这是一个创建于 2934 天前的主题,其中的信息可能已经有所发展或是发生改变。
教程参考此篇文章 https://imququ.com/post/letsencrypt-certificate.html 之前签发过好几次,都很顺畅,这次不知道为什么老是出错。
环境是 Centos 6.5 、 nginx 1.11.5 、 php 5.6.22 ; 10M 电信独服
签了一上午+中午,不是卡在 Registering account ,就是卡在 Verifying example.com 。不卡的话还出各种错误信息……
-
检查过权限,网站目录 owner 都是 www ;
-
检查过验证目录,可以通过浏览器访问到;
-
尝试过 Google ,不知道是不是搜索姿势不对,找不到相关解决方案。
下列错误中涉及到网站和 IP 都用 example.com 和 1.2.3.4 代替了
错误一
[root@play ssl]# python3 acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /home/wwwroot/example.com/challenges/ > ./signed.crt
Parsing account key...
Parsing CSR...
Registering account...
Traceback (most recent call last):
File "/usr/local/lib/python3.5/urllib/request.py", line 1254, in do_open
h.request(req.get_method(), req.selector, req.data, headers)
File "/usr/local/lib/python3.5/http/client.py", line 1106, in request
self._send_request(method, url, body, headers)
File "/usr/local/lib/python3.5/http/client.py", line 1151, in _send_request
self.endheaders(body)
File "/usr/local/lib/python3.5/http/client.py", line 1102, in endheaders
self._send_output(message_body)
File "/usr/local/lib/python3.5/http/client.py", line 934, in _send_output
self.send(msg)
File "/usr/local/lib/python3.5/http/client.py", line 877, in send
self.connect()
File "/usr/local/lib/python3.5/http/client.py", line 1260, in connect
server_hostname=server_hostname)
File "/usr/local/lib/python3.5/ssl.py", line 377, in wrap_socket
_context=self)
File "/usr/local/lib/python3.5/ssl.py", line 752, in __init__
self.do_handshake()
File "/usr/local/lib/python3.5/ssl.py", line 988, in do_handshake
self._sslobj.do_handshake()
File "/usr/local/lib/python3.5/ssl.py", line 633, in do_handshake
self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:645)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File "acme_tiny.py", line 85, in get_crt
"agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf",
File "acme_tiny.py", line 47, in _send_signed_request
protected["nonce"] = urlopen(CA + "/directory").headers['Replay-Nonce']
File "/usr/local/lib/python3.5/urllib/request.py", line 163, in urlopen
return opener.open(url, data, timeout)
File "/usr/local/lib/python3.5/urllib/request.py", line 466, in open
response = self._open(req, data)
File "/usr/local/lib/python3.5/urllib/request.py", line 484, in _open
'_open', req)
File "/usr/local/lib/python3.5/urllib/request.py", line 444, in _call_chain
result = func(*args)
File "/usr/local/lib/python3.5/urllib/request.py", line 1297, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/usr/local/lib/python3.5/urllib/request.py", line 1256, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error EOF occurred in violation of protocol (_ssl.c:645)>
错误二
[root@play ssl]# python3 acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /home/wwwroot/example.com/challenges/ > ./signed.crt
Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying example.com...
Traceback (most recent call last):
File "acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File "acme_tiny.py", line 149, in get_crt
domain, challenge_status))
ValueError: example.com challenge did not pass: {'uri': 'https://acme-v01.api.letsencrypt.org/acme/challenge/Ilf8ybQprBkc3Tpde6y74k-_ZYQHmZtUspNqSm-Pmf8/324821556', 'validationRecord': [{'port': '80', 'hostname': 'example.com', 'addressUsed': '1.2.3.4', 'url': 'http://example.com/.well-known/acme-challenge/me2UMm_5-ex0XLsMRyHPN1jLMusGK_CjzED9eQ332pM', 'addressesResolved': ['1.2.3.4']}], 'status': 'invalid', 'token': 'me2UMm_5-ex0XLsMRyHPN1jLMusGK_CjzED9eQ332pM', 'error': {'type': 'urn:acme:error:connection', 'status': 400, 'detail': 'DNS problem: query timed out looking up CAA for example.com'}, 'keyAuthorization': 'me2UMm_5-ex0XLsMRyHPN1jLMusGK_CjzED9eQ332pM.yToImuHAOUC9MTwjHh1ZrQ4TWVMjIcGoZki5fC63-kI', 'type': 'http-01'}
错误三
[root@play ssl]# python3 acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /home/wwwroot/example.com/challenges/ > ./signed.crt
Parsing account key...
