Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

生成证书提示错误 #358

Closed
murazi opened this issue Nov 1, 2016 · 28 comments
Closed

生成证书提示错误 #358

murazi opened this issue Nov 1, 2016 · 28 comments

Comments

@murazi
Copy link

murazi commented Nov 1, 2016

-bash: acme.sh: command not found

@Neilpang
Copy link
Member

Neilpang commented Nov 2, 2016

不要用 sudo

sudo acme.sh

因为 acme.sh 实际是一个当前用户的 alias, 当使用 sudo 之后, 身份变成了 root 用户. 而root用户并没有 安装acme.sh, 所以找不到这个alias.

如果你必须要用到 root 权限, 正如首页说明的那样, 需要 standalone 模式, 用到 80, 443 端口, 或者需要 apache 模式等, 建议切换到 root 用户, 安装并使用.

#切换到root
sudo su

#安装
curl  https://get.acme.sh | sh

#退出root, 重新进入,然后使用
exit
sudo su
acme.sh --issue -d aaaaa.com ..........

注意, webroot 模式, 或者dns 模式, 一般无需root 权限. 直接使用就行, 不用sudo.

@Neilpang Neilpang closed this as completed Nov 3, 2016
@murazi
Copy link
Author

murazi commented Nov 3, 2016

安装是可以的,安装完无法生成证书,命令不认,然后我重新关闭了SSH,再进入后使用命令,就又可以了

现在的情况是无论是DNS或文件验证,都会报错
DNS方式会提示:
(对Linux并不是很熟悉,用的阿里云,CentOS 6.2 32位,AMH4.2面板,Nginx 1.4.4,OpenSSL 1.0.1e)

[root@XXXXX .acme.sh]# acme.sh --renew -d XXXXX.com
[Thu Nov 3 13:04:54 CST 2016] Renew: 'XXXXX.com'
[Thu Nov 3 13:04:54 CST 2016] Single domain='XXXXX.com'
[Thu Nov 3 13:04:54 CST 2016] Getting domain auth token for each domain
[Thu Nov 3 13:04:54 CST 2016] Verifying:XXXXX.com
[Thu Nov 3 13:05:00 CST 2016] luolala.com:Verify error:DNS problem: NXDOMAIN looking up TXT for _acme-challenge.XXXXX .com
[Thu Nov 3 13:05:00 CST 2016] Please use add '--debug' or '--log' to check more details.
[Thu Nov 3 13:05:00 CST 2016] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

[root@XXXXX.acme.sh]# acme.sh --issue --dns dns_dp -d XXXXX.com -d www.XXXXX.com
[Thu Nov 3 13:08:35 CST 2016] You don't specify dnspod api key and key id yet.
[Thu Nov 3 13:08:35 CST 2016] Please create you key and try again.
[Thu Nov 3 13:08:35 CST 2016] Error add txt for domain:_acme-challenge.luolala.com
[Thu Nov 3 13:08:35 CST 2016] Please use add '--debug' or '--log' to check more details.
[Thu Nov 3 13:08:35 CST 2016] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

@Neilpang
Copy link
Member

Neilpang commented Nov 3, 2016

@murazi
这不是写的很清楚吗:

You don't specify dnspod api key and key id yet.
Please create you key and try again.

https://github.com/Neilpang/acme.sh/tree/master/dnsapi#use-dnspodcn-domain-api-to-automatically-issue-cert

@murazi
Copy link
Author

murazi commented Nov 3, 2016

我指定过了,不过我的是CloudXNS的~
我不知道是不是应该这样配置:

export CX_Key="1234"
export CX_Secret="sADDsdasdgdsf"

而且我同时修改了Account.conf 里CloudXNS部分

@Neilpang
Copy link
Member

Neilpang commented Nov 3, 2016

@murazi

你说的是 cloudxns, 但是你用的是dnspod

acme.sh --issue --dns dns_dp 

@murazi
Copy link
Author

murazi commented Nov 3, 2016

luolala.com:Challenge error: {"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: Response does not complete challenge","status": 400}
倒是不提示Txt配置错误了

