部署申请SSL证书出错

Question

部署申请SSL证书出错

7doger opened this issue 4 years ago · 1 comments

ubuntu@10-7-8-249:~/homeland-docker$ sudo make install_ssl
docker-compose start web
Starting web ... done
docker-compose run web bash -c 'echo $cert_domain'
Creating homeland-docker_web_run ... done
*.your-host.com
docker-compose run web bash -c '/root/.acme.sh/acme.sh --issue -d $cert_domain -w /home/app/homeland/public --home /home/app/ssl --debug'
Creating homeland-docker_web_run ... done
[Tue Dec 15 11:03:27 UTC 2020] Lets find script dir.
[Tue Dec 15 11:03:27 UTC 2020] _SCRIPT_='/root/.acme.sh/acme.sh'
[Tue Dec 15 11:03:27 UTC 2020] _script='/root/.acme.sh/acme.sh'
[Tue Dec 15 11:03:27 UTC 2020] _script_home='/root/.acme.sh'
[Tue Dec 15 11:03:27 UTC 2020] Using config home:/home/app/ssl
https://github.com/acmesh-official/acme.sh
v2.8.8
[Tue Dec 15 11:03:27 UTC 2020] Running cmd: issue
[Tue Dec 15 11:03:27 UTC 2020] _main_domain='*.your-host.com'
[Tue Dec 15 11:03:27 UTC 2020] _alt_domains='no'
[Tue Dec 15 11:03:27 UTC 2020] Using config home:/home/app/ssl
[Tue Dec 15 11:03:27 UTC 2020] config file is empty, can not read DEFAULT_ACME_SERVER
[Tue Dec 15 11:03:27 UTC 2020] default_acme_server
[Tue Dec 15 11:03:27 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Tue Dec 15 11:03:27 UTC 2020] DOMAIN_PATH='/home/app/ssl/*.your-host.com'
[Tue Dec 15 11:03:27 UTC 2020] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Tue Dec 15 11:03:27 UTC 2020] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Tue Dec 15 11:03:27 UTC 2020] GET
[Tue Dec 15 11:03:27 UTC 2020] url='https://acme-v02.api.letsencrypt.org/directory'
[Tue Dec 15 11:03:27 UTC 2020] timeout=
[Tue Dec 15 11:03:27 UTC 2020] _CURL='curl --silent --dump-header /home/app/ssl/http.header  -L  -g '
[Tue Dec 15 11:03:28 UTC 2020] ret='0'
[Tue Dec 15 11:03:28 UTC 2020] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Tue Dec 15 11:03:28 UTC 2020] ACME_NEW_AUTHZ
[Tue Dec 15 11:03:28 UTC 2020] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Dec 15 11:03:28 UTC 2020] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Tue Dec 15 11:03:28 UTC 2020] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Tue Dec 15 11:03:28 UTC 2020] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Tue Dec 15 11:03:28 UTC 2020] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Dec 15 11:03:28 UTC 2020] ACME_VERSION='2'
[Tue Dec 15 11:03:28 UTC 2020] Le_NextRenewTime
[Tue Dec 15 11:03:28 UTC 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue Dec 15 11:03:28 UTC 2020] _on_before_issue
[Tue Dec 15 11:03:28 UTC 2020] _chk_main_domain='*.your-host.com'
[Tue Dec 15 11:03:28 UTC 2020] _chk_alt_domains
[Tue Dec 15 11:03:28 UTC 2020] Le_LocalAddress
[Tue Dec 15 11:03:28 UTC 2020] d='*.your-host.com'
[Tue Dec 15 11:03:28 UTC 2020] Check for domain='*.your-host.com'
[Tue Dec 15 11:03:28 UTC 2020] _currentRoot='/home/app/homeland/public'
[Tue Dec 15 11:03:28 UTC 2020] d
[Tue Dec 15 11:03:28 UTC 2020] _saved_account_key_hash is not changed, skip register account.
[Tue Dec 15 11:03:28 UTC 2020] Read key length:
[Tue Dec 15 11:03:28 UTC 2020] _createcsr
[Tue Dec 15 11:03:28 UTC 2020] Single domain='*.your-host.com'
[Tue Dec 15 11:03:28 UTC 2020] Getting domain auth token for each domain
[Tue Dec 15 11:03:28 UTC 2020] d
[Tue Dec 15 11:03:28 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Dec 15 11:03:28 UTC 2020] payload='{"identifiers": [{"type":"dns","value":"*.your-host.com"}]}'
[Tue Dec 15 11:03:28 UTC 2020] RSA key
[Tue Dec 15 11:03:28 UTC 2020] HEAD
[Tue Dec 15 11:03:28 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Tue Dec 15 11:03:28 UTC 2020] _CURL='curl --silent --dump-header /home/app/ssl/http.header  -L  -g  -I  '
