ERROR

[BROBIRD]

总是到这一步：Requesting challenge for aa.bbb.cccc
就断了，检查了API，没错，环境是腾讯云

[xdtianyu]

可以贴下详细的输出吗？注意不要暴露你的域名和IP。另外是哪一个脚本？

[BROBIRD]

Cloudxns的脚本。

# INFO: Using main config file /home/wwwroot/aa.bbb.cccc/cloudxns.conf
Processing aa.bbb.cccc
 + Checking domain name(s) of existing cert... unchanged.
 + Checking expire date of existing cert...
 + Valid till Jul 14 14:14:00 2016 GMT (Less than 30 days). Renewing!
 + Signing domains...
 + Generating signing request...
 + Requesting challenge for aa.bbb.cccc...

然后就没有了

[xdtianyu]

很奇怪啊，我这里本地测试都是可以通过 Requesting challenge 的

./le-cloudxns.sh cloudxns.conf 
# INFO: Using main config file cloudxns.conf
Processing example.com with alternative names: www.example.com im.example.com
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for example.com...
 + Requesting challenge for www.example.com...
 + Requesting challenge for im.example.com...

贴一下 /home/wwwroot/aa.bbb.cccc/cloudxns.conf 的内容吧，注意不要把 cloudxns 的 api key 泄漏。

[BROBIRD]

API_KEY="********" SECRET_KEY="********" DOMAIN="bbb.cccc" CERT_DOMAINS="aa.bbb.cccc" ECC=TRUE

[xdtianyu]

在 腾讯云 curl -v https://acme-v01.api.letsencrypt.org/acme/new-authz 看下 lets-encrypt 的服务器通吗？我新建了一个广州二区机器，第一次运行时出现了 ERROR: Problem connecting to server (post for https://acme-v01.api.letsencrypt.org/acme/new-authz; curl returned with 35) 的错误，可能与 ipv6 不通有关。

# INFO: Using main config file cloudxns.conf
+ Generating account key...
+ Registering account key with letsencrypt...
Processing bbb.cccc
 + Signing domains...
 + Creating new directory ./certs/bbb.cccc ...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for bbb.cccc...
  + ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-authz (Status 400)

Details:
{
  "type": "urn:acme:error:malformed",
  "detail": "Error creating new authz :: Name does not end in a public suffix",
  "status": 400
}

root@VM-12-8-ubuntu:~# ping6 acme-v01.api.letsencrypt.org
connect: Network is unreachable
root@VM-12-8-ubuntu:~# 
root@VM-12-8-ubuntu:~# ping acme-v01.api.letsencrypt.org
PING e981.dscb.akamaiedge.net.0.1.cn.akamaiedge.net (23.198.115.87) 56(84) bytes of data.
64 bytes from a23-198-115-87.deploy.static.akamaitechnologies.com (23.198.115.87): icmp_seq=1 ttl=50 time=217 ms
64 bytes from a23-198-115-87.deploy.static.akamaitechnologies.com (23.198.115.87): icmp_seq=2 ttl=50 time=213 ms
64 bytes from a23-198-115-87.deploy.static.akamaitechnologies.com (23.198.115.87): icmp_seq=3 ttl=50 time=217 ms

[BROBIRD]

我这里没问题啊

[root@VM_82_50_centos ~]# curl -v https://acme-v01.api.letsencrypt.org/acme/new-authz
*   Trying 2.17.50.15...
* Connected to acme-v01.api.letsencrypt.org (2.17.50.15) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Unknown (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*  subject: CN=*.api.letsencrypt.org; O=INTERNET SECURITY RESEARCH GROUP; L=Mountain View; ST=California; C=US
*  start date: Jun 26 17:05:45 2015 GMT
*  expire date: Jun 25 17:05:45 2018 GMT
*  subjectAltName: host "acme-v01.api.letsencrypt.org" matched cert's "*.api.letsencrypt.org"
*  issuer: C=US; O=IdenTrust; OU=TrustID Server; CN=TrustID Server CA A52
*  SSL certificate verify ok.
> GET /acme/new-authz HTTP/1.1
> Host: acme-v01.api.letsencrypt.org
> User-Agent: curl/7.48.0
> Accept: */*
> 
< HTTP/1.1 405 Method Not Allowed
< Server: nginx
< Content-Type: application/problem+json
< Content-Length: 91
< Allow: POST
< Boulder-Request-Id: glU0ASbxaSZ-XIkTzKk-SdnR4tCchZuMLC2epmCPkyU
< Replay-Nonce: 9cFAKb0R_VTELjzwCQzKKC-qjSufMiRLa8PL6PJdAuU
< Expires: Tue, 05 Jul 2016 17:35:42 GMT
< Cache-Control: max-age=0, no-cache, no-store
< Pragma: no-cache
< Date: Tue, 05 Jul 2016 17:35:42 GMT
< Connection: keep-alive
< 
{
  "type": "urn:acme:error:malformed",
  "detail": "Method not allowed",
  "status": 405
* Connection #0 to host acme-v01.api.letsencrypt.org left intact

[xdtianyu]

换一个新目录，按照 readme 重新下载脚本，什么都不配置直接运行，看会不会卡在你的那个错误。

[BROBIRD]

试了一下，申请新证书没问题，更新证书就会出现我上述的问题

[xdtianyu]

@BROBIRD 感谢反馈~我再确认下

[BROBIRD]

请问下 首次获取生成的DNS记录是不是要保留？我之前清理DNS记录的时候把challenge记录删了，我在想是不是这个原因？

[xdtianyu]

这个没试过，不过应该没关系，会自动处理的。建议不要删除中间文件，下一次更新还要再生成的。

BROBIRD notifications@github.com于2016年7月15日星期五 18:10写道：

请问下 首次获取生成的DNS记录是不是要保留？我之前清理DNS记录的时候把challenge记录删了，我在想是不是这个原因？

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
#23 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ACe8s2gqcHJ7tnNo24ihoeyxBJzviH4Oks5qV1x8gaJpZM4JDBzy
.

[BROBIRD]

中间文件我没有删，只是删了DNS记录

[xdtianyu]

验证结束后删除DNS记录是不影响的

BROBIRD notifications@github.com于2016年7月15日星期五 20:34写道：

中间文件我没有删，只是删了DNS记录

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
#23 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ACe8s6Yd-vmlohCD9vPmZvwzb0fBsmRkks5qV35cgaJpZM4JDBzy
.

[BROBIRD]

这真是 奇怪极了……