@Neilpang
Copy link
Member

Neilpang commented Nov 3, 2016

麻烦多试几次, 然后给个 完整的debug log

https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

@murazi
Copy link
Author

murazi commented Nov 3, 2016

`
[Thu Nov 3 15:10:54 CST 2016] Using api:
[Thu Nov 3 15:10:54 CST 2016] DOMAIN_PATH='/root/.acme.sh/XXXXXXX.com'
[Thu Nov 3 15:10:54 CST 2016] Le_NextRenewTime
[Thu Nov 3 15:10:54 CST 2016] Using sed -i
[Thu Nov 3 15:10:54 CST 2016] _on_before_issue
[Thu Nov 3 15:10:54 CST 2016] Le_LocalAddress
[Thu Nov 3 15:10:54 CST 2016] Check for domain='XXXXXXX.com'
[Thu Nov 3 15:10:54 CST 2016] _currentRoot
[Thu Nov 3 15:10:54 CST 2016] Read key length:
[Thu Nov 3 15:10:54 CST 2016] _createcsr
[Thu Nov 3 15:10:54 CST 2016] Single domain='XXXXXXX.com'
[Thu Nov 3 15:10:54 CST 2016] Getting domain auth token for each domain
[Thu Nov 3 15:10:54 CST 2016] Getting webroot for domain='XXXXXXX.com'
[Thu Nov 3 15:10:54 CST 2016] _w
[Thu Nov 3 15:10:54 CST 2016] _currentRoot
[Thu Nov 3 15:10:54 CST 2016] Getting new-authz for domain='XXXXXXX.com'
[Thu Nov 3 15:10:54 CST 2016] Try new-authz for the 0 time.
[Thu Nov 3 15:10:54 CST 2016] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Nov 3 15:10:54 CST 2016] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "XXXXXXX.com"}}'
[Thu Nov 3 15:10:54 CST 2016] RSA key
[Thu Nov 3 15:10:54 CST 2016] GET
[Thu Nov 3 15:10:54 CST 2016] url='https://acme-v01.api.letsencrypt.org/directory'
[Thu Nov 3 15:10:54 CST 2016] timeout
[Thu Nov 3 15:10:54 CST 2016] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Thu Nov 3 15:10:56 CST 2016] ret='0'
[Thu Nov 3 15:10:56 CST 2016] POST
[Thu Nov 3 15:10:56 CST 2016] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Nov 3 15:10:56 CST 2016] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Thu Nov 3 15:10:58 CST 2016] _ret='0'
[Thu Nov 3 15:10:58 CST 2016] code='201'
[Thu Nov 3 15:10:58 CST 2016] The new-authz request is ok.
[Thu Nov 3 15:10:58 CST 2016] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/6xbp00q9oj72qH2XP5d3RhNZdLx9RySkV9DrooGoRmE/323530662","token":"kKXC7HhB-NvqnobdBIpv-KtpKrjMsX1oRJ9bYyFviKw"'
[Thu Nov 3 15:10:58 CST 2016] token='kKXC7HhB-NvqnobdBIpv-KtpKrjMsX1oRJ9bYyFviKw'
[Thu Nov 3 15:10:58 CST 2016] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/6xbp00q9oj72qH2XP5d3RhNZdLx9RySkV9DrooGoRmE/323530662'
[Thu Nov 3 15:10:58 CST 2016] keyauthorization='kKXC7HhB-NvqnobdBIpv-KtpKrjMsX1oRJ9bYyFviKw.vYF4VDMRhU7PQkk3WF7u0YuJl4BOUuDD7ld2My9cl5E'
[Thu Nov 3 15:10:58 CST 2016] dvlist='XXXXXXX.com#kKXC7HhB-NvqnobdBIpv-KtpKrjMsX1oRJ9bYyFviKw.vYF4VDMRhU7PQkk3WF7u0YuJl4BOUuDD7ld2My9cl5E#https://acme-v01.api.letsencrypt.org/acme/challenge/6xbp00q9oj72qH2XP5d3RhNZdLx9RySkV9DrooGoRmE/323530662#http-01#'
[Thu Nov 3 15:10:58 CST 2016] ok, let's start to verify
[Thu Nov 3 15:10:58 CST 2016] Verifying:XXXXXXX.com
[Thu Nov 3 15:10:58 CST 2016] d='XXXXXXX.com'
[Thu Nov 3 15:10:58 CST 2016] keyauthorization='kKXC7HhB-NvqnobdBIpv-KtpKrjMsX1oRJ9bYyFviKw.vYF4VDMRhU7PQkk3WF7u0YuJl4BOUuDD7ld2My9cl5E'
[Thu Nov 3 15:10:58 CST 2016] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/6xbp00q9oj72qH2XP5d3RhNZdLx9RySkV9DrooGoRmE/323530662'
[Thu Nov 3 15:10:58 CST 2016] _currentRoot
[Thu Nov 3 15:10:58 CST 2016] wellknown_path='/.well-known/acme-challenge'
[Thu Nov 3 15:10:58 CST 2016] writing token:kKXC7HhB-NvqnobdBIpv-KtpKrjMsX1oRJ9bYyFviKw to /.well-known/acme-challenge/kKXC7HhB-NvqnobdBIpv-KtpKrjMsX1oRJ9bYyFviKw
[Thu Nov 3 15:10:58 CST 2016] not chaning owner/group of webroot
[Thu Nov 3 15:10:58 CST 2016] url='https://acme-v01.api.letsencrypt.org/acme/challenge/6xbp00q9oj72qH2XP5d3RhNZdLx9RySkV9DrooGoRmE/323530662'
[Thu Nov 3 15:10:58 CST 2016] payload='{"resource": "challenge", "keyAuthorization": "kKXC7HhB-NvqnobdBIpv-KtpKrjMsX1oRJ9bYyFviKw.vYF4VDMRhU7PQkk3WF7u0YuJl4BOUuDD7ld2My9cl5E"}'
[Thu Nov 3 15:10:58 CST 2016] POST
[Thu Nov 3 15:10:58 CST 2016] url='https://acme-v01.api.letsencrypt.org/acme/challenge/6xbp00q9oj72qH2XP5d3RhNZdLx9RySkV9DrooGoRmE/323530662'
[Thu Nov 3 15:10:58 CST 2016] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Thu Nov 3 15:11:00 CST 2016] _ret='0'
[Thu Nov 3 15:11:00 CST 2016] code='202'
[Thu Nov 3 15:11:00 CST 2016] sleep 2 secs to verify
[Thu Nov 3 15:11:02 CST 2016] checking
[Thu Nov 3 15:11:02 CST 2016] GET
[Thu Nov 3 15:11:02 CST 2016] url='https://acme-v01.api.letsencrypt.org/acme/challenge/6xbp00q9oj72qH2XP5d3RhNZdLx9RySkV9DrooGoRmE/323530662'
[Thu Nov 3 15:11:02 CST 2016] timeout
[Thu Nov 3 15:11:02 CST 2016] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Thu Nov 3 15:11:04 CST 2016] ret='0'
[Thu Nov 3 15:11:04 CST 2016] XXXXXXX.com:Verify error:Invalid response from http://XXXXXXX.com/.well-known/acme-challenge/kKXC7HhB-NvqnobdBIpv-KtpKrjMsX1oRJ9bYyFviKw:
[Thu Nov 3 15:11:04 CST 2016] no webroot specified, skip
[Thu Nov 3 15:11:04 CST 2016] pid
[Thu Nov 3 15:11:04 CST 2016] _clearupdns
[Thu Nov 3 15:11:04 CST 2016] Dns not added, skip.
[Thu Nov 3 15:11:04 CST 2016] _on_issue_err
[Thu Nov 3 15:11:04 CST 2016] Please check log file for more details: /root/.acme.sh/acme.sh.log

`

@Neilpang
Copy link
Member

Neilpang commented Nov 3, 2016

麻烦把命令也贴出来, 看样子你的命令写错了. 不是dns 模式.

