我第一次轻松安装了SSL证书,但我无法续订。
我安排了terminal命令每个月自动续订证书,但是它正在响应错误。手动运行时,我也得到相同的响应。
终端命令
curl -X POST https://forge.laravel.com/api/servers/<serverNumber>/sites/<siteNumber>/ssl/renew?api_token=<my-token>
响应
Cloning into 'letsencrypt1462928414'...
nginx stop/waiting
nginx start/running, process 10734
# INFO: Using main config file /root/letsencrypt1462928414/config.sh
+ Generating account key...
+ Registering account key with letsencrypt...
Processing donniebrandt.com with alternative names: www.donniebrandt.com
+ Signing domains...
+ Creating new directory /root/letsencrypt1462928414/certs/donniebrandt.com ...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for donniebrandt.com...
+ Requesting challenge for www.donniebrandt.com...
+ Responding to challenge for donniebrandt.com...
ERROR: Challenge is invalid! (returned: invalid) (result: {"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from http://donniebrandt.com/.well-known/acme-challenge/JdG5PtzEcqZMMDVhx2VNN5Wmvldwtl84B6q3j1AQcP0 [104.18.50.184]: 526"},"uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/S6oIx5ZFyzu80fkpjoCcAgVDp7p8aLo6UGLLt7flP-g/81801388","token":"JdG5PtzEcqZMMDVhx2VNN5Wmvldwtl84B6q3j1AQcP0","keyAuthorization":"JdG5PtzEcqZMMDVhx2VNN5Wmvldwtl84B6q3j1AQcP0.0N_sDHF2rXqfyPHGi4ZmXDAkrmwbMJ-S_ZghYPtSN2g","validationRecord":[{"url":"http://donniebrandt.com/.well-known/acme-challenge/JdG5PtzEcqZMMDVhx2VNN5Wmvldwtl84B6q3j1AQcP0","hostname":"donniebrandt.com","port":"80","addressesResolved":["104.18.50.184","104.18.51.184"],"addressUsed":"104.18.50.184"},{"url":"https://donniebrandt.com/.well-known/acme-challenge/JdG5PtzEcqZMMDVhx2VNN5Wmvldwtl84B6q3j1AQcP0","hostname":"donniebrandt.com","port":"443","addressesResolved":["104.18.50.184","104.18.51.184"],"addressUsed":"104.18.50.184"}]})
我还验证了.well-known/acme-challenge
目录存在,但它不会更改错误。
答案 0 :(得分:2)
错误消息显示您的网站对其中一个域处于离线状态:
ERROR: [...]"Invalid response from http://donniebrandt.com/[...]526"},[...]
尝试访问http://donniebrandt.com,您将收到错误526(无效的SSL证书)。
云计算states:
当CloudFlare无法在原始Web服务器上成功验证SSL证书并且网站上的CloudFlare SSL配置设置为“完整SSL(严格)”时,会出现HTTP错误响应代码526。
换句话说,您在服务器前设置的CDN会尝试通过HTTPS访问您的服务器,但您的SSL证书无效(可能已过期或根据Cloudfare CDN不信任的根CA)。 因此Cloudfare不会从您的服务器获取内容。
我不熟悉Cloudfare,但您可以执行以下操作之一:
因为你说你第一次使用SSL工作我假设Cloudfare信任LetsEncrypt(或者它第一次不能工作)。不过值得一试。
答案 1 :(得分:1)
这不是一个真正的解决方案,但我通过在Forge中重新创建网站并重新安装SSL来绕过这个问题。
这应该不再是一个问题,因为Forge现在可以更好地处理SSL。
Forge现在将自动为您续订LetsEncrypt证书 每周。您不再需要手动添加预定作业 执行续订。生成自动续订LetsEncrypt 证书,只需使用获取并激活新证书 形式如上。