打印

Lnmp添加ssl失败

Lnmp添加ssl失败

添加已有域名manage.ewwe.net  ssl创建失败
系统是Centos7.4
Lnmp已经升级到1.5

下面是记录

[root@VM_119_208_centos manage.ewwe.net]# lnmp ssl add
+-------------------------------------------+
|    Manager for LNMP, Written by Licess    |
+-------------------------------------------+
|              https://lnmp.org             |
+-------------------------------------------+
Please enter domain(example: www.lnmp.org): manage.ewwe.net
Your domain: manage.ewwe.net
Enter more domain name(example: lnmp.org *.lnmp.org):
Please enter the directory for domain manage.ewwe.net: /home/wwwroot/manage.ewwe                    .net
Allow Rewrite rule? (y/n) n
You choose rewrite: none
Allow access log? (y/n) y
Enter access log filename(Default:manage.ewwe.net.log):
You access log filename: manage.ewwe.net.log
Enable PHP Pathinfo? (y/n) n
Disable pathinfo.
1: Use your own SSL Certificate and Key
2: Use Let's Encrypt to create SSL Certificate and Key
Enter 1 or 2: 2
It will be processed automatically.
/usr/local/acme.sh/acme.sh [found]
Starting create SSL Certificate use Let's Encrypt...
[Wed Apr  4 11:04:09 CST 2018] Registering account
[Wed Apr  4 11:06:23 CST 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
[Wed Apr  4 11:06:23 CST 2018] Can not connect to https://acme-v01.api.letsencrypt.org/directory to get nonce.
[Wed Apr  4 11:06:23 CST 2018] Register account Error: {
  "gAf_FkzjRgY": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
[Wed Apr  4 11:06:23 CST 2018] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
Let's Encrypt SSL Certificate create failed!
[root@VM_119_208_centos manage.ewwe.net]#


有用Lnmp1.5的命令 重新试了一下,还是不行。


[ 本帖最后由 miniday 于 2018-4-4 11:28 编辑 ]
附件: 您所在的用户组无法下载或查看附件

TOP

你发的日志里按错误信息看你机器连接不上letsencrypt的服务器


发一下新的日志看一下,或者export api参数后执行 /usr/local/acme.sh/acme.sh --issue -d manage.ewwe.net --dns dns_dp --log-level 2 --debug 2 看一下

LNMP付费问题排查/LNMP技术支持/Paypal信用卡代付/代购VPS,域名,软件等 QQ 503228080 旺旺 lzhenbao
军哥淘宝店铺
QQ/旺旺仅提供代购及付费代维/问题解决等服务,其他不回复!LNMP相关问题请在本论坛发帖,提问前先搜索,按https://bbs.vpser.net/thread-2555-1-1.html 要求反馈问题!