@murazi
Copy link
Author

murazi commented Dec 5, 2016

生成过KEY了,也输入了
export CX_Id="AAA“
export CX_Key="BBB”

而且还更改了account.conf里面的Cloud XNS部分的KEY和ID

还是报错

[Mon Dec 5 21:35:36 CST 2016] You don't specify cloudxns.com api key or secret yet.
[Mon Dec 5 21:35:36 CST 2016] Please create you key and try again.

@Neilpang
Copy link
Member

Neilpang commented Dec 6, 2016

#CX_Key="1234"
#
#CX_Secret="sADDsdasdgdsf"

麻烦仔细看说明文档可以吗 ??????
https://github.com/Neilpang/acme.sh/tree/master/dnsapi#3-use-cloudxnscom-domain-api-to-automatically-issue-cert

拜托了.

@murazi
Copy link
Author

murazi commented Dec 8, 2016

用CloudXNS始终不行,KEY和密匙都没错,就是不会自动添加TXT记录,改为手动添加记录了,但出现如下错误

www.***.cn:Challenge error: {"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: Response does not complete challenge","status": 400}

@Neilpang
Copy link
Member

Neilpang commented Dec 9, 2016

能不能贴出命令行参数 和 log, 我真的猜不出来.

@yjc2020
Copy link

yjc2020 commented Feb 7, 2017

我也遇到一样问题,执行 ./acme.sh --renew -d 网址
Challenge error: {"type":"urn:acme:error:malformed","detail":"Unable to update challenge :: Response does not complete challenge","status": 400}

