年前使用过一次acme.sh申请证书,失败了,使用nginx。今天又尝试了下,又失败了。我太奇葩吗???
使用nginx,之前nginx正常运行,加了--debug --log以后就是下面一大坨的日志。看了半天我也看不出是怎么就错了。一脸懵逼。就硬逼着用dns模式吗??而且acme.sh自带的webroot模式也很不行啊,我吧nginx关闭了她依然不能啊。一脸懵逼
acme.sh --issue -d xxxx.tk --nginx
[Sun Mar 15 05:27:23 EDT 2020] Running cmd: issue
[Sun Mar 15 05:27:23 EDT 2020] _main_domain='xxx.tk'
[Sun Mar 15 05:27:23 EDT 2020] _alt_domains='no'
[Sun Mar 15 05:27:23 EDT 2020] Using config home:/root/.acme.sh
[Sun Mar 15 05:27:23 EDT 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sun Mar 15 05:27:23 EDT 2020] DOMAIN_PATH='/root/.acme.sh/xxx.tk'
[Sun Mar 15 05:27:23 EDT 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sun Mar 15 05:27:23 EDT 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sun Mar 15 05:27:23 EDT 2020] GET
[Sun Mar 15 05:27:23 EDT 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Sun Mar 15 05:27:23 EDT 2020] timeout=
[Sun Mar 15 05:27:23 EDT 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Sun Mar 15 05:27:23 EDT 2020] ret='0'
[Sun Mar 15 05:27:23 EDT 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Sun Mar 15 05:27:23 EDT 2020] ACME_NEW_AUTHZ
[Sun Mar 15 05:27:23 EDT 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Mar 15 05:27:23 EDT 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sun Mar 15 05:27:23 EDT 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Sun Mar 15 05:27:23 EDT 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sun Mar 15 05:27:23 EDT 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Mar 15 05:27:23 EDT 2020] ACME_VERSION='2'
[Sun Mar 15 05:27:23 EDT 2020] Le_NextRenewTime
[Sun Mar 15 05:27:23 EDT 2020] _on_before_issue
[Sun Mar 15 05:27:23 EDT 2020] _chk_main_domain='xxx.tk'
[Sun Mar 15 05:27:23 EDT 2020] _chk_alt_domains
[Sun Mar 15 05:27:23 EDT 2020] Le_LocalAddress
[Sun Mar 15 05:27:23 EDT 2020] d='xxx.tk'
[Sun Mar 15 05:27:23 EDT 2020] Check for domain='xxx.tk'
[Sun Mar 15 05:27:23 EDT 2020] _currentRoot='nginx:'
[Sun Mar 15 05:27:23 EDT 2020] d
[Sun Mar 15 05:27:23 EDT 2020] _saved_account_key_hash is not changed, skip register account.
[Sun Mar 15 05:27:23 EDT 2020] Read key length:
[Sun Mar 15 05:27:23 EDT 2020] _createcsr
[Sun Mar 15 05:27:23 EDT 2020] Single domain='xxx.tk'
[Sun Mar 15 05:27:24 EDT 2020] Getting domain auth token for each domain
[Sun Mar 15 05:27:24 EDT 2020] d
[Sun Mar 15 05:27:24 EDT 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Mar 15 05:27:24 EDT 2020] payload='{"identifiers": [{"type":"dns","value":"xxx.tk"}]}'
[Sun Mar 15 05:27:24 EDT 2020] RSA key
[Sun Mar 15 05:27:24 EDT 2020] HEAD
[Sun Mar 15 05:27:24 EDT 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sun Mar 15 05:27:24 EDT 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g -I '
[Sun Mar 15 05:27:24 EDT 2020] _ret='0'
[Sun Mar 15 05:27:24 EDT 2020] POST
[Sun Mar 15 05:27:24 EDT 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sun Mar 15 05:27:24 EDT 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Sun Mar 15 05:27:25 EDT 2020] _ret='0'
[Sun Mar 15 05:27:25 EDT 2020] code='201'
[Sun Mar 15 05:27:25 EDT 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/80638343/2662556201'
[Sun Mar 15 05:27:25 EDT 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/80638343/2662556201'
[Sun Mar 15 05:27:25 EDT 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/3370329503'
[Sun Mar 15 05:27:25 EDT 2020] payload
[Sun Mar 15 05:27:25 EDT 2020] POST
[Sun Mar 15 05:27:25 EDT 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/3370329503'
[Sun Mar 15 05:27:25 EDT 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Sun Mar 15 05:27:25 EDT 2020] _ret='0'
[Sun Mar 15 05:27:25 EDT 2020] code='200'
[Sun Mar 15 05:27:25 EDT 2020] d='xxx.tk'
[Sun Mar 15 05:27:25 EDT 2020] Getting webroot for domain='xxx.tk'
[Sun Mar 15 05:27:25 EDT 2020] _w='nginx:'
[Sun Mar 15 05:27:25 EDT 2020] _currentRoot='nginx:'
[Sun Mar 15 05:27:25 EDT 2020] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/3370329503/pKv1Aw","token":"yPvnA4KIkX-WfkAfZ5kE-iKYjXKTwyafMPrThzK0gR4"'
[Sun Mar 15 05:27:25 EDT 2020] token='yPvnA4KIkX-WfkAfZ5kE-iKYjXKTwyafMPrThzK0gR4'
[Sun Mar 15 05:27:25 EDT 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/3370329503/pKv1Aw'
[Sun Mar 15 05:27:25 EDT 2020] keyauthorization='yPvnA4KIkX-WfkAfZ5kE-iKYjXKTwyafMPrThzK0gR4.C-emGTp4bXxGK5WLG1icrZ2ff261L7Jf_McGSWKKGUM'
[Sun Mar 15 05:27:25 EDT 2020] dvlist='xxx.tk#yPvnA4KIkX-WfkAfZ5kE-iKYjXKTwyafMPrThzK0gR4.C-emGTp4bXxGK5WLG1icrZ2ff261L7Jf_McGSWKKGUM#https://acme-v02.api.letsencrypt.org/acme/chall-v3/3370329503/pKv1Aw#http-01#nginx:'
[Sun Mar 15 05:27:25 EDT 2020] d
[Sun Mar 15 05:27:25 EDT 2020] vlist='xxx.tk#yPvnA4KIkX-WfkAfZ5kE-iKYjXKTwyafMPrThzK0gR4.C-emGTp4bXxGK5WLG1icrZ2ff261L7Jf_McGSWKKGUM#https://acme-v02.api.letsencrypt.org/acme/chall-v3/3370329503/pKv1Aw#http-01#nginx:,'
[Sun Mar 15 05:27:25 EDT 2020] d='xxx.tk'
[Sun Mar 15 05:27:25 EDT 2020] ok, let's start to verify
[Sun Mar 15 05:27:25 EDT 2020] Verifying: xxx.tk
[Sun Mar 15 05:27:25 EDT 2020] d='xxx.tk'
[Sun Mar 15 05:27:25 EDT 2020] keyauthorization='yPvnA4KIkX-WfkAfZ5kE-iKYjXKTwyafMPrThzK0gR4.C-emGTp4bXxGK5WLG1icrZ2ff261L7Jf_McGSWKKGUM'
[Sun Mar 15 05:27:25 EDT 2020] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/3370329503/pKv1Aw'
[Sun Mar 15 05:27:25 EDT 2020] _currentRoot='nginx:'
[Sun Mar 15 05:27:25 EDT 2020] Nginx mode for domain:xxx.tk
[Sun Mar 15 05:27:25 EDT 2020] _croot='nginx:'
[Sun Mar 15 05:27:25 EDT 2020] _start_f
[Sun Mar 15 05:27:25 EDT 2020] find start conf from nginx command
[Sun Mar 15 05:27:25 EDT 2020] NGINX_CONF='--conf-path=/etc/nginx/nginx.conf'
[Sun Mar 15 05:27:25 EDT 2020] NGINX_CONF='/etc/nginx/nginx.conf'
[Sun Mar 15 05:27:25 EDT 2020] Found nginx conf file:/etc/nginx/nginx.conf
[Sun Mar 15 05:27:25 EDT 2020] Start detect nginx conf for xxx.tk from:/etc/nginx/nginx.conf
[Sun Mar 15 05:27:25 EDT 2020] Start _checkConf from:/etc/nginx/nginx.conf
[Sun Mar 15 05:27:25 EDT 2020] single
[Sun Mar 15 05:27:25 EDT 2020] _isRealNginxConf xxx.tk /etc/nginx/nginx.conf
[Sun Mar 15 05:27:25 EDT 2020] _fln='25'
[Sun Mar 15 05:27:25 EDT 2020] _start='23: server {'
[Sun Mar 15 05:27:25 EDT 2020] _start_n='23'
[Sun Mar 15 05:27:25 EDT 2020] _start_nn='24'
[Sun Mar 15 05:27:25 EDT 2020] _end='6: server {'
[Sun Mar 15 05:27:25 EDT 2020] _end_n='6'
[Sun Mar 15 05:27:25 EDT 2020] _seg_n=' listen 80;
server_name xxx.tk;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {'
[Sun Mar 15 05:27:25 EDT 2020] /etc/nginx/nginx.conf is found.
[Sun Mar 15 05:27:25 EDT 2020] Found conf file: /etc/nginx/nginx.conf
[Sun Mar 15 05:27:25 EDT 2020] _ln='25'
[Sun Mar 15 05:27:25 EDT 2020] _lnn='26'
[Sun Mar 15 05:27:25 EDT 2020] _start_tag=' rewrite ^(.*)$ https://$host$1 permanent;'
[Sun Mar 15 05:27:25 EDT 2020] _backup_conf='/root/.acme.sh/xxx.tk/backup/xxx.tk.nginx.conf'
[Sun Mar 15 05:27:25 EDT 2020] Backup /etc/nginx/nginx.conf to /root/.acme.sh/xxx.tk/backup/xxx.tk.nginx.conf
[Sun Mar 15 05:27:25 EDT 2020] Check the nginx conf before setting up.
[Sun Mar 15 05:27:25 EDT 2020] OK, Set up nginx config file
[Sun Mar 15 05:27:25 EDT 2020] nginx conf is done, let's check it again.
[Sun Mar 15 05:27:25 EDT 2020] Reload nginx
[Sun Mar 15 05:27:25 EDT 2020] _realConf='/etc/nginx/nginx.conf'
[Sun Mar 15 05:27:27 EDT 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/3370329503/pKv1Aw'
[Sun Mar 15 05:27:27 EDT 2020] payload='{}'
[Sun Mar 15 05:27:28 EDT 2020] POST
[Sun Mar 15 05:27:28 EDT 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/3370329503/pKv1Aw'
[Sun Mar 15 05:27:28 EDT 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Sun Mar 15 05:27:28 EDT 2020] _ret='0'
[Sun Mar 15 05:27:28 EDT 2020] code='200'
[Sun Mar 15 05:27:28 EDT 2020] trigger validation code: 200
[Sun Mar 15 05:27:28 EDT 2020] sleep 2 secs to verify
[Sun Mar 15 05:27:30 EDT 2020] checking
[Sun Mar 15 05:27:30 EDT 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/3370329503/pKv1Aw'
[Sun Mar 15 05:27:30 EDT 2020] payload
[Sun Mar 15 05:27:30 EDT 2020] POST
[Sun Mar 15 05:27:30 EDT 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/3370329503/pKv1Aw'
[Sun Mar 15 05:27:30 EDT 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Sun Mar 15 05:27:31 EDT 2020] _ret='0'
[Sun Mar 15 05:27:31 EDT 2020] code='200'
[Sun Mar 15 05:27:31 EDT 2020] xxx.tk:Verify error:Invalid response from https://xxx.tk/.well-known/acme-challenge/yPvnA4KIkX-WfkAfZ5kE-iKYjXKTwyafMPrThzK0gR4 [2.56.255.23]:
[Sun Mar 15 05:27:31 EDT 2020] Debug: get token url.
[Sun Mar 15 05:27:31 EDT 2020] GET
[Sun Mar 15 05:27:31 EDT 2020] url='http://xxx.tk/.well-known/acme-challenge/yPvnA4KIkX-WfkAfZ5kE-iKYjXKTwyafMPrThzK0gR4'
[Sun Mar 15 05:27:31 EDT 2020] timeout=1
[Sun Mar 15 05:27:31 EDT 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g --connect-timeout 1'
[Sun Mar 15 05:27:32 EDT 2020] ret='0'
[Sun Mar 15 05:27:32 EDT 2020] Skip for removelevel:
[Sun Mar 15 05:27:32 EDT 2020] pid
[Sun Mar 15 05:27:32 EDT 2020] _restoreNginx
[Sun Mar 15 05:27:32 EDT 2020] NGINX_RESTORE_VLIST='xxx.tk#/etc/nginx/nginx.conf#/root/.acme.sh/xxx.tk/backup/xxx.tk.nginx.conf,'
[Sun Mar 15 05:27:32 EDT 2020] ng_entry='xxx.tk#/etc/nginx/nginx.conf#/root/.acme.sh/xxx.tk/backup/xxx.tk.nginx.conf'
[Sun Mar 15 05:27:32 EDT 2020] Restoring from /root/.acme.sh/xxx.tk/backup/xxx.tk.nginx.conf to /etc/nginx/nginx.conf
[Sun Mar 15 05:27:32 EDT 2020] Reload nginx
[Sun Mar 15 05:27:32 EDT 2020] _clearupdns
[Sun Mar 15 05:27:32 EDT 2020] dns_entries
[Sun Mar 15 05:27:32 EDT 2020] skip dns.
[Sun Mar 15 05:27:32 EDT 2020] _on_issue_err
[Sun Mar 15 05:27:32 EDT 2020] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Sun Mar 15 05:27:32 EDT 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/3370329503/pKv1Aw'
[Sun Mar 15 05:27:32 EDT 2020] payload='{}'
[Sun Mar 15 05:27:32 EDT 2020] POST
[Sun Mar 15 05:27:32 EDT 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/3370329503/pKv1Aw'
[Sun Mar 15 05:27:32 EDT 2020] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Sun Mar 15 05:27:32 EDT 2020] _ret='0'
[Sun Mar 15 05:27:32 EDT 2020] code='400'
[Sun Mar 15 05:27:32 EDT 2020] socat doesn't exists.
[Sun Mar 15 05:27:32 EDT 2020] Diagnosis versions:
###使用acme.sh不顺利的话,你可以试试这个ohttps.com,基本上跟acme.sh的功能差不多,是图形界面的,除了支持证书自动更新外,还支持nginx容器多节点自动部署,很方便。
###我申请证书一般都是不加 --nginx
的,我是手动改写 nginx 配置文件。
你可以试下不加 --nginx