Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ERROR] Making new certificate manager: could not save user: mkdir /etc/ssl/caddy/acme: read-only file system #347

Open
SunDevil68 opened this issue Oct 4, 2019 · 7 comments

Comments

@SunDevil68
Copy link

commented Oct 4, 2019

使用233大神的腳本好像也將近兩年了,真的是好東西。最近半年為了騙過長城,用了WS+TLS的選項,安裝有時成功,有時失敗。看log,雖然知道是證書申請不成功導致,總出現這行刺眼的信息:

[ERROR] Making new certificate manager: could not save user: mkdir /etc/ssl/caddy/acme: read-only file system

無奈自己是個小白,很長時間不知道這是什麼原因造成,只能在VPS上不斷重裝系統試錯,Debian 7/8/9、Ubuntu 16.04,到上週搞了CentOS 7,但都不成功,還試著改用Caddy的官方一鍵安裝腳本,也是不行。直到看到下面兩篇教學,試著把systemd用的caddy.service文檔裡的ReadWritePaths=/etc/ssl/caddy改成ReadWriteDirectories=/etc/ssl/caddy,然後證書申請就通過了。如果也是碰到同樣問題的朋友,不妨試試。

https://www.coldawn.com/%e5%9c%a8oracle-cloud%e5%85%8d%e8%b4%b9vps-centos-7-%e7%b3%bb%e7%bb%9f%e4%b8%8a%e5%ae%89%e8%a3%85web%e6%9c%8d%e5%8a%a1%e5%99%a8caddy/

caddyserver/caddy#2620

@tspring95

This comment has been minimized.

Copy link

commented Oct 5, 2019

这个牛。方便简单快捷:)

@233boy

This comment has been minimized.

Copy link
Owner

commented Oct 5, 2019

@SunDevil68
感谢你的研究 👍
看来我觉得很有可能就是这个地方出问题了,但是我自己的测试,我总不能复现这种问题,每次都直接成功。
Caddy 无法正常启动这个问题,经常有人反馈,我也实在无奈 😂

然后新脚本,我已经自己手动写了 Caddy 的 service,其实你如果更新了脚本,是不会再出现这种问题的了,我将 Caddy 申请的证书放到 /root/.caddy

@SunDevil68

This comment has been minimized.

Copy link
Author

commented Oct 5, 2019

然后新脚本,我已经自己手动写了 Caddy 的 service,其实你如果更新了脚本,是不会再出现这种问题的了,我将 Caddy 申请的证书放到 /root/.caddy

原來新腳本已經搞好了,還是大神手速快,牛。上週沒想到要更新腳本,不然也不用自己折騰了,哈哈!

@jsha

This comment has been minimized.

Copy link

commented Oct 10, 2019

Hello! I am an engineer at Let's Encrypt. We had some problems because V2Ray was sending us too many requests, and we had to block some V2Ray users. We discussed the problem here: https://community.letsencrypt.org/t/need-unblock-ip/103584.

I think the problem was caused by the read-only file system error. I think that error was caused by caddyserver/caddy#2620. I proposed a fix at caddyserver/caddy#2798.

@233boy, you made a fix at 5fbdf86#diff-e16fccbf00a60d8781b481f7547dffe5R37-R58. But I am worried that these lines will cause problems in the future:

			Restart=always
			RestartSec=3

These mean that if there is a problem, Caddy will restart quickly, and send too many requests to Let's Encrypt.

In the systemd unit provided by Caddy, it has these lines:

Restart=on-abnormal
StartLimitIntervalSec=14400
StartLimitBurst=10

I think these are better. Could you change these lines?

Even better, could you switch back to the systemd unit provided by Caddy after caddyserver/caddy#2798 is merged?

Thanks,
Jacob

@jsha

This comment has been minimized.

Copy link

commented Oct 10, 2019

Now caddyserver/caddy#2798 is merged. Could you please revert 5fbdf86? I think this will prevent problems in the future.

@233boy

This comment has been minimized.

Copy link
Owner

commented Oct 11, 2019

@jsha
Hello, thanks your report
i has pushed a new update eab6857
thanks :)

@jsha

This comment has been minimized.

Copy link

commented Oct 11, 2019

Excellent. Thank you very much.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.