为什么一直是502,安装最后一步总是失败
Closed this issue · 6 comments
pmail | 2023/12/19 23:33:23 [INFO] [pop.www.com] acme: Could not find solver for: tls-alpn-01
pmail | 2023/12/19 23:33:23 [INFO] [pop.www.com] acme: use http-01 solver
pmail | 2023/12/19 23:33:23 [INFO] [smtp.www.com] acme: Could not find solver for: tls-alpn-01
pmail | 2023/12/19 23:33:23 [INFO] [smtp.www.com] acme: use http-01 solver
pmail | 2023/12/19 23:33:23 [INFO] [x.www.com] acme: Could not find solver for: tls-alpn-01
pmail | 2023/12/19 23:33:23 [INFO] [x.www.com] acme: use http-01 solver
pmail | 2023/12/19 23:33:23 [INFO] [pop.www.com] acme: Trying to solve HTTP-01
pmail | 2023/12/19 23:33:31 [INFO] [smtp.www.com] acme: Trying to solve HTTP-01
pmail | 2023/12/19 23:33:38 [INFO] [x.www.com] acme: Trying to solve HTTP-01
pmail | [info][2023-12-19 23:33:39][/work/controllers/setup.go:17]AcmeChallenge: /.well-known/acme-challenge/lp8e_NescJbKpBZ9dkqymIaveErRs5EZyp0gg3rQ4r0
pmail | [info][2023-12-19 23:33:39][/work/controllers/setup.go:17]AcmeChallenge: /.well-known/acme-challenge/lp8e_NescJbKpBZ9dkqymIaveErRs5EZyp0gg3rQ4r0
pmail | [info][2023-12-19 23:33:39][/work/controllers/setup.go:17]AcmeChallenge: /.well-known/acme-challenge/lp8e_NescJbKpBZ9dkqymIaveErRs5EZyp0gg3rQ4r0
pmail | 2023/12/19 23:33:44 [INFO] [x.www.com] The server validated our request
pmail | 2023/12/19 23:33:44 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/295252221186
pmail | 2023/12/19 23:33:44 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/295252221196
pmail | 2023/12/19 23:33:44 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/295252221206
我把域名打码了,这是日志。
总是进不了后台,卡住或者502
httpsEnabled设置成2了,选择不自动更新证书就502,选第一个没反应。
我都是nginx反向代理,证书也是在nginx这,所以不需要这个自动证书。
你域名的80端口没有指向pmail吧,acme域名挑战的时候失败了
证书不仅是给http协议使用,你使用nginx反代仅仅是处理了https协议的证书问题。PMail还有pop3和smtp协议,这些协议也需要证书,因此必须要证书才能启动。
你即使http协议不用ssl加密,但是pop和smtp协议还需要ssl加密。你的证书需要匹配 pop.xxxx.xx 和smtp.xxx.xx域名。
是的,我的80端口和443端口nginx要用,毕竟还有几个网站需要nginx反代了。
这样的话,是不是就需要一台单独的服务器专门为pmail用啊。
可以用
方案1:你nginx把pop.domain.com和smtp.domain.com这两个域名请求也代理到pmail,然后httpsEnabled设置为2,http协议由nginx处理,其他协议pmail处理
方案2: sslType设置为1,然后你自己申请ssl证书,后续手动管理证书
location /.well-known/{
proxy_pass http://pmail:80;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
方案1,主域名下面再加这个转发,把ACME挑战请求转发到pmail
搞不定,算了,cf的域名转发到gmail吧