@paranoiagu
Copy link

paranoiagu commented Apr 12, 2017

[root@oracle11g ~]# acme.sh --issue --dns dns_cx -d demo.xxxx-xx.com --debug
[Wed Apr 12 16:54:22 CST 2017] Lets find script dir.
[Wed Apr 12 16:54:22 CST 2017] SCRIPT='/root/.acme.sh/acme.sh'
[Wed Apr 12 16:54:22 CST 2017] _script='/root/.acme.sh/acme.sh'
[Wed Apr 12 16:54:22 CST 2017] _script_home='/root/.acme.sh'
[Wed Apr 12 16:54:22 CST 2017] Using config home:/root/.acme.sh
https://github.com/Neilpang/acme.sh
v2.6.9
[Wed Apr 12 16:54:22 CST 2017] Using api:
[Wed Apr 12 16:54:22 CST 2017] Using config home:/root/.acme.sh
[Wed Apr 12 16:54:22 CST 2017] DOMAIN_PATH='/root/.acme.sh/demo.xxxx-xx.com'
[Wed Apr 12 16:54:22 CST 2017] _on_before_issue
[Wed Apr 12 16:54:22 CST 2017] Le_LocalAddress
[Wed Apr 12 16:54:22 CST 2017] Check for domain='demo.xxxx-xx.com'
[Wed Apr 12 16:54:22 CST 2017] _currentRoot='dns_cx'
[Wed Apr 12 16:54:22 CST 2017] _saved_account_key_hash is not changed, skip register account.
[Wed Apr 12 16:54:22 CST 2017] Read key length:
[Wed Apr 12 16:54:22 CST 2017] Creating domain key
[Wed Apr 12 16:54:22 CST 2017] Use DEFAULT_DOMAIN_KEY_LENGTH=2048
[Wed Apr 12 16:54:22 CST 2017] Using config home:/root/.acme.sh
[Wed Apr 12 16:54:22 CST 2017] Use length 2048
[Wed Apr 12 16:54:22 CST 2017] Using RSA: 2048
[Wed Apr 12 16:54:22 CST 2017] _createcsr
[Wed Apr 12 16:54:22 CST 2017] Single domain='demo.xxxx-xx.com'
[Wed Apr 12 16:54:22 CST 2017] Getting domain auth token for each domain
[Wed Apr 12 16:54:22 CST 2017] Getting webroot for domain='demo.xxxx-xx.com'
[Wed Apr 12 16:54:22 CST 2017] _w='dns_cx'
[Wed Apr 12 16:54:22 CST 2017] _currentRoot='dns_cx'
[Wed Apr 12 16:54:22 CST 2017] Getting new-authz for domain='demo.xxxx-xx.com'
[Wed Apr 12 16:54:22 CST 2017] Try new-authz for the 0 time.
[Wed Apr 12 16:54:22 CST 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Wed Apr 12 16:54:22 CST 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "demo.xxxx-xx.com"}}'
[Wed Apr 12 16:54:22 CST 2017] RSA key
[Wed Apr 12 16:54:23 CST 2017] GET
[Wed Apr 12 16:54:23 CST 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Wed Apr 12 16:54:23 CST 2017] timeout
[Wed Apr 12 16:54:23 CST 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Wed Apr 12 16:54:24 CST 2017] ret='0'
[Wed Apr 12 16:54:24 CST 2017] POST
[Wed Apr 12 16:54:24 CST 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Wed Apr 12 16:54:24 CST 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Wed Apr 12 16:54:25 CST 2017] _ret='0'
[Wed Apr 12 16:54:25 CST 2017] code='201'
[Wed Apr 12 16:54:25 CST 2017] The new-authz request is ok.
[Wed Apr 12 16:54:25 CST 2017] entry='"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/_hyGj6ajGo0H-hd6b38IYNMFownYLFo9r28Ax4zY8M0/1008067947","token":"QmQz3Abi4njBZ_R9grLxkjQbedPXaqal3ErkbgJxswE"'
