewal --disable-hook-validation --renew-hook "/etc/init.d/nginx reload"
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/www.mydomain.com.conf
-------------------------------------------------------------------------------
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/acme/jose/jwa.py:110: DeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
  signer = key.signer(self.padding, self.hash)
Performing the following challenges:
http-01 challenge for www.mydomain.com
http-01 challenge for mydomain.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (www.mydomain.com) from /etc/letsencrypt/renewal/www.mydomain.com.conf produced an unexpected error: Failed authorization procedure. mydomain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain.com/.well-known/acme-challenge/0cLkpwKiPfHsQKgoDefkjUEK-97Yv8MINwz8BU2LM4Q: "
403 Forbidden

403 Forbidden
", www.mydomain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.mydomain.com/.well-known/acme-challenge/4NpS5boY7wKxQdpGCmagXcfrGlXBZAxuMAa1lSK6RCc: "
403 Forbidden

403 Forbidden
". Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/www.mydomain.com/fullchain.pem (failure)

-------------------------------------------------------------------------------

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/www.mydomain.com/fullchain.pem (failure)
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
- The following errors were reported by the server:

   Domain: mydomain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://mydomain.com/.well-known/acme-challenge/0cLkpwKiPfHsQKgoDefkjUEK-97Yv8MINwz8BU2LM4Q:
   "
   403 Forbidden
   
   403 Forbidden
   "

   Domain: www.mydomain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.mydomain.com/.well-known/acme-challenge/4NpS5boY7wKxQdpGCmagXcfrGlXBZAxuMAa1lSK6RCc:
   "
   403 Forbidden
   
   403 Forbidden
   "

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

TOP

之前生成证书正常,续期返回403错误应该是该虚拟主机上又添加了deny规则,贴一下你的配置看一下

TOP