VPS侦探论坛

 找回密码
 注册
搜索
热搜: pathinfo
查看: 2459|回复: 15

Lnmp添加ssl失败

[复制链接]
发表于 2018-4-4 11:10:19 | 显示全部楼层 |阅读模式

添加已有域名manage.ewwe.net  ssl创建失败
系统是Centos7.4
Lnmp已经升级到1.5

下面是记录

[root@VM_119_208_centos manage.ewwe.net]# lnmp ssl add
+-------------------------------------------+
|    Manager for LNMP, Written by Licess    |
+-------------------------------------------+
|              https://lnmp.org             |
+-------------------------------------------+
Please enter domain(example: www.lnmp.org): manage.ewwe.net
Your domain: manage.ewwe.net
Enter more domain name(example: lnmp.org *.lnmp.org):
Please enter the directory for domain manage.ewwe.net: /home/wwwroot/manage.ewwe                    .net
Allow Rewrite rule? (y/n) n
You choose rewrite: none
Allow access log? (y/n) y
Enter access log filename(Default:manage.ewwe.net.log):
You access log filename: manage.ewwe.net.log
Enable PHP Pathinfo? (y/n) n
Disable pathinfo.
1: Use your own SSL Certificate and Key
2: Use Let's Encrypt to create SSL Certificate and Key
Enter 1 or 2: 2
It will be processed automatically.
/usr/local/acme.sh/acme.sh [found]
Starting create SSL Certificate use Let's Encrypt...
[Wed Apr  4 11:04:09 CST 2018] Registering account
[Wed Apr  4 11:06:23 CST 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
[Wed Apr  4 11:06:23 CST 2018] Can not connect to https://acme-v01.api.letsencrypt.org/directory to get nonce.
[Wed Apr  4 11:06:23 CST 2018] Register account Error: {
  "gAf_FkzjRgY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
[Wed Apr  4 11:06:23 CST 2018] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
Let's Encrypt SSL Certificate create failed!
[root@VM_119_208_centos manage.ewwe.net]#


有用Lnmp1.5的命令 重新试了一下,还是不行。


[ 本帖最后由 miniday 于 2018-4-4 11:28 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?注册

x

美国VPS、VPN、域名代购:http://shop63846532.taobao.com/

发表于 2018-4-4 12:19:56 | 显示全部楼层


你发的日志里按错误信息看你机器连接不上letsencrypt的服务器


发一下新的日志看一下,或者export api参数后执行 /usr/local/acme.sh/acme.sh --issue -d manage.ewwe.net --dns dns_dp --log-level 2 --debug 2 看一下
美国VPS推荐: 遨游主机LinodeLOCVPSKVMLAVPS2EZ搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
 楼主| 发表于 2018-4-4 14:10:50 | 显示全部楼层