TOP

补一下新的日志

服务器是香港腾讯云,不知道为什么会连接不上呢。
下面是执行命令后的输出
、、
复制内容到剪贴板
代码:
[root@VM_119_208_centos manage.ewwe.net]#  /usr/local/acme.sh/acme.sh --issue -d manage.ewwe.net --dns dns_dp --log                        -level 2 --debug 2
[Wed Apr  4 14:10:05 CST 2018] Lets find script dir.
[Wed Apr  4 14:10:05 CST 2018] _SCRIPT_='/usr/local/acme.sh/acme.sh'
[Wed Apr  4 14:10:05 CST 2018] _script='/usr/local/acme.sh/acme.sh'
[Wed Apr  4 14:10:05 CST 2018] _script_home='/usr/local/acme.sh'
[Wed Apr  4 14:10:05 CST 2018] Using config home:/usr/local/acme.sh
[Wed Apr  4 14:10:05 CST 2018] LE_WORKING_DIR='/usr/local/acme.sh'
https://github.com/Neilpang/acme.sh
v2.7.7
[Wed Apr  4 14:10:05 CST 2018] Using config home:/usr/local/acme.sh
[Wed Apr  4 14:10:05 CST 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Wed Apr  4 14:10:05 CST 2018] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Wed Apr  4 14:10:05 CST 2018] DOMAIN_PATH='/usr/local/nginx/conf/ssl/manage.ewwe.net'
[Wed Apr  4 14:10:05 CST 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Wed Apr  4 14:10:05 CST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Wed Apr  4 14:10:05 CST 2018] GET
[Wed Apr  4 14:10:05 CST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Wed Apr  4 14:10:05 CST 2018] timeout=
[Wed Apr  4 14:10:05 CST 2018] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  --trace-ascii                         /tmp/tmp.k6BDdILEWj  -g '
[Wed Apr  4 14:10:07 CST 2018] ret='0'
[Wed Apr  4 14:10:07 CST 2018] response='{
  "VqT5JaJ0BPM": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}'
[Wed Apr  4 14:10:07 CST 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Wed Apr  4 14:10:07 CST 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Wed Apr  4 14:10:07 CST 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Wed Apr  4 14:10:07 CST 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Wed Apr  4 14:10:07 CST 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Wed Apr  4 14:10:07 CST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Wed Apr  4 14:10:07 CST 2018] ACME_NEW_NONCE
[Wed Apr  4 14:10:07 CST 2018] ACME_VERSION
[Wed Apr  4 14:10:07 CST 2018] Le_NextRenewTime
[Wed Apr  4 14:10:07 CST 2018] _on_before_issue
[Wed Apr  4 14:10:07 CST 2018] 'dns_dp' does not contain 'no'
[Wed Apr  4 14:10:07 CST 2018] Le_LocalAddress
[Wed Apr  4 14:10:07 CST 2018] Check for domain='manage.ewwe.net'
[Wed Apr  4 14:10:07 CST 2018] _currentRoot='dns_dp'
[Wed Apr  4 14:10:07 CST 2018] 'dns_dp' does not contain 'apache'
[Wed Apr  4 14:10:07 CST 2018] _saved_account_key_hash='RPHbiK2M5EX6pPAtI0iUpHzlZTkB24NxlR9MPQgWgys='
[Wed Apr  4 14:10:07 CST 2018] _saved_account_key_hash is not changed, skip register account.
[Wed Apr  4 14:10:07 CST 2018] Read key length:
[Wed Apr  4 14:10:07 CST 2018] _createcsr
[Wed Apr  4 14:10:07 CST 2018] domain='manage.ewwe.net'
[Wed Apr  4 14:10:07 CST 2018] domainlist
[Wed Apr  4 14:10:07 CST 2018] csrkey='/usr/local/nginx/conf/ssl/manage.ewwe.net/manage.ewwe.net.key'
[Wed Apr  4 14:10:07 CST 2018] csr='/usr/local/nginx/conf/ssl/manage.ewwe.net/manage.ewwe.net.csr'
[Wed Apr  4 14:10:07 CST 2018] csrconf='/usr/local/nginx/conf/ssl/manage.ewwe.net/manage.ewwe.net.csr.conf'
[Wed Apr  4 14:10:07 CST 2018] Single domain='manage.ewwe.net'
[Wed Apr  4 14:10:07 CST 2018] _is_idn_d='manage.ewwe.net'
[Wed Apr  4 14:10:07 CST 2018] _idn_temp
[Wed Apr  4 14:10:07 CST 2018] _csr_cn='manage.ewwe.net'
[Wed Apr  4 14:10:07 CST 2018] Getting domain auth token for each domain
[Wed Apr  4 14:10:07 CST 2018] Getting webroot for domain='manage.ewwe.net'
[Wed Apr  4 14:10:07 CST 2018] _w='dns_dp'
[Wed Apr  4 14:10:07 CST 2018] _currentRoot='dns_dp'