[Wed Apr 12 16:54:25 CST 2017] token='QmQz3Abi4njBZ_R9grLxkjQbedPXaqal3ErkbgJxswE'
[Wed Apr 12 16:54:26 CST 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/_hyGj6ajGo0H-hd6b38IYNMFownYLFo9r28Ax4zY8M0/1008067947'
[Wed Apr 12 16:54:26 CST 2017] keyauthorization='QmQz3Abi4njBZ_R9grLxkjQbedPXaqal3ErkbgJxswE.fYwrDn__B4MMPSmdP_N0WihlmJp7PSRIekQeP2BbvDM'
[Wed Apr 12 16:54:26 CST 2017] dvlist='demo.xxxx-xx.com#QmQz3Abi4njBZ_R9grLxkjQbedPXaqal3ErkbgJxswE.fYwrDn__B4MMPSmdP_N0WihlmJp7PSRIekQeP2BbvDM#https://acme-v01.api.letsencrypt.org/acme/challenge/_hyGj6ajGo0H-hd6b38IYNMFownYLFo9r28Ax4zY8M0/1008067947#dns-01#dns_cx'
[Wed Apr 12 16:54:26 CST 2017] vlist='demo.xxxx-xx.com#QmQz3Abi4njBZ_R9grLxkjQbedPXaqal3ErkbgJxswE.fYwrDn__B4MMPSmdP_N0WihlmJp7PSRIekQeP2BbvDM#https://acme-v01.api.letsencrypt.org/acme/challenge/_hyGj6ajGo0H-hd6b38IYNMFownYLFo9r28Ax4zY8M0/1008067947#dns-01#dns_cx,'
[Wed Apr 12 16:54:26 CST 2017] txtdomain='_acme-challenge.demo.xxxx-xx.com'
[Wed Apr 12 16:54:26 CST 2017] txt='vQzFp3oQsNxbFtW8sg2xDFwMysBhf7c4o5NhMXug1Dw'
[Wed Apr 12 16:54:26 CST 2017] d_api='/root/.acme.sh/dnsapi/dns_cx.sh'
[Wed Apr 12 16:54:26 CST 2017] Found domain api file: /root/.acme.sh/dnsapi/dns_cx.sh
[Wed Apr 12 16:54:26 CST 2017] First detect the root zone
[Wed Apr 12 16:54:26 CST 2017] ep='domain'
[Wed Apr 12 16:54:26 CST 2017] url='https://www.cloudxns.net/api2/domain'
[Wed Apr 12 16:54:26 CST 2017] cdate='2017-04-12 08:54:26 UTC'
[Wed Apr 12 16:54:26 CST 2017] data
[Wed Apr 12 16:54:26 CST 2017] sec='xxxxxxxxxxxhttps://www.cloudxns.net/api2/domain2017-04-12 08:54:26 UTCzzzzzzz'
[Wed Apr 12 16:54:26 CST 2017] hmac='3ffd393bcb7a46636b1dc5b54f69d0fb'
[Wed Apr 12 16:54:26 CST 2017] GET
[Wed Apr 12 16:54:26 CST 2017] url='https://www.cloudxns.net/api2/domain'
[Wed Apr 12 16:54:26 CST 2017] timeout
[Wed Apr 12 16:54:26 CST 2017] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header '
[Wed Apr 12 16:54:31 CST 2017] ret='0'
[Wed Apr 12 16:54:31 CST 2017] invalid domain
[Wed Apr 12 16:54:31 CST 2017] Error add txt for domain:_acme-challenge.demo.xxxx-xx.com
[Wed Apr 12 16:54:31 CST 2017] pid
[Wed Apr 12 16:54:31 CST 2017] No need to restore nginx, skip.
[Wed Apr 12 16:54:31 CST 2017] _clearupdns
[Wed Apr 12 16:54:31 CST 2017] Dns not added, skip.
[Wed Apr 12 16:54:31 CST 2017] _on_issue_err
[Wed Apr 12 16:54:31 CST 2017] Please add '--debug' or '--log' to check more details.
[Wed Apr 12 16:54:31 CST 2017] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Wed Apr 12 16:54:31 CST 2017] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.1e-fips 11 Feb 2013
apache:
apache doesn't exists.
nc:
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-p source_port]

