使用 acme 疑似遇到 bug 请教

执行命令：
`acme.sh --issue -d xxx.top --standalone --httpport 9500 --debug`

部分 debug 输出：
```
[Tue May 21 11:48:11 CST 2024] response='{"identifier":{"type":"dns","value":"xxx.top"},"status":"invalid","expires":"2024-05-28T03:47:57Z","challenges":[{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:connection","detail":"x.x.x.x: Fetching http://xxx.top/.well-known/acme-challenge/pFksi9WSuRTTRk3oWsM2IGdxxxxxxxxxxxxxxxxx-Nw: Timeout during connect (likely firewall problem)","status": 400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/353400341062/QZ2Sbg","token":"pFksi9WSuRTTRk3oWsM2IGdxxxxxxxxxxxxxxxxx-Nw","validationRecord":[{"url":"http://xxx.top/.well-known/acme-challenge/pFksi9WSuRTTRk3oWsM2IGdxxxxxxxxxxxxxxxxx-Nw","hostname":"xxx.top","port":"80","addressesResolved":["x.x.x.x"],"addressUsed":"x.x.x.x"}],"validated":"2024-05-21T03:48:00Z"}]}'
[Tue May 21 11:48:11 CST 2024] status='invalid
invalid'
[Tue May 21 11:48:11 CST 2024] error='"error":{"type":"urn:ietf:params:acme:error:connection","detail":"x.x.x.x: Fetching http://xxx.top/.well-known/acme-challenge/pFksi9WSuRTTRk3oWsM2IGdxxxxxxxxxxxxxxxxx-Nw: Timeout during connect (likely firewall problem)","status": 400'
[Tue May 21 11:48:11 CST 2024] errordetail='x.x.x.x: Fetching http://xxx.top/.well-known/acme-challenge/pFksi9WSuRTTRk3oWsM2IGdxxxxxxxxxxxxxxxxx-Nw: Timeout during connect (likely firewall problem)'
[Tue May 21 11:48:11 CST 2024] Invalid status, xxx.top:Verify error detail:x.x.x.x: Fetching http://xxx.top/.well-known/acme-challenge/pFksi9WSuRTTRk3oWsM2IGdxxxxxxxxxxxxxxxxx-Nw: Timeout during connect (likely firewall problem)
[Tue May 21 11:48:11 CST 2024] Debug: get token url.
[Tue May 21 11:48:11 CST 2024] GET
[Tue May 21 11:48:11 CST 2024] url='http://xxx.top/.well-known/acme-challenge/pFksi9WSuRTTRk3oWsM2IGdxxxxxxxxxxxxxxxxx-Nw'
[Tue May 21 11:48:11 CST 2024] timeout=1
[Tue May 21 11:48:11 CST 2024] Http already initialized.
[Tue May 21 11:48:11 CST 2024] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.NsNPLc8GtH -g --connect-timeout 1'
[Tue May 21 11:48:12 CST 2024] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 28
[Tue May 21 11:48:12 CST 2024] Here is the curl dump log:
[Tue May 21 11:48:12 CST 2024] == Info: About to connect() to xxx.top port 80 (#0)
== Info: Trying x.x.x.x...
== Info: Connection timed out after 1001 milliseconds
== Info: Closing connection 0
```

此日志是否表明了它还在致力于连接 80 端口，我的 httpport 参数指令似乎无法生效？

LLaMA2

179 天前

补充以下
根据文档描述。

你可以使用 --standalone --httpport 88 在没有 nginx 等前置代理时将 80 端口请求转发到 88 端口

例如你写了各 http 服务，监听在 9500 端口，同时你也没有开 nginx 等，或者 nginx 根本没有配置你要申请证书的域名，且你的 80 端口没有没占用，防火墙也都顺畅，你也不想麻烦配置 nginx 等，那么你就

--standalone --httpport 9500 搞起来，

官方文档
https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert#2-standalone-mode

brader

179 天前

@LLaMA2 这个用法是不对的，我本身也验证过了，我的日志就是该错误用法的示范输出。
一楼老哥的说法就是正确的。

我后来回去琢磨了一下官方文档为什么加了 httpport 无法起作用，其实官方的意思是：你的最外层拥有一个负载均衡器，它是监听的 80 端口的，然后比如你把负载均衡器的 80 端口绑定到某台内网机器的 9500 端口了，这时候你才需要去加 --httpport 9500 来使用。

官方文档描述的使用场景的文案，其实不那么好理解，容易造成误解。