[Wed Apr  4 14:10:07 CST 2018] Getting new-authz for domain='manage.ewwe.net'
[Wed Apr  4 14:10:07 CST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Wed Apr  4 14:10:07 CST 2018] Try new-authz for the 0 time.
[Wed Apr  4 14:10:07 CST 2018] _is_idn_d='manage.ewwe.net'
[Wed Apr  4 14:10:07 CST 2018] _idn_temp
[Wed Apr  4 14:10:07 CST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Wed Apr  4 14:10:07 CST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "manage.ew                        we.net"}}'
[Wed Apr  4 14:10:07 CST 2018] RSA key
[Wed Apr  4 14:10:07 CST 2018] Get nonce. ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Wed Apr  4 14:10:07 CST 2018] GET
[Wed Apr  4 14:10:07 CST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Wed Apr  4 14:10:07 CST 2018] timeout=
[Wed Apr  4 14:10:07 CST 2018] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  --trace-ascii                         /tmp/tmp.8sSbk0joxx  -g '
[Wed Apr  4 14:10:08 CST 2018] ret='0'
[Wed Apr  4 14:10:08 CST 2018] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 658
Replay-Nonce: EWzNgLSgHukX3BcOaBE5I0Gb8bCvLpyozrpOjfak5ZU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 04 Apr 2018 06:10:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 04 Apr 2018 06:10:08 GMT
Connection: keep-alive
'
[Wed Apr  4 14:10:08 CST 2018] _CACHED_NONCE='EWzNgLSgHukX3BcOaBE5I0Gb8bCvLpyozrpOjfak5ZU'
[Wed Apr  4 14:10:08 CST 2018] nonce='EWzNgLSgHukX3BcOaBE5I0Gb8bCvLpyozrpOjfak5ZU'
[Wed Apr  4 14:10:09 CST 2018] POST
[Wed Apr  4 14:10:09 CST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Wed Apr  4 14:10:09 CST 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "xDVlJkFFs                        tU0f-vplhWtwELca5HbXuaXj2HZVhPe_EPt2QJ1iOei5Vykdv_8mJU6yZHx6idA-i-2nCFlqPKYJ9asaFp0zs-rDDrBc-HfuaZ9lpCK5luksd-fstFy                        EmCtlowxI40NSRNpJSxyvPcJT_Gj0SJgcPNUybR_KWBYdIfIdSnxOPUd2EqqclApYC_OtLCH0j3kzSWahxNWKuDMmPVcO7IVOsy7_kxqimExVfWNKC1                        Lfnbu_QacBMMDtQJ6cLimZH-D58Y0r06O0NoYbjtthhkuHtcuHOj7NrZiXNiuj2yOprIi809aG9EmKrkJSH8ScCWAvKhKu6CXHwIXbQ"}}, "protec                        ted": "eyJub25jZSI6ICJFV3pOZ0xTZ0h1a1gzQmNPYUJFNUkwR2I4YkN2THB5b3pycE9qZmFrNVpVIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAx                        LmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYXV0aHoiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0E                        iLCAibiI6ICJ4RFZsSmtGRnN0VTBmLXZwbGhXdHdFTGNhNUhiWHVhWGoySFpWaFBlX0VQdDJRSjFpT2V空格P空格NVZ5a2R2XzhtSlU2eVpIeDZpZEEtaS0ybk                        NGbHFQS1lKOWFzYUZwMHpzLXJERHJCYy1IZnVhWjlscENLNWx1a3NkLWZzdEZ5RW1DdGxvd3hJNDBOU1JOcEpTeHl2UGNKVF9HajBTSmdjUE5VeWJSX                        0tXQllkSWZJZFNueE9QVWQyRXFxY2xBcFlDX090TENIMGoza3pTV2FoeE5XS3VETW1QVmNPN0lWT3N5N19reHFpbUV4VmZXTktDMUxmbmJ1X1FhY0JN                        TUR0UUo2Y0xpbVpILUQ1OFkwcjA2TzBOb1lianR0aGhrdUh0Y3VIT2o3TnJaaVhOaXVqMnlPcHJJaTgwOWFHOUVtS3JrSlNIOFNjQ1dBdktoS3U2Q1h                        Id0lYYlEifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAi                        bWFuYWdlLmV3d2UubmV0In19", "signature": "kR1ZKPMER2ID1cMrOeO9_cgGAgEMArItRz4M6rQPVAZ9QfE_EY01s-Hn4DfIqUtvUXlcoBfqCH                        kfMPSKobHwKnQ6qToMVJ5mU9XEvnREwlsv0vr4G1MkkYO8VjRVl0x7H97vbjGfuv3pArHrqG7BOBSF-gdyvQ3RtyGV60gqo2J_Pr0jLzL89Bt_HfEbz                        SYVy_spp3o0NpidktGMI8Iqj_FjIAbzCwoZyfAWEHT2ZWuokFpif7IxPGOFgGvrbL6SZnl0_hcoLsygzzxiohfwreDlBQJF14v3PPc-nymKb0bNSTw5                        GHQmqDNppyUnLHPzrMp54Md_4gqKAWX0H_kMCw"}'
[Wed Apr  4 14:10:09 CST 2018] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header  --trace-ascii                         /tmp/tmp.ptWU1WZt18  -g '
附件: 您所在的用户组无法下载或查看附件

TOP

回复 3# 的帖子

附件里的日志还是上午的

上面贴出的日志中没有错误信息

LNMP付费问题排查/LNMP技术支持/Paypal信用卡代付/代购VPS,域名,软件等 QQ 503228080 旺旺 lzhenbao
军哥淘宝店铺
QQ/旺旺仅提供代购及付费代维/问题解决等服务,其他不回复!LNMP相关问题请在本论坛发帖,提问前先搜索,按https://bbs.vpser.net/thread-2555-1-1.html 要求反馈问题!

TOP

补一份最新的日志

补一份最新的日志,今天我有升级了一下acme还是不行啊、

[ 本帖最后由 miniday 于 2018-4-8 09:57 编辑 ]
附件: 您所在的用户组无法下载或查看附件

TOP

回复 5# 的帖子

看你日志里 Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
这个错误的话是连不上他们的服务器
连不上他们服务器是没法生成证书的

要不你pm我ip和root密码我看一下

LNMP付费问题排查/LNMP技术支持/Paypal信用卡代付/代购VPS,域名,软件等 QQ 503228080 旺旺 lzhenbao
军哥淘宝店铺
QQ/旺旺仅提供代购及付费代维/问题解决等服务,其他不回复!LNMP相关问题请在本论坛发帖,提问前先搜索,按https://bbs.vpser.net/thread-2555-1-1.html 要求反馈问题!

TOP

回复 6# 的帖子

我已经私聊给你了、由于现在的这个服务器服务多,我给了另外一台,不过问题可以重现,应该是一样的问题。

TOP

我也遇到同样的问题,不知道怎么解决,能否提供下解决方案?

我的也是腾讯云香港节点。

TOP

回复 8# 的帖子

没有具体的日志没法确定原因

LNMP付费问题排查/LNMP技术支持/Paypal信用卡代付/代购VPS,域名,软件等 QQ 503228080 旺旺 lzhenbao
军哥淘宝店铺
QQ/旺旺仅提供代购及付费代维/问题解决等服务,其他不回复!LNMP相关问题请在本论坛发帖,提问前先搜索,按https://bbs.vpser.net/thread-2555-1-1.html 要求反馈问题!

TOP

引用:
原帖由 licess 于 2018-4-8 10:32 发表
看你日志里 Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
这个错误的话是连不上他们的服务器
连不上他们服务器是没法生成证书的

要不你pm我ip和root密码我看一下 ...
------------------------------------------------------------------、

军哥,帮忙看了没?账号密码私聊给你了。

TOP

我也遇到这个问题,自己排查没看出啥原因,可可能是我技术太渣了
现在只好使用 own ssl  汗,
期待军哥,把这个问题攻克。




感谢

TOP

回复 10# 的帖子

早就给你回复过短消息了

LNMP付费问题排查/LNMP技术支持/Paypal信用卡代付/代购VPS,域名,软件等 QQ 503228080 旺旺 lzhenbao
军哥淘宝店铺
QQ/旺旺仅提供代购及付费代维/问题解决等服务,其他不回复!LNMP相关问题请在本论坛发帖,提问前先搜索,按https://bbs.vpser.net/thread-2555-1-1.html 要求反馈问题!

TOP

回复 11# 的帖子

错误信息日志都没有无法进行排查

LNMP付费问题排查/LNMP技术支持/Paypal信用卡代付/代购VPS,域名,软件等 QQ 503228080 旺旺 lzhenbao
军哥淘宝店铺
QQ/旺旺仅提供代购及付费代维/问题解决等服务,其他不回复!LNMP相关问题请在本论坛发帖,提问前先搜索,按https://bbs.vpser.net/thread-2555-1-1.html 要求反馈问题!

TOP

改host,github可能被服务商墙了

腾讯云改host后升级成功

TOP

引用:
原帖由 licess 于 2018-4-10 19:40 发表
早就给你回复过短消息了
额,看到了,不经常玩论坛,没注意短消息,一直看的帖子。

这台服务器可以给你实验用,模拟一下环境,我看也有人出现类似的情形,应该不是个别问题。希望能找到解决办法。

TOP