2.1.2版本 证书签发一直失败
miaoxinwei opened this issue · 6 comments
老版本OK,
新版本日志:
Issuing certificate
[Fri Oct 16 16:18:02 CST 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Oct 16 16:18:02 CST 2020] Create account key ok.
[Fri Oct 16 16:18:02 CST 2020] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Fri Oct 16 16:18:03 CST 2020] Registered
[Fri Oct 16 16:18:03 CST 2020] ACCOUNT_THUMBPRINT='2b-uLYkkOYnJqHqPz7oeRfARH2T13MG3GPRqu72jhdM'
[Fri Oct 16 16:18:03 CST 2020] Creating domain key
[Fri Oct 16 16:18:03 CST 2020] The domain key is here: /root/.acme.sh/mxwus.top_ecc/mxwus.top.key
[Fri Oct 16 16:18:03 CST 2020] Single domain='mxwus.top'
[Fri Oct 16 16:18:04 CST 2020] Getting domain auth token for each domain
[Fri Oct 16 16:18:05 CST 2020] Getting webroot for domain='mxwus.top'
[Fri Oct 16 16:18:06 CST 2020] Verifying: mxwus.top
[Fri Oct 16 16:18:06 CST 2020] Nginx mode for domain:mxwus.top
[Fri Oct 16 16:18:06 CST 2020] Found conf file: /etc/nginx/sites-enabled/v2gun.conf
[Fri Oct 16 16:18:06 CST 2020] Backup /etc/nginx/sites-enabled/v2gun.conf to /root/.acme.sh/mxwus.top_ecc/backup/mxwus.top.nginx.conf
[Fri Oct 16 16:18:06 CST 2020] Check the nginx conf before setting up.
[Fri Oct 16 16:18:07 CST 2020] OK, Set up nginx config file
[Fri Oct 16 16:18:07 CST 2020] nginx conf is done, let's check it again.
[Fri Oct 16 16:18:07 CST 2020] Reload nginx
[Fri Oct 16 16:18:12 CST 2020] mxwus.top:Verify error:Fetching https://mxwus.top/.well-known/acme-challenge/BC6y3KvkBnYz9YV1od_QVwfDKNz19YP0mu1JLu-sQi0: Connection refused
[Fri Oct 16 16:18:12 CST 2020] Restoring from /root/.acme.sh/mxwus.top_ecc/backup/mxwus.top.nginx.conf to /etc/nginx/sites-enabled/v2gun.conf
[Fri Oct 16 16:18:12 CST 2020] Reload nginx
[Fri Oct 16 16:18:12 CST 2020] Please add '--debug' or '--log' to check more details.
[Fri Oct 16 16:18:12 CST 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
Installing certificate
[Fri Oct 16 16:18:13 CST 2020] Installing key to:/etc/ssl/v2ray/key.pem
[Fri Oct 16 16:18:13 CST 2020] Installing full chain to:/etc/ssl/v2ray/fullchain.pem
cat: /root/.acme.sh/mxwus.top_ecc/fullchain.cer: No such file or directory
证书签发失败, 请运行修复证书
现在是回滚2.0.5在用了,周末再对比下源码,也试过google domains
这个问题是否是在acme验证完.well-known之前,就重定向http到https导致的?这导致无法通过https验证完成
我回退了多个版本都无法正常安装
我回退了多个版本都无法正常安装
老版本无法使用是因为作者改了域名IP校验的接口
用下面代码替换
checkIP() {
local realIP4="$(curl -s `curl -s https://raw.githubusercontent.com/phlinhng/v2ray-tcp-tls-web/${branch}/custom/ip4_api`)"
local realIP6="$(curl -s `curl -s https://raw.githubusercontent.com/phlinhng/v2ray-tcp-tls-web/${branch}/custom/ip6_api`)"
local resolvedIP4="$(ping $1 -c 1 | head -n 1 | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -n 1)"
local resolvedIP6="$(ping6 $1 -c 1 | head -n 1 | grep -oE '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))' | head -n 1)"
if [[ "${realIP4}" == "${resolvedIP4}" ]] || [[ "${realIP6}" == "${resolvedIP6}" ]]; then
return 0
else
return 1
fi
}
我回退了多个版本都无法正常安装
老版本无法使用是因为作者改了域名IP校验的接口
用下面代码替换
checkIP() { local realIP4="$(curl -s `curl -s https://raw.githubusercontent.com/phlinhng/v2ray-tcp-tls-web/${branch}/custom/ip4_api`)" local realIP6="$(curl -s `curl -s https://raw.githubusercontent.com/phlinhng/v2ray-tcp-tls-web/${branch}/custom/ip6_api`)" local resolvedIP4="$(ping $1 -c 1 | head -n 1 | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -n 1)" local resolvedIP6="$(ping6 $1 -c 1 | head -n 1 | grep -oE '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))' | head -n 1)" if [[ "${realIP4}" == "${resolvedIP4}" ]] || [[ "${realIP6}" == "${resolvedIP6}" ]]; then return 0 else return 1 fi }
回退是个办法,不过我直接重装vps了,然后正常装好了
确实玄学 新的vps没问题了。。 关闭了