V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
qazwsxkevin
V2EX  ›  问与答

求助,架设 tls+cloudflare cdn+v2, caddy 工作不正常...

  •  
  •   qazwsxkevin · 2020-03-03 11:19:22 +08:00 · 3349 次点击
    这是一个创建于 1761 天前的主题,其中的信息可能已经有所发展或是发生改变。

    按照这个攻略来做的,
    https://www.bandwh.com/kxsw/30.html

    以前试着成功过一台服务器,今天用新的域名,在新的另外一台服务器(另外一个 vps 提供商)上操作,结果一直是不成功,看日志提示如下,提示说是连不上 8.8.8.8 ? 但应该不是的,搞不清楚,还请各位高手帮我看看问题所在? 谢谢!!(部分内容做了处理)

    [root@testServer /tmp]$cat /etc/caddy/caddy.conf
    test.test.com
        {
         tls [email protected]
         log /var/log/caddy.log
         proxy / localhost:10000 {
          websocket
          header_upstream -Origin
          }
        }
    [root@testServer /tmp]$
    
    
    [root@testServer /tmp]$cat /usr/local/caddy/Caddyfile     
    test.test.com
       {
        log /var/log/caddy.log
        proxy /localhost:10000 {
         websocket
         header_upstream -Origin
         }
       }
    [root@testServer /tmp]$cat /etc/resolv.conf
    # Generated by NetworkManager
    nameserver 8.8.8.8
    [root@testServer /tmp]$
    [root@testServer /tmp]$
    [root@testServer /tmp]$
    [root@testServer /tmp]$cat /etc/sysconfig/network-scripts/ifcfg-eth0 
    # XenSystem Ethernet
    DEVICE=eth0
    BOOTPROTO=static
    IPADDR=x.x.x.x
    NETMASK=255.255.255.192
    GATEWAY=x.x.x.129
    onboot=YES
    DNS1=8.8.8.8
    [root@testServer /tmp]$
    [root@testServer /tmp]$
    [root@testServer /tmp]$service caddy start
    [root@testServer /root]$service caddy start           
    [信息] Caddy 启动成功 !
    [root@testServer /tmp]$
    [root@testServer /tmp]$cat ./caddy.log 
    Activating privacy features... 2020/03/03 09:34:41 get Agreement URL: Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 8.8.8.8:53: dial udp 8.8.8.8:53: connect: network is unreachable
    Activating privacy features... 
    
    Your sites will be served over HTTPS automatically using Let's Encrypt.
    By continuing, you agree to the Let's Encrypt Subscriber Agreement at:
      https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
    Please enter your email address to signify agreement and to be notified
    in case of issues. You can leave it blank, but we don't recommend it.
      Email address: 2020/03/03 10:38:44 [INFO] [test.test.com] acme: Obtaining bundled SAN certificate
    2020/03/03 10:38:45 [INFO] [test.test.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8888888888
    2020/03/03 10:38:45 [INFO] [test.test.com] acme: use tls-alpn-01 solver
    2020/03/03 10:38:45 [INFO] [test.test.com] acme: Trying to solve TLS-ALPN-01
    2020/03/03 10:38:54 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8888888888
    2020/03/03 10:38:54 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8888888888
    2020/03/03 10:38:55 [INFO] [test.test.com] acme: Obtaining bundled SAN certificate
    2020/03/03 10:38:56 [INFO] [test.test.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7777777777
    2020/03/03 10:38:56 [INFO] [test.test.com] acme: use tls-alpn-01 solver
    2020/03/03 10:38:56 [INFO] [test.test.com] acme: Trying to solve TLS-ALPN-01
    2020/03/03 10:38:57 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7777777777
    2020/03/03 10:38:57 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7777777777
    2020/03/03 10:38:58 [INFO] [test.test.com] acme: Obtaining bundled SAN certificate
    2020/03/03 10:38:59 [INFO] [test.test.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3121973774
    2020/03/03 10:38:59 [INFO] [test.test.com] acme: use tls-alpn-01 solver
    2020/03/03 10:38:59 [INFO] [test.test.com] acme: Trying to solve TLS-ALPN-01
    2020/03/03 10:39:00 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3121977777
    2020/03/03 10:39:00 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3121973774
    2020/03/03 10:39:01 [INFO] [test.test.com] acme: Obtaining bundled SAN certificate
    2020/03/03 10:39:02 [INFO] [test.test.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3121974306
    2020/03/03 10:39:02 [INFO] [test.test.com] acme: Could not find solver for: tls-alpn-01
    2020/03/03 10:39:02 [INFO] [test.test.com] acme: use http-01 solver
    2020/03/03 10:39:02 [INFO] [test.test.com] acme: Trying to solve HTTP-01
    2020/03/03 10:39:07 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3121974777
    2020/03/03 10:39:07 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3121977777
    2020/03/03 10:39:08 [INFO] [test.test.com] acme: Obtaining bundled SAN certificate
    2020/03/03 10:39:08 [INFO] [test.test.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/312777777
    2020/03/03 10:39:08 [INFO] [test.test.com] acme: Could not find solver for: tls-alpn-01
    2020/03/03 10:39:08 [INFO] [test.test.com] acme: use http-01 solver
    2020/03/03 10:39:08 [INFO] [test.test.com] acme: Trying to solve HTTP-01
    2020/03/03 10:39:09 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/31666666
    2020/03/03 10:39:09 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3177777777
    2020/03/03 10:39:10 [INFO] [test.test.com] acme: Obtaining bundled SAN certificate
    2020/03/03 10:39:12 failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url: 
    
    
    
    8 条回复    2020-03-03 17:44:42 +08:00
    fzinfz
        1
    fzinfz  
       2020-03-03 12:48:08 +08:00 via iPhone
    too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
    jy02201949
        2
    jy02201949  
       2020-03-03 13:04:35 +08:00
    用 caddy 自动申请证书就容易出这个问题
    11dad
        3
    11dad  
       2020-03-03 13:10:08 +08:00
    手动配置吧 配 v2 的时候选不自动
    qazwsxkevin
        4
    qazwsxkevin  
    OP
       2020-03-03 15:50:05 +08:00
    @fzinfz 明白了,只能把服务器搁起来,一个星期后再试试 service caddy restart 了

    @jy02201949,不知道有什么好的办法弄其它证书了。。。。
    Yourshell
        5
    Yourshell  
       2020-03-03 17:11:44 +08:00 via iPhone
    套 cf 用它提供的证书就好了
    qazwsxkevin
        6
    qazwsxkevin  
    OP
       2020-03-03 17:25:25 +08:00
    @Yourshell 噢,根据你线索找到了,cf 的确是有这个自带的 ssl 操作,请教个问题,在 caddy 本身的配置,应该如何使用这个 SSL 证书?
    Yourshell
        7
    Yourshell  
       2020-03-03 17:33:02 +08:00
    jim9606
        8
    jim9606  
       2020-03-03 17:44:42 +08:00
    建议你测试时用另一个二级域名或者换用 staging CA 测试,确认工作正常再换用正式 CA ( https://letsencrypt.org/docs/staging-environment/),caddy 配置有一个选项可以改 CA ( https://caddyserver.com/v1/docs/tls
    caddy 的自动重试确实很容易触发 limit,所以一发现 error 就马上 stop 检查日志
    我很奇怪的是为啥你的 vps 是在系统里手动设置 ip 和 dns 的,通常不是都用 dhcp 的吗?
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2798 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 25ms · UTC 09:29 · PVG 17:29 · LAX 01:29 · JFK 04:29
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.