SSL 证书签了半天没签下来……崩溃

2016-11-04 13:54:41 +08:00
 Laynooor

教程参考此篇文章 https://imququ.com/post/letsencrypt-certificate.html 之前签发过好几次,都很顺畅,这次不知道为什么老是出错。

环境是 Centos 6.5 、 nginx 1.11.5 、 php 5.6.22 ; 10M 电信独服

签了一上午+中午,不是卡在 Registering account ,就是卡在 Verifying example.com 。不卡的话还出各种错误信息……

下列错误中涉及到网站和 IP 都用 example.com 和 1.2.3.4 代替了

错误一

[root@play ssl]# python3 acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /home/wwwroot/example.com/challenges/ > ./signed.crt
Parsing account key...
Parsing CSR...
Registering account...
Traceback (most recent call last):
  File "/usr/local/lib/python3.5/urllib/request.py", line 1254, in do_open
    h.request(req.get_method(), req.selector, req.data, headers)
  File "/usr/local/lib/python3.5/http/client.py", line 1106, in request
    self._send_request(method, url, body, headers)
  File "/usr/local/lib/python3.5/http/client.py", line 1151, in _send_request
    self.endheaders(body)
  File "/usr/local/lib/python3.5/http/client.py", line 1102, in endheaders
    self._send_output(message_body)
  File "/usr/local/lib/python3.5/http/client.py", line 934, in _send_output
    self.send(msg)
  File "/usr/local/lib/python3.5/http/client.py", line 877, in send
    self.connect()
  File "/usr/local/lib/python3.5/http/client.py", line 1260, in connect
    server_hostname=server_hostname)
  File "/usr/local/lib/python3.5/ssl.py", line 377, in wrap_socket
    _context=self)
  File "/usr/local/lib/python3.5/ssl.py", line 752, in __init__
    self.do_handshake()
  File "/usr/local/lib/python3.5/ssl.py", line 988, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/local/lib/python3.5/ssl.py", line 633, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "acme_tiny.py", line 85, in get_crt
    "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf",
  File "acme_tiny.py", line 47, in _send_signed_request
    protected["nonce"] = urlopen(CA + "/directory").headers['Replay-Nonce']
  File "/usr/local/lib/python3.5/urllib/request.py", line 163, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/local/lib/python3.5/urllib/request.py", line 466, in open
    response = self._open(req, data)
  File "/usr/local/lib/python3.5/urllib/request.py", line 484, in _open
    '_open', req)
  File "/usr/local/lib/python3.5/urllib/request.py", line 444, in _call_chain
    result = func(*args)
  File "/usr/local/lib/python3.5/urllib/request.py", line 1297, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/usr/local/lib/python3.5/urllib/request.py", line 1256, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error EOF occurred in violation of protocol (_ssl.c:645)>

错误二

[root@play ssl]# python3 acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /home/wwwroot/example.com/challenges/ > ./signed.crt
Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying example.com...
Traceback (most recent call last):
  File "acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "acme_tiny.py", line 149, in get_crt
    domain, challenge_status))
ValueError: example.com challenge did not pass: {'uri': 'https://acme-v01.api.letsencrypt.org/acme/challenge/Ilf8ybQprBkc3Tpde6y74k-_ZYQHmZtUspNqSm-Pmf8/324821556', 'validationRecord': [{'port': '80', 'hostname': 'example.com', 'addressUsed': '1.2.3.4', 'url': 'http://example.com/.well-known/acme-challenge/me2UMm_5-ex0XLsMRyHPN1jLMusGK_CjzED9eQ332pM', 'addressesResolved': ['1.2.3.4']}], 'status': 'invalid', 'token': 'me2UMm_5-ex0XLsMRyHPN1jLMusGK_CjzED9eQ332pM', 'error': {'type': 'urn:acme:error:connection', 'status': 400, 'detail': 'DNS problem: query timed out looking up CAA for example.com'}, 'keyAuthorization': 'me2UMm_5-ex0XLsMRyHPN1jLMusGK_CjzED9eQ332pM.yToImuHAOUC9MTwjHh1ZrQ4TWVMjIcGoZki5fC63-kI', 'type': 'http-01'}

错误三

[root@play ssl]# python3 acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /home/wwwroot/example.com/challenges/ > ./signed.crt
Parsing account key...
Parsing CSR...
Registering account...
Traceback (most recent call last):
  File "acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "acme_tiny.py", line 92, in get_crt
    raise ValueError("Error registering: {0} {1}".format(code, result))
ValueError: Error registering: None Remote end closed connection without response

错误四

[root@play ssl]# python3 acme_tiny.py --account-key ./account.key --csr ./domain.csr --acme-dir /home/wwwroot/example.com/challenges/ > ./signed.crt
Parsing account key...
Parsing CSR...
Registering account...
Traceback (most recent call last):
  File "acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "acme_tiny.py", line 85, in get_crt
    "agreement": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf",
  File "acme_tiny.py", line 47, in _send_signed_request
    protected["nonce"] = urlopen(CA + "/directory").headers['Replay-Nonce']
  File "/usr/local/lib/python3.5/urllib/request.py", line 163, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/local/lib/python3.5/urllib/request.py", line 466, in open
    response = self._open(req, data)
  File "/usr/local/lib/python3.5/urllib/request.py", line 484, in _open
    '_open', req)
  File "/usr/local/lib/python3.5/urllib/request.py", line 444, in _call_chain
    result = func(*args)
  File "/usr/local/lib/python3.5/urllib/request.py", line 1297, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/usr/local/lib/python3.5/urllib/request.py", line 1257, in do_open
    r = h.getresponse()
  File "/usr/local/lib/python3.5/http/client.py", line 1197, in getresponse
    response.begin()
  File "/usr/local/lib/python3.5/http/client.py", line 297, in begin
    version, status, reason = self._read_status()
  File "/usr/local/lib/python3.5/http/client.py", line 266, in _read_status
    raise RemoteDisconnected("Remote end closed connection without"
http.client.RemoteDisconnected: Remote end closed connection without response
5321 次点击
所在节点    问与答
8 条回复
qingxin
2016-11-04 14:29:37 +08:00
腾讯云 阿里都提供免费的。。不明白为什么非要折腾这个
xsn
2016-11-04 14:35:20 +08:00
用这个 acme.sh 试试 /t/309878
miyuki
2016-11-04 14:39:06 +08:00
听说申请太多会被 Block …

https://www.v2ex.com/t/241819#reply62 我用的这个
abelyao
2016-11-04 14:43:35 +08:00
试试 certbot
Laynooor
2016-11-04 15:15:24 +08:00
@xsn
@miyuki
@abelyao 谢谢,已经解决了…… 心力交瘁
Havee
2016-11-04 15:54:18 +08:00
https://certbot.eff.org/docs/using.html#webroot
感觉 certbot 最简单,要复杂的话,参数都提供...

也提供 docker 镜像...
Aduang
2016-12-08 00:54:11 +08:00
Traceback (most recent call last):
File "/tmp/acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "/tmp/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File "/tmp/acme_tiny.py", line 123, in get_crt
wellknown_path, wellknown_url))
centos7 求救
已经去掉 www 的跳转。 URL 也能正常访问。就是最后的 crt 一直生成不出来。文件大小一直是 0 。验证文件夹也不生成任何文件
Laynooor
2016-12-08 10:58:37 +08:00
@Aduang 验证文件夹拥有者改成 www 试试

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/318012

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX