VPS侦探论坛

 找回密码
 注册
查看: 300|回复: 3

依旧是安全证书的问题,

[复制链接]
发表于 2022-9-7 10:30:12 | 显示全部楼层 |阅读模式

根据最近军哥的回复:
1、我首先升级lnmp到1.9版本。
2、按照如下命令升级。
  1. 因为acme.sh升级了默认用zerossl了,需要增加一个邮箱的参数到配置文件里面
  2. 执行:
  3. /usr/local/acme.sh/acme.sh --register-account -m 你邮箱
  4. 后再添加就可以了
复制代码



日志一直报错,

[Wed Sep  7 10:14:57 CST 2022] GET
[Wed Sep  7 10:14:57 CST 2022] url='https://acme-v01.api.letsencrypt.org/directory'
[Wed Sep  7 10:14:57 CST 2022] timeout=
[Wed Sep  7 10:14:57 CST 2022] _CURL='curl --silent --dump-header /usr/local/acme.sh/http.header  -L  -g '
[Wed Sep  7 10:14:57 CST 2022] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Wed Sep  7 10:14:57 CST 2022] ret='6'
[Wed Sep  7 10:14:57 CST 2022] Can not init api for: https://acme-v01.api.letsencrypt.org/directory.
[Wed Sep  7 10:14:57 CST 2022] Sleep 10 and retry.
[Wed Sep  7 10:15:07 CST 2022] GET
[Wed Sep  7 10:15:07 CST 2022] url='https://acme-v01.api.letsencrypt.org/directory'
[Wed Sep  7 10:15:07 CST 2022] timeout=
[Wed Sep  7 10:15:07 CST 2022] _CURL='curl --silent --dump-header /usr/local/acme.sh/http.header  -L  -g '
[Wed Sep  7 10:15:07 CST 2022] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
[Wed Sep  7 10:15:07 CST 2022] ret='6'
[Wed Sep  7 10:15:07 CST 2022] Can not init api for: https://acme-v01.api.letsencrypt.org/directory.
[Wed Sep  7 10:15:07 CST 2022] Sleep 10 and retry.


目前理解是不是因为服务器和https://acme-v01.api.letsencrypt.org 这个的网络有问题导致的?测试ping返回是
ping: unknown host acme-v01.api.letsencrypt.org
再后来,发现新的机器使用的地址是:https://acme-v02.api.letsencrypt.org 这个地址是OK的。

两个问题:
1、是不是这个原因造成的?
2、更新后为何没有直接使用02这个地址呢?如何可以直接使用v02的地址?





美国VPS推荐: 遨游主机LinodeLOCVPS主机云VPS2EZ搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
 楼主| 发表于 2022-9-7 11:25:53 | 显示全部楼层


可能是我之前的lnmp的版本比较老,我记得大概是1.5-1.6升级到1.9的。
尝试不使用之前的重新添加,并,错误如下:
[Wed Sep  7 10:57:43 CST 2022] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4
最后,用lnmp ssl add,选择新的默认的zerossl添加,把旧的nginx配置取消掉,算是成功了吧。
Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org
 楼主| 发表于 2022-9-7 11:41:11 | 显示全部楼层

本帖最后由 pretender 于 2022-9-7 11:47 编辑

虽然成功了,但是手动更新还是一样的问题,如下面的日志,感觉应该是老配置没有删除完全造成的。
(刚找到 /usr/local/nginx/conf/ssl 目录下有残流的目录,挪走了,没有问题了,保留记录,当给后来人指引吧)
"/usr/local/acme.sh"/acme.sh --cron --home "/usr/local/acme.sh" > /home/wwwlogs/acme.sh.log

[Wed Sep  7 10:42:23 CST 2022] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4
[Wed Sep  7 10:42:33 CST 2022] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4
[Wed Sep  7 10:42:43 CST 2022] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4
[Wed Sep  7 10:42:53 CST 2022] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4
[Wed Sep  7 10:43:03 CST 2022] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4
[Wed Sep  7 10:43:13 CST 2022] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4
[Wed Sep  7 10:43:23 CST 2022] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4
[Wed Sep  7 10:43:33 CST 2022] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4
[Wed Sep  7 10:43:43 CST 2022] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4
[Wed Sep  7 10:43:53 CST 2022] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4
[Wed Sep  7 10:44:03 CST 2022] Can not init api, for https://acme-v01.api.letsencrypt.org/directory
美国VPS推荐: 遨游主机LinodeLOCVPS主机云VPS2EZ搬瓦工80VPSVultr美国VPS主机中国VPS推荐: 阿里云腾讯云。LNMP付费服务(代装/问题排查)QQ 503228080
发表于 2022-9-7 17:31:13 | 显示全部楼层



Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
这个error code: 6 错误是域名无法正常解析,ping: unknown host 也说明是域名无法正常解析,acme-v01.api.letsencrypt.org 这个是老版本的,目前已经弃用了,所以是无法续期

因为你这些域名里面还是原来的老版本的api所以续期还是会报错的,将 /usr/local/nginx/conf/ssl/域名/域名.conf 中的 acme-v01 改成 acme-v02 保存试试


另外不清楚你说的证书安全问题具体提示什么也没法判断是什么问题
Linux下Nginx+MySQL+PHP自动安装工具:https://lnmp.org
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|VPS侦探 ( 鲁ICP备16040043号-1 )

GMT+8, 2022-10-5 04:53 , Processed in 0.017982 second(s), 16 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表