[Tue Dec 15 11:03:29 UTC 2020] _ret='0'
[Tue Dec 15 11:03:29 UTC 2020] POST
[Tue Dec 15 11:03:29 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Tue Dec 15 11:03:29 UTC 2020] _CURL='curl --silent --dump-header /home/app/ssl/http.header  -L  -g '
[Tue Dec 15 11:03:30 UTC 2020] _ret='0'
[Tue Dec 15 11:03:30 UTC 2020] code='201'
[Tue Dec 15 11:03:30 UTC 2020] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/106411521/6754147577'
[Tue Dec 15 11:03:30 UTC 2020] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/106411521/6754147577'
[Tue Dec 15 11:03:30 UTC 2020] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/9328244654'
[Tue Dec 15 11:03:30 UTC 2020] payload
[Tue Dec 15 11:03:30 UTC 2020] POST
[Tue Dec 15 11:03:30 UTC 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/9328244654'
[Tue Dec 15 11:03:30 UTC 2020] _CURL='curl --silent --dump-header /home/app/ssl/http.header  -L  -g '
[Tue Dec 15 11:03:31 UTC 2020] _ret='0'
[Tue Dec 15 11:03:31 UTC 2020] code='200'
[Tue Dec 15 11:03:31 UTC 2020] d='*.your-host.com'
[Tue Dec 15 11:03:31 UTC 2020] Getting webroot for domain='*.your-host.com'
[Tue Dec 15 11:03:31 UTC 2020] _w='/home/app/homeland/public'
[Tue Dec 15 11:03:31 UTC 2020] _currentRoot='/home/app/homeland/public'
[Tue Dec 15 11:03:31 UTC 2020] entry
[Tue Dec 15 11:03:31 UTC 2020] Error, can not get domain token entry *.your-host.com for http-01
[Tue Dec 15 11:03:31 UTC 2020] The supported validation types are: dns-01 , but you specified: http-01
[Tue Dec 15 11:03:31 UTC 2020] pid
[Tue Dec 15 11:03:31 UTC 2020] No need to restore nginx, skip.
[Tue Dec 15 11:03:31 UTC 2020] _clearupdns
[Tue Dec 15 11:03:31 UTC 2020] dns_entries
[Tue Dec 15 11:03:31 UTC 2020] skip dns.
[Tue Dec 15 11:03:31 UTC 2020] _on_issue_err
[Tue Dec 15 11:03:31 UTC 2020] Please add '--debug' or '--log' to check more details.
[Tue Dec 15 11:03:31 UTC 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Tue Dec 15 11:03:31 UTC 2020] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.1d  10 Sep 2019
apache:
apache doesn't exist.
nginx:
nginx version: nginx/1.14.2
built with OpenSSL 1.1.1d  10 Sep 2019
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-Cjs4TR/nginx-1.14.2=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-echo --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-Cjs4TR/nginx-1.14.2/debian/modules/http-subs-filter
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
socat version 1.7.3.2 on Nov 19 2017 13:56:10
   running on Linux version #1 SMP Mon Sep 28 07:48:00 UTC 2020, release 4.19.0-9.ucloud, machine x86_64
features:
  #define WITH_STDIO 1
  #define WITH_FDNUM 1
  #define WITH_FILE 1
  #define WITH_CREAT 1
  #define WITH_GOPEN 1
  #define WITH_TERMIOS 1
  #define WITH_PIPE 1
  #define WITH_UNIX 1
  #define WITH_ABSTRACT_UNIXSOCKET 1
  #define WITH_IP4 1
  #define WITH_IP6 1
  #define WITH_RAWIP 1
  #define WITH_GENERICSOCKET 1
  #define WITH_INTERFACE 1
  #define WITH_TCP 1
  #define WITH_UDP 1
  #define WITH_SCTP 1
  #define WITH_LISTEN 1
  #define WITH_SOCKS4 1
  #define WITH_SOCKS4A 1
  #define WITH_PROXY 1
  #define WITH_SYSTEM 1
  #define WITH_EXEC 1
  #undef WITH_READLINE
  #define WITH_TUN 1
  #define WITH_PTY 1
  #define WITH_OPENSSL 1
  #undef WITH_FIPS
  #define WITH_LIBWRAP 1
  #define WITH_SYCLS 1
  #define WITH_FILAN 1
  #define WITH_RETRY 1
  #define WITH_MSGLEVEL 0 /*debug*/
Makefile:15: recipe for target 'install_ssl' failed
make: *** [install_ssl] Error 1

Answer 1 · 2020-12-28T06:33:28.000Z

https://github.com/ruby-china/homeland/releases/tag/v3.8.2

请升级，现在将采用 Caddy 来管理 SSL，不需要手动处理。