@paranoiagu
Copy link

我也这边也不行,上面是完整日志。

@Neilpang
Copy link
Member

请给 --debug 2 的log.

@Neilpang
Copy link
Member

@paranoiagu

@hydrowinform
Copy link

hydrowinform commented Jul 20, 2018

我今天也碰到了Error add txt for domain:_acme-challenge.demo.xxxx-xx.com,到CF去查看DNS记录,发现是以前申请过的,自动创建了CNAME,所以我手动删掉_acme-challenge的CNAME后再次运行,一切正常了。
以上为个人经验,勿喷!
另外,Neilping大佬是否可以添加检测是否已有_acme-challenge,有则自动删掉,再创建。谢谢!

@EurekaChen
Copy link

EurekaChen commented Nov 2, 2018

我也遇到“You don't specify aliyun api key and secret yet”这个问题。
export下面能找到:
eureka@eureka_ubuntu_18_04_1:~/acme/run$ export
declare -x Ali_Key="LxxxxxxPGow5"
declare -x Ali_Secret="coNxxxxxxxasdfsasafasaDsLcA"
declare -x HOME="/home/eureka"
declare -x LANG="en_US.UTF-8"

用了sudo,如果不用会有一大堆的权限错误。

@EurekaChen
Copy link

可能要缺省安装,安装到其它目录会引起这个问题。

@bibichuan
Copy link

我今天也碰到了Error add txt for domain:_acme-challenge.demo.xxxx-xx.com,到CF去查看DNS记录,发现是以前申请过的,自动创建了CNAME,所以我手动删掉_acme-challenge的CNAME后再次运行,一切正常了。
以上为个人经验,勿喷!
另外,Neilping大佬是否可以添加检测是否已有_acme-challenge,有则自动删掉,再创建。谢谢!

我也是以前申请过,现在不知道如何删除_acme-challenge?能不能详细点说明下啊

@jiankang-wang
Copy link

[root@iZ2zeav5im2fhbzfa4msuiZ ~]# acme.sh --issue --dns dns_ali -d wangjiankang.xin -d *.wangjiankang.xin [Thu Nov 26 11:05:47 CST 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory [Thu Nov 26 11:05:47 CST 2020] Multi domain='DNS:wangjiankang.xin,DNS:*.wangjiankang.xin' [Thu Nov 26 11:05:47 CST 2020] Getting domain auth token for each domain [Thu Nov 26 11:05:52 CST 2020] Getting webroot for domain='wangjiankang.xin' [Thu Nov 26 11:05:52 CST 2020] Getting webroot for domain='*.wangjiankang.xin' [Thu Nov 26 11:05:52 CST 2020] Adding txt value: noJkVpftIL-kpxWHqv1PTQn3WR2EzSAPpcOtlo99E8I for domain: _acme-challenge.wangjiankang.xin [Thu Nov 26 11:05:54 CST 2020] Error add txt for domain:_acme-challenge.wangjiankang.xin [Thu Nov 26 11:05:54 CST 2020] Please add '--debug' or '--log' to check more details. [Thu Nov 26 11:05:54 CST 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
这个是因为什么呢

@chuxi
Copy link

chuxi commented Jul 9, 2021

--debug 模式打开,看输出信息,错误上方几行,有个curl(bash脚本调用域名服务商接口),将该curl请求放入浏览器看看是否能够生效打开,从而检查api key是否配置正确,访问ip权限等

@a545254328
Copy link

像我這種情況,用的是私人貨,不是買的vps,會遇到很多問題,像你這種,我是還要手動在路由打開80端口

@tyoung4025
Copy link

new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/",
"status": 429
}
[Tue 15 Nov 2022 08:48:48 AM EST] Please check log file for more details: /root/.acme.sh/acme.sh.log
请问这是什么情况

@bibichuan
Copy link

bibichuan commented Nov 15, 2022 via email

@newgtman
Copy link

能不能贴出命令行参数和日志,我真的猜不出。

[root@racknerd-10ed43 ~]# ~/.acme.sh/acme.sh --issue -d www.17562dlainfj.top --standalone
[2023年 04月 22日 星期六 13:26:00 EDT] Using CA: https://acme.zerossl.com/v2/DV90
[2023年 04月 22日 星期六 13:26:00 EDT] Standalone mode.
[2023年 04月 22日 星期六 13:26:00 EDT] Creating domain key
[2023年 04月 22日 星期六 13:26:00 EDT] The domain key is here: /root/.acme.sh/www.17562dlainfj.top_ecc/www.17562dlainfj.top.key
[2023年 04月 22日 星期六 13:26:00 EDT] Single domain='www.17562dlainfj.top'
[2023年 04月 22日 星期六 13:26:00 EDT] Getting domain auth token for each domain
[2023年 04月 22日 星期六 13:26:03 EDT] Getting webroot for domain='www.17562dlainfj.top'
[2023年 04月 22日 星期六 13:26:03 EDT] Verifying: www.17562dlainfj.top
[2023年 04月 22日 星期六 13:26:03 EDT] Standalone mode server
[2023年 04月 22日 星期六 13:26:10 EDT] Processing, The CA is processing your order, please just wait. (1/30)
[2023年 04月 22日 星期六 13:26:14 EDT] www.17562dlainfj.top:Verify error:"error":{
[2023年 04月 22日 星期六 13:26:14 EDT] Please add '--debug' or '--log' to check more details.
[2023年 04月 22日 星期六 13:26:14 EDT] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

大佬,我这证书是什么情况啊,求指点,谢谢

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests