打印

Let'sEncrypt更新失败

Let'sEncrypt更新失败

按军哥的方法:wget -O - http://soft.vpser.net/lnmp/ext/fix_renewssl.sh|bash报错:


2018-01-09 16:34:42 (91.7 MB/s) - written to stdout [1410/1410]


Remove Let's encrypt crontab renew rule...
Update Let's encrypt crontab renew rule...
OK.
Try to run certbot renew script...
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log


-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/wx.baiyousem.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal


-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/www.baiyousem.com.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/acme/jose/jwa.py:110: DeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
  signer = key.signer(self.padding, self.hash)
Performing the following challenges:
http-01 challenge for www.baiyousem.com
http-01 challenge for baiyousem.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (www.baiyousem.com) from /etc/letsencrypt/renewal/www.baiyousem.com.conf produced an unexpected error: Failed authorization procedure. baiyousem.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for baiyousem.com, www.baiyousem.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up CAA for www.baiyousem.com. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/www.baiyousem.com/fullchain.pem (failure)


-------------------------------------------------------------------------------


The following certs are not due for renewal yet:
  /etc/letsencrypt/live/wx.baiyousem.com/fullchain.pem (skipped)
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/www.baiyousem.com/fullchain.pem (failure)
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)


IMPORTANT NOTES:
- The following errors were reported by the server:


   Domain: baiyousem.com
   Type:   connection
   Detail: DNS problem: SERVFAIL looking up A for baiyousem.com


   Domain: www.baiyousem.com
   Type:   connection
   Detail: DNS problem: SERVFAIL looking up CAA for www.baiyousem.com

TOP

回复 1# 的帖子

To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

TOP

执行:cd /tmp && wget http://soft.vpser.net/lnmp/lnmp1.4.tar.gz -O lnmp1.4.tar.gz && tar zxf lnmp1.4.tar.gz && cd lnmp1.4 && ./upgrade1.x-1.4.sh

报如下信息:
--2018-01-09 16:42:28--  http://soft.vpser.net/lnmp/lnmp1.4.tar.gz
Resolving soft.vpser.net... 117.34.112.38, 2600:3c01::f03c:91ff:fe92:1a06
Connecting to soft.vpser.net|117.34.112.38|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 136983 (134K) [application/octet-stream]
Saving to: “lnmp1.4.tar.gz”

100%[====================================================================>] 136,983     --.-K/s   in 0.1s   

2018-01-09 16:42:28 (904 KB/s) - “lnmp1.4.tar.gz” saved [136983/136983]

+--------------------------------------------------+
|  A tool to upgrade lnmp manager from 1.x to 1.4  |
+--------------------------------------------------+
|For more information please visit https://lnmp.org|
+--------------------------------------------------+
upgrade lnmp manager complete.

这个是不是代表更新成功了。

TOP

打开域名报如下错误:
您的时钟快了您计算机的日期和时间(2018年1月9日星期二 下午4:47:48)不正确,因此无法与www.baiyousem.com 建立私密连接。

NET::ERR_CERT_DATE_INVALID

TOP

/bin/certbot renew --disable-hook-validation --renew-hook "/etc/init.d/nginx reload"
执行后不能正常 更新还是报如下错误:

Attempting to renew cert (www.baiyousem.com) from /etc/letsencrypt/renewal/www.baiyousem.com.conf produced an unexpected error: Failed authorization procedure. baiyousem.com (http-01): urn:acme:error:unknownHost :: The server could not resolve a domain name :: No valid IP addresses found for baiyousem.com. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/www.baiyousem.com/fullchain.pem (failure)

TOP

No valid IP addresses found for baiyousem.com. Skipping.

ip都解析不出来肯定无法正常续期的

TOP

回复 6# 的帖子

Attempting to renew cert (www.baiyousem.com) from /etc/letsencrypt/renewal/www.baiyousem.com.conf produced an unexpected error: Failed authorization procedure. baiyousem.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for baiyousem.com. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/www.baiyousem.com/fullchain.pem (failure)

现在报的是这个错,我用的是爱名网自带的DNS,.是不是DNS的问题....

TOP



两个域名,你不带www的域名解析不出ip来,估计没做解析吧
附件: 您所在的用户组无法下载或查看附件

TOP