补一下新的日志

服务器是香港腾讯云,不知道为什么会连接不上呢。
下面是执行命令后的输出
、、

  1. [root@VM_119_208_centos manage.ewwe.net]#  /usr/local/acme.sh/acme.sh --issue -d manage.ewwe.net --dns dns_dp --log                        -level 2 --debug 2
  2. [Wed Apr  4 14:10:05 CST 2018] Lets find script dir.
  3. [Wed Apr  4 14:10:05 CST 2018] _SCRIPT_='/usr/local/acme.sh/acme.sh'
  4. [Wed Apr  4 14:10:05 CST 2018] _script='/usr/local/acme.sh/acme.sh'
  5. [Wed Apr  4 14:10:05 CST 2018] _script_home='/usr/local/acme.sh'
  6. [Wed Apr  4 14:10:05 CST 2018] Using config home:/usr/local/acme.sh
  7. [Wed Apr  4 14:10:05 CST 2018] LE_WORKING_DIR='/usr/local/acme.sh'
  8. https://github.com/Neilpang/acme.sh
  9. v2.7.7
  10. [Wed Apr  4 14:10:05 CST 2018] Using config home:/usr/local/acme.sh
  11. [Wed Apr  4 14:10:05 CST 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
  12. [Wed Apr  4 14:10:05 CST 2018] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
  13. [Wed Apr  4 14:10:05 CST 2018] DOMAIN_PATH='/usr/local/nginx/conf/ssl/manage.ewwe.net'
  14. [Wed Apr  4 14:10:05 CST 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
  15. [Wed Apr  4 14:10:05 CST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
  16. [Wed Apr  4 14:10:05 CST 2018] GET
  17. [Wed Apr  4 14:10:05 CST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
  18. [Wed Apr  4 14:10:05 CST 2018] timeout=
  19. [Wed Apr  4 14:10:05 CST 2018] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  --trace-ascii                         /tmp/tmp.k6BDdILEWj  -g '
  20. [Wed Apr  4 14:10:07 CST 2018] ret='0'
  21. [Wed Apr  4 14:10:07 CST 2018] response='{
  22.   "VqT5JaJ0BPM": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  23.   "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  24.   "meta": {
  25.     "caaIdentities": [
  26.       "letsencrypt.org"
  27.     ],
  28.     "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
  29.     "website": "https://letsencrypt.org"
  30.   },
  31.   "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  32.   "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  33.   "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  34.   "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
  35. }'
  36. [Wed Apr  4 14:10:07 CST 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
  37. [Wed Apr  4 14:10:07 CST 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
  38. [Wed Apr  4 14:10:07 CST 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
  39. [Wed Apr  4 14:10:07 CST 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
  40. [Wed Apr  4 14:10:07 CST 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
  41. [Wed Apr  4 14:10:07 CST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
  42. [Wed Apr  4 14:10:07 CST 2018] ACME_NEW_NONCE
  43. [Wed Apr  4 14:10:07 CST 2018] ACME_VERSION
  44. [Wed Apr  4 14:10:07 CST 2018] Le_NextRenewTime
  45. [Wed Apr  4 14:10:07 CST 2018] _on_before_issue
  46. [Wed Apr  4 14:10:07 CST 2018] 'dns_dp' does not contain 'no'
  47. [Wed Apr  4 14:10:07 CST 2018] Le_LocalAddress
  48. [Wed Apr  4 14:10:07 CST 2018] Check for domain='manage.ewwe.net'
  49. [Wed Apr  4 14:10:07 CST 2018] _currentRoot='dns_dp'
  50. [Wed Apr  4 14:10:07 CST 2018] 'dns_dp' does not contain 'apache'
  51. [Wed Apr  4 14:10:07 CST 2018] _saved_account_key_hash='RPHbiK2M5EX6pPAtI0iUpHzlZTkB24NxlR9MPQgWgys='
  52. [Wed Apr  4 14:10:07 CST 2018] _saved_account_key_hash is not changed, skip register account.
  53. [Wed Apr  4 14:10:07 CST 2018] Read key length:
  54. [Wed Apr  4 14:10:07 CST 2018] _createcsr
  55. [Wed Apr  4 14:10:07 CST 2018] domain='manage.ewwe.net'
  56. [Wed Apr  4 14:10:07 CST 2018] domainlist
  57. [Wed Apr  4 14:10:07 CST 2018] csrkey='/usr/local/nginx/conf/ssl/manage.ewwe.net/manage.ewwe.net.key'
  58. [Wed Apr  4 14:10:07 CST 2018] csr='/usr/local/nginx/conf/ssl/manage.ewwe.net/manage.ewwe.net.csr'
  59. [Wed Apr  4 14:10:07 CST 2018] csrconf='/usr/local/nginx/conf/ssl/manage.ewwe.net/manage.ewwe.net.csr.conf'
  60. [Wed Apr  4 14:10:07 CST 2018] Single domain='manage.ewwe.net'
  61. [Wed Apr  4 14:10:07 CST 2018] _is_idn_d='manage.ewwe.net'
  62. [Wed Apr  4 14:10:07 CST 2018] _idn_temp
  63. [Wed Apr  4 14:10:07 CST 2018] _csr_cn='manage.ewwe.net'
