美文网首页
Let's Encrypt 无法续签

Let's Encrypt 无法续签

作者: 葱大驴 | 来源:发表于2021-11-12 14:20 被阅读0次

    因为疏忽(没有用自动续签,并且忘记手动续签),SSL 过期了, 然后上服务器使用 certbot renew 命令更新证书出现了如下提示

    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Processing /etc/letsencrypt/renewal/域名.conf
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Cert is due for renewal, auto-renewing...
    Plugins selected: Authenticator standalone, Installer None
    Renewing an existing certificate
    Attempting to renew cert (域名) from /etc/letsencrypt/renewal/域名).conf produced an unexpected error:
    urn:ietf:params:acme:error:rateLimited :: 
    There were too many requests of a given type :: Error creating new order :: 
    too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/. 
    Skipping.
    All renewal attempts failed. The following certs could not be renewed:
     /etc/letsencrypt/live/域名)/fullchain.pem (failure)
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    All renewal attempts failed. The following certs could not be renewed:
      /etc/letsencrypt/live/域名/fullchain.pem (failure)
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    1 renew failure(s), 0 parse failure(s)
    
    IMPORTANT NOTES:
     - The following errors were reported by the server:
    
       Domain: 域名
       Type:   dns
       Detail: DNS problem: NXDOMAIN looking up A for 域名 -
       check that a DNS record exists for this domain
    
    

    留意到错误信息那里:

    DNS problem: NXDOMAIN looking up A for www.域名 - check that a DNS record exists for this domain

    也就是 DNS出问题了,但是很奇怪的是我最近并没有修改过DNS或者 let's encry 的配置。

    尝试一

    网上大部分都是说DNS问题的,然后我试着 ping 了自己的域名,是能 ping 通的。说明 DNS -> 服务器 这个通道是正常的.

    然后是用了 certbot certificates 去查看证书信息

    Found the following certs:
      Certificate Name: 域名
        Serial Number: 马赛克
        Domains: 域名 www.域名
        Expiry Date: 过期日期
        Certificate Path: /etc/letsencrypt/live/证书地址
        Private Key Path: /etc/letsencrypt/live/私钥地址
    

    咦?怎么有两个域名,一个带www, 一个不带的(其实是我自己配的)
    然后我刚才 ping 的是不带 www 的, 然后再去试一下ping 带 w 的。ping 不通。

    难道问题找到了,但是怎么添加 www 的DNS代理呢..

    然后上DNS服务商, 加了一行www的配置


    DNS配置

    重新 ping 了一下,通了。然后重新跑一遍 certbot renew ,成功了!

    相关文章

      网友评论

          本文标题:Let's Encrypt 无法续签

          本文链接:https://www.haomeiwen.com/subject/rhznzltx.html