Parsing CSR...
Registering account...
Traceback (most recent call last):
File "acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File "acme_tiny.py", line 92, in get_crt
raise ValueError("Error registering: {0} {1}".format(code, result))
ValueError: Error registering: None Remote end closed connection without response
错误四
[root@play ssl]# python3 acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /home/wwwroot/example.com/challenges/ > ./signed.crt
Parsing account key...
Parsing CSR...
Registering account...
Traceback (most recent call last):
File "acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File "acme_tiny.py", line 85, in get_crt
"agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf",
File "acme_tiny.py", line 47, in _send_signed_request
protected["nonce"] = urlopen(CA + "/directory").headers['Replay-Nonce']
File "/usr/local/lib/python3.5/urllib/request.py", line 163, in urlopen
return opener.open(url, data, timeout)
File "/usr/local/lib/python3.5/urllib/request.py", line 466, in open
response = self._open(req, data)
File "/usr/local/lib/python3.5/urllib/request.py", line 484, in _open
'_open', req)
File "/usr/local/lib/python3.5/urllib/request.py", line 444, in _call_chain
result = func(*args)
File "/usr/local/lib/python3.5/urllib/request.py", line 1297, in https_open
context=self._context, check_hostname=self._check_hostname)
File "/usr/local/lib/python3.5/urllib/request.py", line 1257, in do_open
r = h.getresponse()
File "/usr/local/lib/python3.5/http/client.py", line 1197, in getresponse
response.begin()
File "/usr/local/lib/python3.5/http/client.py", line 297, in begin
version, status, reason = self._read_status()
File "/usr/local/lib/python3.5/http/client.py", line 266, in _read_status
raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response
第 1 条附言 · 2016-11-04 15:14:16 +08:00
已经签下来了……
1. 把服务器 DNS 从 114.114.114.114 改成阿里的 DNS ,解决了卡 Registering account 的问题;
2. 生成 CSR 文件我是用教程中第一种方式生成的,我尝试删掉 CSR 文件然后用第二种,也就是交互方式生成 CSR 文件,再次进行申请,结果成功了。
希望对后来者有所帮助……
1. 把服务器 DNS 从 114.114.114.114 改成阿里的 DNS ,解决了卡 Registering account 的问题;
2. 生成 CSR 文件我是用教程中第一种方式生成的,我尝试删掉 CSR 文件然后用第二种,也就是交互方式生成 CSR 文件,再次进行申请,结果成功了。
希望对后来者有所帮助……
 |
1
qingxin 2016-11-04 14:29:37 +08:00  1
腾讯云 阿里都提供免费的。。不明白为什么非要折腾这个
|
 |
3
miyuki 2016-11-04 14:39:06 +08:00 via Android 1
|
 |
4
abelyao 2016-11-04 14:43:35 +08:00 via iPhone 1
试试 certbot
|
 |
6
Havee 2016-11-04 15:54:18 +08:00
|
 |
7
Aduang 2016-12-08 00:54:11 +08:00
Traceback (most recent call last):
File "/tmp/acme_tiny.py", line 198, in <module> main(sys.argv[1:]) File "/tmp/acme_tiny.py", line 194, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca) File "/tmp/acme_tiny.py", line 123, in get_crt wellknown_path, wellknown_url)) centos7 求救 已经去掉 www 的跳转。 URL 也能正常访问。就是最后的 crt 一直生成不出来。文件大小一直是 0 。验证文件夹也不生成任何文件 |
Select Language