  64. [Wed Apr  4 14:10:07 CST 2018] Getting domain auth token for each domain
  65. [Wed Apr  4 14:10:07 CST 2018] Getting webroot for domain='manage.ewwe.net'
  66. [Wed Apr  4 14:10:07 CST 2018] _w='dns_dp'
  67. [Wed Apr  4 14:10:07 CST 2018] _currentRoot='dns_dp'
  68. [Wed Apr  4 14:10:07 CST 2018] Getting new-authz for domain='manage.ewwe.net'
  69. [Wed Apr  4 14:10:07 CST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
  70. [Wed Apr  4 14:10:07 CST 2018] Try new-authz for the 0 time.
  71. [Wed Apr  4 14:10:07 CST 2018] _is_idn_d='manage.ewwe.net'
  72. [Wed Apr  4 14:10:07 CST 2018] _idn_temp
  73. [Wed Apr  4 14:10:07 CST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
  74. [Wed Apr  4 14:10:07 CST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "manage.ew                        we.net"}}'
  75. [Wed Apr  4 14:10:07 CST 2018] RSA key
  76. [Wed Apr  4 14:10:07 CST 2018] Get nonce. ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
  77. [Wed Apr  4 14:10:07 CST 2018] GET
  78. [Wed Apr  4 14:10:07 CST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
  79. [Wed Apr  4 14:10:07 CST 2018] timeout=
  80. [Wed Apr  4 14:10:07 CST 2018] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  --trace-ascii                         /tmp/tmp.8sSbk0joxx  -g '
  81. [Wed Apr  4 14:10:08 CST 2018] ret='0'
  82. [Wed Apr  4 14:10:08 CST 2018] _headers='HTTP/1.1 200 OK
  83. Server: nginx
  84. Content-Type: application/json
  85. Content-Length: 658
  86. Replay-Nonce: EWzNgLSgHukX3BcOaBE5I0Gb8bCvLpyozrpOjfak5ZU
  87. X-Frame-Options: DENY
  88. Strict-Transport-Security: max-age=604800
  89. Expires: Wed, 04 Apr 2018 06:10:08 GMT
  90. Cache-Control: max-age=0, no-cache, no-store
  91. Pragma: no-cache
  92. Date: Wed, 04 Apr 2018 06:10:08 GMT
  93. Connection: keep-alive
  94. '
  95. [Wed Apr  4 14:10:08 CST 2018] _CACHED_NONCE='EWzNgLSgHukX3BcOaBE5I0Gb8bCvLpyozrpOjfak5ZU'
  96. [Wed Apr  4 14:10:08 CST 2018] nonce='EWzNgLSgHukX3BcOaBE5I0Gb8bCvLpyozrpOjfak5ZU'
  97. [Wed Apr  4 14:10:09 CST 2018] POST
  98. [Wed Apr  4 14:10:09 CST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
  99. [Wed Apr  4 14:10:09 CST 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "xDVlJkFFs                        tU0f-vplhWtwELca5HbXuaXj2HZVhPe_EPt2QJ1iOei5Vykdv_8mJU6yZHx6idA-i-2nCFlqPKYJ9asaFp0zs-rDDrBc-HfuaZ9lpCK5luksd-fstFy                        EmCtlowxI40NSRNpJSxyvPcJT_Gj0SJgcPNUybR_KWBYdIfIdSnxOPUd2EqqclApYC_OtLCH0j3kzSWahxNWKuDMmPVcO7IVOsy7_kxqimExVfWNKC1                        Lfnbu_QacBMMDtQJ6cLimZH-D58Y0r06O0NoYbjtthhkuHtcuHOj7NrZiXNiuj2yOprIi809aG9EmKrkJSH8ScCWAvKhKu6CXHwIXbQ"}}, "protec                        ted": "eyJub25jZSI6ICJFV3pOZ0xTZ0h1a1gzQmNPYUJFNUkwR2I4YkN2THB5b3pycE9qZmFrNVpVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAx                        LmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYXV0aHoiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0E                        iLCAibiI6ICJ4RFZsSmtGRnN0VTBmLXZwbGhXdHdFTGNhNUhiWHVhWGoySFpWaFBlX0VQdDJRSjFpT2V空格P空格NVZ5a2R2XzhtSlU2eVpIeDZpZEEtaS0ybk                        NGbHFQS1lKOWFzYUZwMHpzLXJERHJCYy1IZnVhWjlscENLNWx1a3NkLWZzdEZ5RW1DdGxvd3hJNDBOU1JOcEpTeHl2UGNKVF9HajBTSmdjUE5VeWJSX                        0tXQllkSWZJZFNueE9QVWQyRXFxY2xBcFlDX090TENIMGoza3pTV2FoeE5XS3VETW1QVmNPN0lWT3N5N19reHFpbUV4VmZXTktDMUxmbmJ1X1FhY0JN                        TUR0UUo2Y0xpbVpILUQ1OFkwcjA2TzBOb1lianR0aGhrdUh0Y3VIT2o3TnJaaVhOaXVqMnlPcHJJaTgwOWFHOUVtS3JrSlNIOFNjQ1dBdktoS3U2Q1h                        Id0lYYlEifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAi                        bWFuYWdlLmV3d2UubmV0In19", "signature": "kR1ZKPMER2ID1cMrOeO9_cgGAgEMArItRz4M6rQPVAZ9QfE_EY01s-Hn4DfIqUtvUXlcoBfqCH                        kfMPSKobHwKnQ6qToMVJ5mU9XEvnREwlsv0vr4G1MkkYO8VjRVl0x7H97vbjGfuv3pArHrqG7BOBSF-gdyvQ3RtyGV60gqo2J_Pr0jLzL89Bt_HfEbz                        SYVy_spp3o0NpidktGMI8Iqj_FjIAbzCwoZyfAWEHT2ZWuokFpif7IxPGOFgGvrbL6SZnl0_hcoLsygzzxiohfwreDlBQJF14v3PPc-nymKb0bNSTw5                        GHQmqDNppyUnLHPzrMp54Md_4gqKAWX0H_kMCw"}'
  100. [Wed Apr  4 14:10:09 CST 2018] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  --trace-ascii                         /tmp/tmp.ptWU1WZt18  -g '
复制代码

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?注册

x
美国VPS推荐: 遨游主机LinodeLOCVPSKVMLAVPS2EZ搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
发表于 2018-4-4 19:02:24 | 显示全部楼层

回复 3# 的帖子




附件里的日志还是上午的

上面贴出的日志中没有错误信息
美国VPS推荐: 遨游主机LinodeLOCVPSKVMLAVPS2EZ搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
 楼主| 发表于 2018-4-8 09:54:37 | 显示全部楼层

补一份最新的日志


补一份最新的日志,今天我有升级了一下acme还是不行啊、

[ 本帖最后由 miniday 于 2018-4-8 09:57 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?注册

x

美国VPS、VPN、域名代购:http://shop63846532.taobao.com/

发表于 2018-4-8 10:32:04 | 显示全部楼层

回复 5# 的帖子


看你日志里 Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
这个错误的话是连不上他们的服务器
连不上他们服务器是没法生成证书的

要不你pm我ip和root密码我看一下
Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org/
 楼主| 发表于 2018-4-9 09:26:52 | 显示全部楼层

回复 6# 的帖子



我已经私聊给你了、由于现在的这个服务器服务多,我给了另外一台,不过问题可以重现,应该是一样的问题。
Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org/
发表于 2018-4-10 14:03:24 | 显示全部楼层

我也遇到同样的问题,不知道怎么解决,能否提供下解决方案?


我的也是腾讯云香港节点。
美国VPS推荐: 遨游主机LinodeLOCVPSKVMLAVPS2EZ搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
发表于 2018-4-10 14:39:36 | 显示全部楼层

回复 8# 的帖子


没有具体的日志没法确定原因

美国VPS、VPN、域名代购:http://shop63846532.taobao.com/

 楼主| 发表于 2018-4-10 16:18:42 | 显示全部楼层

原帖由 licess 于 2018-4-8 10:32 发表
看你日志里 Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
这个错误的话是连不上他们的服务器
连不上他们服务器是没法生成证书的

要不你pm我ip和root密码我看一下 ...


------------------------------------------------------------------、

军哥,帮忙看了没?账号密码私聊给你了。

美国VPS、VPN、域名代购:http://shop63846532.taobao.com/

发表于 2018-4-10 17:18:58 | 显示全部楼层



我也遇到这个问题,自己排查没看出啥原因,可可能是我技术太渣了
现在只好使用 own ssl  汗,
期待军哥,把这个问题攻克。




感谢
Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org/
发表于 2018-4-10 19:40:33 | 显示全部楼层

回复 10# 的帖子




早就给你回复过短消息了
Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org/
发表于 2018-4-10 19:40:50 | 显示全部楼层

回复 11# 的帖子


错误信息日志都没有无法进行排查

美国VPS、VPN、域名代购:http://shop63846532.taobao.com/

发表于 2018-4-10 19:42:09 | 显示全部楼层

改host,github可能被服务商墙了


腾讯云改host后升级成功
Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org/
 楼主| 发表于 2018-4-10 22:08:43 | 显示全部楼层



原帖由 licess 于 2018-4-10 19:40 发表
早就给你回复过短消息了


额,看到了,不经常玩论坛,没注意短消息,一直看的帖子。

这台服务器可以给你实验用,模拟一下环境,我看也有人出现类似的情形,应该不是个别问题。希望能找到解决办法。
美国VPS推荐: 遨游主机LinodeLOCVPSKVMLAVPS2EZ搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|VPS侦探 ( 鲁ICP备16040043号-1 )

GMT+8, 2019-5-19 20:06 , Processed in 0.052600 second(s), 27 queries .

Powered by Discuz! X3.4

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表