acme.sh和自己的巨石服务器上的挑战错误

时间:2017-11-09 13:33:10

标签: nginx lets-encrypt

我尝试安装自己的boulder服务器来颁发内部授权证书。 我在docker中设置了https://github.com/letsencrypt/boulder的巨石服务器。 另外acme.sh在另一台服务器上用于颁发证书。

不幸的是,acme.sh给了我这个错误,我不知道出了什么问题:

从acme.sh调试:

letsencrypt@boulderacme:~$ .acme.sh/acme.sh --issue -d suitecrm.office.mojeip.cz --home /home/letsencrypt/.acme.sh  -w /home/letsencrypt/webroot --server http://boulder.office.mojeip.cz:4000/directory --renew  --force --log --debug 2
[Thu Nov  9 13:07:42 UTC 2017] Lets find script dir.
[Thu Nov  9 13:07:42 UTC 2017] _SCRIPT_='.acme.sh/acme.sh'
[Thu Nov  9 13:07:42 UTC 2017] _script='/home/letsencrypt/.acme.sh/acme.sh'
[Thu Nov  9 13:07:42 UTC 2017] _script_home='/home/letsencrypt/.acme.sh'
[Thu Nov  9 13:07:42 UTC 2017] Using config home:/home/letsencrypt/.acme.sh
[Thu Nov  9 13:07:42 UTC 2017] LE_WORKING_DIR='/home/letsencrypt/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.7.4
[Thu Nov  9 13:07:42 UTC 2017] Using server: http://boulder.office.mojeip.cz:4000/directory
[Thu Nov  9 13:07:42 UTC 2017] Using config home:/home/letsencrypt/.acme.sh
[Thu Nov  9 13:07:42 UTC 2017] ACME_DIRECTORY='http://boulder.office.mojeip.cz:4000/directory'
[Thu Nov  9 13:07:42 UTC 2017] _ACME_SERVER_HOST='boulder.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] DOMAIN_PATH='/home/letsencrypt/.acme.sh/suitecrm.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] Renew: 'suitecrm.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] Using config home:/home/letsencrypt/.acme.sh
[Thu Nov  9 13:07:42 UTC 2017] ACME_DIRECTORY='http://boulder.office.mojeip.cz:4000/directory'
[Thu Nov  9 13:07:42 UTC 2017] _ACME_SERVER_HOST='boulder.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] Using ACME_DIRECTORY: http://boulder.office.mojeip.cz:4000/directory
[Thu Nov  9 13:07:42 UTC 2017] _init api for server: http://boulder.office.mojeip.cz:4000/directory
[Thu Nov  9 13:07:42 UTC 2017] GET
[Thu Nov  9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz:4000/directory'
[Thu Nov  9 13:07:42 UTC 2017] timeout
[Thu Nov  9 13:07:42 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.O7gBfsu6LG '
[Thu Nov  9 13:07:42 UTC 2017] ret='0'
[Thu Nov  9 13:07:42 UTC 2017] response='{
  "36iqcXcTwfE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "http://boulder.office.mojeip.cz:4000/acme/key-change",
  "meta": {
    "terms-of-service": "http://boulder:4000/terms/v1"
  },
  "new-authz": "http://boulder.office.mojeip.cz:4000/acme/new-authz",
  "new-cert": "http://boulder.office.mojeip.cz:4000/acme/new-cert",
  "new-reg": "http://boulder.office.mojeip.cz:4000/acme/new-reg",
  "revoke-cert": "http://boulder.office.mojeip.cz:4000/acme/revoke-cert"
}'
[Thu Nov  9 13:07:42 UTC 2017] ACME_KEY_CHANGE='http://boulder.office.mojeip.cz:4000/acme/key-change'
[Thu Nov  9 13:07:42 UTC 2017] ACME_NEW_AUTHZ='http://boulder.office.mojeip.cz:4000/acme/new-authz'
[Thu Nov  9 13:07:42 UTC 2017] ACME_NEW_ORDER='http://boulder.office.mojeip.cz:4000/acme/new-cert'
[Thu Nov  9 13:07:42 UTC 2017] ACME_NEW_ACCOUNT='http://boulder.office.mojeip.cz:4000/acme/new-reg'
[Thu Nov  9 13:07:42 UTC 2017] ACME_REVOKE_CERT='http://boulder.office.mojeip.cz:4000/acme/revoke-cert'
[Thu Nov  9 13:07:42 UTC 2017] Le_NextRenewTime
[Thu Nov  9 13:07:42 UTC 2017] _on_before_issue
[Thu Nov  9 13:07:42 UTC 2017] '/home/letsencrypt/webroot' does not contain 'no'
[Thu Nov  9 13:07:42 UTC 2017] Le_LocalAddress
[Thu Nov  9 13:07:42 UTC 2017] Check for domain='suitecrm.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] _currentRoot='/home/letsencrypt/webroot'
[Thu Nov  9 13:07:42 UTC 2017] '/home/letsencrypt/webroot' does not contain 'apache'
[Thu Nov  9 13:07:42 UTC 2017] _saved_account_key_hash='6sRegKo+srPDgaOnCejKyf7wkccpEtngrddGwl0xyho='
[Thu Nov  9 13:07:42 UTC 2017] _saved_account_key_hash is not changed, skip register account.
[Thu Nov  9 13:07:42 UTC 2017] Read key length:
[Thu Nov  9 13:07:42 UTC 2017] _createcsr
[Thu Nov  9 13:07:42 UTC 2017] domain='suitecrm.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] domainlist
[Thu Nov  9 13:07:42 UTC 2017] csrkey='/home/letsencrypt/.acme.sh/suitecrm.office.mojeip.cz/suitecrm.office.mojeip.cz.key'
[Thu Nov  9 13:07:42 UTC 2017] csr='/home/letsencrypt/.acme.sh/suitecrm.office.mojeip.cz/suitecrm.office.mojeip.cz.csr'
[Thu Nov  9 13:07:42 UTC 2017] csrconf='/home/letsencrypt/.acme.sh/suitecrm.office.mojeip.cz/suitecrm.office.mojeip.cz.csr.conf'
[Thu Nov  9 13:07:42 UTC 2017] Single domain='suitecrm.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] _is_idn_d='suitecrm.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] _idn_temp
[Thu Nov  9 13:07:42 UTC 2017] _csr_cn='suitecrm.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] Getting domain auth token for each domain
[Thu Nov  9 13:07:42 UTC 2017] Getting webroot for domain='suitecrm.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] _w='/home/letsencrypt/webroot'
[Thu Nov  9 13:07:42 UTC 2017] _currentRoot='/home/letsencrypt/webroot'
[Thu Nov  9 13:07:42 UTC 2017] Getting new-authz for domain='suitecrm.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] _init api for server: http://boulder.office.mojeip.cz:4000/directory
[Thu Nov  9 13:07:42 UTC 2017] ACME_KEY_CHANGE='http://boulder.office.mojeip.cz:4000/acme/key-change'
[Thu Nov  9 13:07:42 UTC 2017] ACME_NEW_AUTHZ='http://boulder.office.mojeip.cz:4000/acme/new-authz'
[Thu Nov  9 13:07:42 UTC 2017] ACME_NEW_ORDER='http://boulder.office.mojeip.cz:4000/acme/new-cert'
[Thu Nov  9 13:07:42 UTC 2017] ACME_NEW_ACCOUNT='http://boulder.office.mojeip.cz:4000/acme/new-reg'
[Thu Nov  9 13:07:42 UTC 2017] ACME_REVOKE_CERT='http://boulder.office.mojeip.cz:4000/acme/revoke-cert'
[Thu Nov  9 13:07:42 UTC 2017] Try new-authz for the 0 time.
[Thu Nov  9 13:07:42 UTC 2017] _is_idn_d='suitecrm.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] _idn_temp
[Thu Nov  9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz:4000/acme/new-authz'
[Thu Nov  9 13:07:42 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "suitecrm.office.mojeip.cz"}}'
[Thu Nov  9 13:07:42 UTC 2017] RSA key
[Thu Nov  9 13:07:42 UTC 2017] Get nonce. ACME_DIRECTORY='http://boulder.office.mojeip.cz:4000/directory'
[Thu Nov  9 13:07:42 UTC 2017] GET
[Thu Nov  9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz:4000/directory'
[Thu Nov  9 13:07:42 UTC 2017] timeout
[Thu Nov  9 13:07:42 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.g5Cb3ROx3f '
[Thu Nov  9 13:07:42 UTC 2017] ret='0'
[Thu Nov  9 13:07:42 UTC 2017] _headers='HTTP/1.1 200 OK
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Replay-Nonce: OrPVpfcC3bi2zbnIhpJYWL9g7GBiYs2k76RLlnSeakM
Date: Thu, 09 Nov 2017 13:07:42 GMT
Content-Length: 510
'
[Thu Nov  9 13:07:42 UTC 2017] _CACHED_NONCE='OrPVpfcC3bi2zbnIhpJYWL9g7GBiYs2k76RLlnSeakM'
[Thu Nov  9 13:07:42 UTC 2017] nonce='OrPVpfcC3bi2zbnIhpJYWL9g7GBiYs2k76RLlnSeakM'
[Thu Nov  9 13:07:42 UTC 2017] POST
[Thu Nov  9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz:4000/acme/new-authz'
[Thu Nov  9 13:07:42 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uKV5BlCeMeXa69r3leWJkO3-_XsbnkK87DRh_qPFjJOm4jYXTObgMt4FtCqwQl8cgcYoYmXm7zDLaK-zP2tgykVV_5CrzVpgbpZxVo9lmE_DXujdfNb24yIPQi34NEzTUQIrtghPIxIHPw9Tdq0faWNjQztN0c69as2XolTO1TyQ949SOl8GT4eU6wbWyg14vQGL2linu7bE9Gnmws7kXL6ABeK4BwxzHU4lrjZ7ZoDPVRzWIpazcoHlBMcOEj8C7dhmIvduP_slB2GzYi-hwhtVvao8FDJmQNGhMyohnYk_v7PjJgxNMKz1H7-KgDpvEBpwKC98Ot34B83mK5wvxw"}}, "protected": "eyJub25jZSI6ICJPclBWcGZjQzNiaTJ6Ym5JaHBKWVdMOWc3R0JpWXMyazc2UkxsblNlYWtNIiwgInVybCI6ICJodHRwOi8vYm91bGRlci5vZmZpY2UubmljLmN6OjQwMDAvYWNtZS9uZXctYXV0aHoiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJ1S1Y1QmxDZU1lWGE2OXIzbGVXSmtPMy1fWHNibmtLODdEUmhfcVBGakpPbTRqWVhUT2JnTXQ0RnRDcXdRbDhjZ2NZb1ltWG03ekRMYUstelAydGd5a1ZWXzVDcnpWcGdicFp4Vm85bG1FX0RYdWpkZk5iMjR5SVBRaTM0TkV6VFVRSXJ0Z2hQSXhJSFB3OVRkcTBmYVdOalF6dE4wYzY5YXMyWG9sVE8xVHlROTQ5U09sOEdUNGVVNndiV3lnMTR2UUdMMmxpbnU3YkU5R25td3M3a1hMNkFCZUs0Qnd4ekhVNGxyalo3Wm9EUFZSeldJcGF6Y29IbEJNY09FajhDN2RobUl2ZHVQX3NsQjJHellpLWh3aHRWdmFvOEZESm1RTkdoTXlvaG5Za192N1BqSmd4Tk1LejFINy1LZ0RwdkVCcHdLQzk4T3QzNEI4M21LNXd2eHcifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAic3VpdGVjcm0ub2ZmaWNlLm5pYy5jeiJ9fQ", "signature": "TTb0-ghjFif0Up03XNilRA3KR49TSCongQSBw2ewFUucXipah9Pa5RI_kDD0sE0rYiiCW75Og7fpzwOX6rRn6TAJeYrY_hmyOhaqW3szQjeocH365WxdmFTJbmV9M9LgAVRubB2rQcLFxAwg0IGbbEhOKTVV-zvmS39ZA_2XvcmJR6nkrPgzfxzGcSTz1aFlTZH8GKCwBXBy6K8FULZ4wUnOb7C2LV_oqpAyDwEez1oj4s_nCmGM-CxCopgeNgcpY_yZymz7WVvHQLo082iUTBzzoZrbipQiDGUIjVio29io93b-ZDzFPZu-3nqq__TdYh20ZupCyK952A9629aMOg"}'
[Thu Nov  9 13:07:42 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.2WomWqkuZB '
[Thu Nov  9 13:07:42 UTC 2017] _ret='0'
[Thu Nov  9 13:07:42 UTC 2017] original='{
  "identifier": {
    "type": "dns",
    "value": "suitecrm.office.mojeip.cz"
  },
  "status": "pending",
  "expires": "2017-11-16T09:38:04Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/7",
      "token": "Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo"
    },
    {
      "type": "http-01",
      "status": "pending",
      "uri": "http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8",
      "token": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/9",
      "token": "ckfZdVql-_SAX7zF5JkEoRqYbkGDy12pwBe2gj066aE"
    }
  ],
  "combinations": [
    [
      1
    ],
    [
      0
    ],
    [
      2
    ]
  ]
}'
[Thu Nov  9 13:07:42 UTC 2017] responseHeaders='HTTP/1.1 100 Continue

HTTP/1.1 201 Created
Boulder-Requester: 2
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Link: <http://boulder.office.mojeip.cz:4000/acme/new-cert>;rel="next"
Location: http://boulder.office.mojeip.cz:4000/acme/authz/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs
Replay-Nonce: sheBkr-biOxnzow70bnB8rMgEwxdh9gtTxpo8Vtdruk
Date: Thu, 09 Nov 2017 13:07:42 GMT
Content-Length: 964
'
[Thu Nov  9 13:07:42 UTC 2017] response='{"identifier":{"type":"dns","value":"suitecrm.office.mojeip.cz"},"status":"pending","expires":"2017-11-16T09:38:04Z","challenges":[{"type":"dns-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/7","token":"Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo"},{"type":"http-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"},{"type":"tls-sni-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/9","token":"ckfZdVql-_SAX7zF5JkEoRqYbkGDy12pwBe2gj066aE"}],"combinations":[[1],[0],[2]]}'
[Thu Nov  9 13:07:42 UTC 2017] code='201'
[Thu Nov  9 13:07:42 UTC 2017] The new-authz request is ok.
[Thu Nov  9 13:07:42 UTC 2017] entry='"type":"http-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"'
[Thu Nov  9 13:07:42 UTC 2017] token='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk'
[Thu Nov  9 13:07:42 UTC 2017] uri='http://boulder.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] keyauthorization='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Thu Nov  9 13:07:42 UTC 2017] dvlist='suitecrm.office.mojeip.cz#lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM#http://boulder.office.mojeip.cz#http-01#/home/letsencrypt/webroot'
[Thu Nov  9 13:07:42 UTC 2017] vlist='suitecrm.office.mojeip.cz#lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM#http://boulder.office.mojeip.cz#http-01#/home/letsencrypt/webroot,'
[Thu Nov  9 13:07:42 UTC 2017] ok, let's start to verify
[Thu Nov  9 13:07:42 UTC 2017] Verifying:suitecrm.office.mojeip.cz
[Thu Nov  9 13:07:42 UTC 2017] d='suitecrm.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] keyauthorization='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Thu Nov  9 13:07:42 UTC 2017] uri='http://boulder.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] _currentRoot='/home/letsencrypt/webroot'
[Thu Nov  9 13:07:42 UTC 2017] wellknown_path='/home/letsencrypt/webroot/.well-known/acme-challenge'
[Thu Nov  9 13:07:42 UTC 2017] writing token:lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk to /home/letsencrypt/webroot/.well-known/acme-challenge/lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk
[Thu Nov  9 13:07:42 UTC 2017] Changing owner/group of .well-known to letsencrypt:letsencrypt
[Thu Nov  9 13:07:42 UTC 2017] tigger domain validation.
[Thu Nov  9 13:07:42 UTC 2017] _t_url='http://boulder.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] _t_key_authz='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Thu Nov  9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM"}'
[Thu Nov  9 13:07:42 UTC 2017] Use cached jwk for file: /home/letsencrypt/.acme.sh/ca/boulder.office.mojeip.cz/account.key
[Thu Nov  9 13:07:42 UTC 2017] Use _CACHED_NONCE='sheBkr-biOxnzow70bnB8rMgEwxdh9gtTxpo8Vtdruk'
[Thu Nov  9 13:07:42 UTC 2017] nonce='sheBkr-biOxnzow70bnB8rMgEwxdh9gtTxpo8Vtdruk'
[Thu Nov  9 13:07:42 UTC 2017] POST
[Thu Nov  9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uKV5BlCeMeXa69r3leWJkO3-_XsbnkK87DRh_qPFjJOm4jYXTObgMt4FtCqwQl8cgcYoYmXm7zDLaK-zP2tgykVV_5CrzVpgbpZxVo9lmE_DXujdfNb24yIPQi34NEzTUQIrtghPIxIHPw9Tdq0faWNjQztN0c69as2XolTO1TyQ949SOl8GT4eU6wbWyg14vQGL2linu7bE9Gnmws7kXL6ABeK4BwxzHU4lrjZ7ZoDPVRzWIpazcoHlBMcOEj8C7dhmIvduP_slB2GzYi-hwhtVvao8FDJmQNGhMyohnYk_v7PjJgxNMKz1H7-KgDpvEBpwKC98Ot34B83mK5wvxw"}}, "protected": "eyJub25jZSI6ICJzaGVCa3ItYmlPeG56b3c3MGJuQjhyTWdFd3hkaDlndFR4cG84VnRkcnVrIiwgInVybCI6ICJodHRwOi8vYm91bGRlci5vZmZpY2UubmljLmN6IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidUtWNUJsQ2VNZVhhNjlyM2xlV0prTzMtX1hzYm5rSzg3RFJoX3FQRmpKT200allYVE9iZ010NEZ0Q3F3UWw4Y2djWW9ZbVhtN3pETGFLLXpQMnRneWtWVl81Q3J6VnBnYnBaeFZvOWxtRV9EWHVqZGZOYjI0eUlQUWkzNE5FelRVUUlydGdoUEl4SUhQdzlUZHEwZmFXTmpRenROMGM2OWFzMlhvbFRPMVR5UTk0OVNPbDhHVDRlVTZ3Yld5ZzE0dlFHTDJsaW51N2JFOUdubXdzN2tYTDZBQmVLNEJ3eHpIVTRscmpaN1pvRFBWUnpXSXBhemNvSGxCTWNPRWo4QzdkaG1JdmR1UF9zbEIyR3pZaS1od2h0VnZhbzhGREptUU5HaE15b2huWWtfdjdQakpneE5NS3oxSDctS2dEcHZFQnB3S0M5OE90MzRCODNtSzV3dnh3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJsVmhfRmFVcEJEbC01T2pySmFFMnNtOE1MNUJvWmZlSmJOeTdfMWlhQ0ZrLnB1WW9saW5FOGhZenItRThZM2Rwckg5ZWVJUEE1SnkwMFB0dTBkRUdQck0ifQ", "signature": "L3en-T8m3jGU2JKvm1Kks7KKdRkhf1fD-rOy_grtbZBmhb_gPHBvjadV4wlbDJxkVKIiczHEykfx50LhLIs6vYcUMRo52c6lGITEwRTGBeBgGl30umh7FC1iUVnRh4sqoJeQfI3DkO07bB4qdQaqstefI5MgRLsOJs82AkuQ0iv8P6s7AV5gq9yfDSaUtTrzIR_7BaCFEUbefzZc6ZXmaBQsdX0YRWGwGh0IPQKpzNEmgjpA_G_ZKMHZTXUzGAZ61TBl2iW7R6AMEI75JAkJkXxLhJPg_Xz7WrKy_CJ1EB0uNuAiVHZwc1w8XvXUw19o5T9fErT99QZBHVdLdwzT3g"}'
[Thu Nov  9 13:07:42 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.sTCSOrbo8o '
[Thu Nov  9 13:07:42 UTC 2017] _ret='0'
[Thu Nov  9 13:07:42 UTC 2017] original='<h1>This is server: boulder.office.mojeip.cz </h1>'
[Thu Nov  9 13:07:42 UTC 2017] responseHeaders='HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Thu, 09 Nov 2017 13:07:42 GMT
Content-Type: text/html
Content-Length: 48
Last-Modified: Thu, 09 Nov 2017 09:28:34 GMT
Connection: keep-alive
ETag: "5a041fc2-30"
Accept-Ranges: bytes
'
[Thu Nov  9 13:07:42 UTC 2017] response='<h1>This is server: boulder.office.mojeip.cz </h1>'
[Thu Nov  9 13:07:42 UTC 2017] code='200'
[Thu Nov  9 13:07:42 UTC 2017] suitecrm.office.mojeip.cz:Challenge error: <h1>This is server: boulder.office.mojeip.cz </h1>
[Thu Nov  9 13:07:42 UTC 2017] Debugging, skip removing: /home/letsencrypt/webroot/.well-known/acme-challenge/lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk
[Thu Nov  9 13:07:42 UTC 2017] pid
[Thu Nov  9 13:07:42 UTC 2017] No need to restore nginx, skip.
[Thu Nov  9 13:07:42 UTC 2017] _clearupdns
[Thu Nov  9 13:07:42 UTC 2017] skip dns.
[Thu Nov  9 13:07:42 UTC 2017] _on_issue_err
[Thu Nov  9 13:07:42 UTC 2017] Please check log file for more details: /home/letsencrypt/.acme.sh/acme.sh.log
[Thu Nov  9 13:07:42 UTC 2017] _chk_vlist='suitecrm.office.mojeip.cz#lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM#http://boulder.office.mojeip.cz#http-01#/home/letsencrypt/webroot,'
[Thu Nov  9 13:07:42 UTC 2017] start to deactivate authz
[Thu Nov  9 13:07:42 UTC 2017] tigger domain validation.
[Thu Nov  9 13:07:42 UTC 2017] _t_url='http://boulder.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] _t_key_authz='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Thu Nov  9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM"}'
[Thu Nov  9 13:07:42 UTC 2017] Use cached jwk for file: /home/letsencrypt/.acme.sh/ca/boulder.office.mojeip.cz/account.key
[Thu Nov  9 13:07:42 UTC 2017] Get nonce. ACME_DIRECTORY='http://boulder.office.mojeip.cz:4000/directory'
[Thu Nov  9 13:07:42 UTC 2017] GET
[Thu Nov  9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz:4000/directory'
[Thu Nov  9 13:07:42 UTC 2017] timeout
[Thu Nov  9 13:07:42 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.wFz2IqISdA '
[Thu Nov  9 13:07:42 UTC 2017] ret='0'
[Thu Nov  9 13:07:42 UTC 2017] _headers='HTTP/1.1 200 OK
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Replay-Nonce: lcwvWZqCg5QiOFij_0U5mf430ZSYXTy1VqNl6BF11GM
Date: Thu, 09 Nov 2017 13:07:42 GMT
Content-Length: 510
'
[Thu Nov  9 13:07:42 UTC 2017] _CACHED_NONCE='lcwvWZqCg5QiOFij_0U5mf430ZSYXTy1VqNl6BF11GM'
[Thu Nov  9 13:07:42 UTC 2017] nonce='lcwvWZqCg5QiOFij_0U5mf430ZSYXTy1VqNl6BF11GM'
[Thu Nov  9 13:07:42 UTC 2017] POST
[Thu Nov  9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz'
[Thu Nov  9 13:07:42 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uKV5BlCeMeXa69r3leWJkO3-_XsbnkK87DRh_qPFjJOm4jYXTObgMt4FtCqwQl8cgcYoYmXm7zDLaK-zP2tgykVV_5CrzVpgbpZxVo9lmE_DXujdfNb24yIPQi34NEzTUQIrtghPIxIHPw9Tdq0faWNjQztN0c69as2XolTO1TyQ949SOl8GT4eU6wbWyg14vQGL2linu7bE9Gnmws7kXL6ABeK4BwxzHU4lrjZ7ZoDPVRzWIpazcoHlBMcOEj8C7dhmIvduP_slB2GzYi-hwhtVvao8FDJmQNGhMyohnYk_v7PjJgxNMKz1H7-KgDpvEBpwKC98Ot34B83mK5wvxw"}}, "protected": "eyJub25jZSI6ICJsY3d2V1pxQ2c1UWlPRmlqXzBVNW1mNDMwWlNZWFR5MVZxTmw2QkYxMUdNIiwgInVybCI6ICJodHRwOi8vYm91bGRlci5vZmZpY2UubmljLmN6IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidUtWNUJsQ2VNZVhhNjlyM2xlV0prTzMtX1hzYm5rSzg3RFJoX3FQRmpKT200allYVE9iZ010NEZ0Q3F3UWw4Y2djWW9ZbVhtN3pETGFLLXpQMnRneWtWVl81Q3J6VnBnYnBaeFZvOWxtRV9EWHVqZGZOYjI0eUlQUWkzNE5FelRVUUlydGdoUEl4SUhQdzlUZHEwZmFXTmpRenROMGM2OWFzMlhvbFRPMVR5UTk0OVNPbDhHVDRlVTZ3Yld5ZzE0dlFHTDJsaW51N2JFOUdubXdzN2tYTDZBQmVLNEJ3eHpIVTRscmpaN1pvRFBWUnpXSXBhemNvSGxCTWNPRWo4QzdkaG1JdmR1UF9zbEIyR3pZaS1od2h0VnZhbzhGREptUU5HaE15b2huWWtfdjdQakpneE5NS3oxSDctS2dEcHZFQnB3S0M5OE90MzRCODNtSzV3dnh3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJsVmhfRmFVcEJEbC01T2pySmFFMnNtOE1MNUJvWmZlSmJOeTdfMWlhQ0ZrLnB1WW9saW5FOGhZenItRThZM2Rwckg5ZWVJUEE1SnkwMFB0dTBkRUdQck0ifQ", "signature": "mPhsVHif7ClJptITMmIv7fgLk09cx6nvG4xiLv5LCH3te2C6NCxf6WjhzqCPoEu8LqXThb0wlY8FDYlfr87R8JW4K7dcV18vlqNbXmfUa7Ahu8aFGtIx_sAn_5pQ50r8MKI6R0snWRKRG7r0Lgx4w0UyrhcT1z7P4bWF4QAyZc1HMVRwHdVf5TRBx9I1C-2qwInsFUfSWyHOICWzQ3nBSHXGfTIa9h7rItstHOGnxf3s8OUvkxtaBjgXkvqHAOGIs6URg8dW5wvMrDNufmOa_zSkkriL8lnl9CfAnMCFULHYqU5_eZ_mN_xIJZMVJFfIywWuRxEj3JKX73CF78OtnQ"}'
[Thu Nov  9 13:07:42 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header  --trace-ascii /tmp/tmp.SOBuN1Ym4O '
[Thu Nov  9 13:07:42 UTC 2017] _ret='0'
[Thu Nov  9 13:07:42 UTC 2017] original='<h1>This is server: boulder.office.mojeip.cz </h1>'
[Thu Nov  9 13:07:42 UTC 2017] responseHeaders='HTTP/1.1 100 Continue

HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Thu, 09 Nov 2017 13:07:42 GMT
Content-Type: text/html
Content-Length: 48
Last-Modified: Thu, 09 Nov 2017 09:28:34 GMT
Connection: keep-alive
ETag: "5a041fc2-30"
Accept-Ranges: bytes
'
[Thu Nov  9 13:07:42 UTC 2017] response='<h1>This is server: boulder.office.mojeip.cz </h1>'
[Thu Nov  9 13:07:42 UTC 2017] code='200'
[Thu Nov  9 13:07:42 UTC 2017] '/home/letsencrypt/webroot' does not contain 'dns'
[Thu Nov  9 13:07:42 UTC 2017] Diagnosis versions: 
openssl:openssl
OpenSSL 1.1.0f  25 May 2017
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
   options:
      -V     print version and feature information to stdout, and exit
      -h|-?  print a help text describing command line options and addresses
      -hh    like -h, plus a list of all common address option names
      -hhh   like -hh, plus a list of all available address option names
      -d     increase verbosity (use up to 4 times; 2 are recommended)
      -D     analyze file descriptors before loop
      -ly[facility]  log to syslog, using facility (default is daemon)
      -lf<logfile>   log to file
      -ls            log to stderr (default if no other log)
      -lm[facility]  mixed log mode (stderr during initialization, then syslog)
      -lp<progname>  set the program name used for logging
      -lu            use microseconds for logging timestamps
      -lh            add hostname to log messages
      -v     verbose data traffic, text
      -x     verbose data traffic, hexadecimal
      -b<size_t>     set data buffer size (8192)
      -s     sloppy (continue on error)
      -t<timeout>    wait seconds before closing second channel
      -T<timeout>    total inactivity timeout in seconds
      -u     unidirectional mode (left to right)
      -U     unidirectional mode (right to left)
      -g     do not check option groups
      -L <lockfile>  try to obtain lock, or fail
      -W <lockfile>  try to obtain lock, or wait
      -4     prefer IPv4 if version is not explicitly specified
      -6     prefer IPv6 if version is not explicitly specified
boulder服务器上的

控制台:

boulder_1  | I131626 boulder-wfe Successful request JSON={"Endpoint":"/directory","Method":"GET","ResponseNonce":"Zg32kE2Vnh1k_YNbDMf7z-EN_9xMSCwEI8QxHsGf25g","UserAgent":"acme.sh/2.7.4 (https://github.com/Neilpang/acme.sh)","Code":0}
boulder_1  | I131626 boulder-wfe Successful request JSON={"Endpoint":"/directory","Method":"HEAD","ResponseNonce":"nNQzqnkdfxiuh4qBnUq1kfgGvagj4z6mf19FZ96knnQ","UserAgent":"acme.sh/2.7.4 (https://github.com/Neilpang/acme.sh)","Code":0}
boulder_1  | I131626 boulder-wfe Successful request JSON={"Endpoint":"/acme/new-authz","Method":"POST","Requester":2,"Contacts":[],"RequestNonce":"nNQzqnkdfxiuh4qBnUq1kfgGvagj4z6mf19FZ96knnQ","ResponseNonce":"NQlEruE9KRKv6wDKlw3sMFI_rqGozSR1WbXGYX4zMPk","UserAgent":"acme.sh/2.7.4 (https://github.com/Neilpang/acme.sh)","Code":0,"Payload":"{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"suitecrm.office.nic.cz\"}}","Extra":{"AuthzID":"g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs","Identifier":{"type":"dns","value":"suitecrm.office.nic.cz"}}}
boulder_1  | I131626 boulder-wfe Successful request JSON={"Endpoint":"/directory","Method":"HEAD","ResponseNonce":"BQ6DpsteiiKgadQ0SxjgWudtjT13X3EIMVksyxvG-e4","UserAgent":"acme.sh/2.7.4 (https://github.com/Neilpang/acme.sh)","Code":0}

修改

你好, 我也是为了测试acmetiny,我收到了这些错误:

letsencrypt@boulderacme:~/acmetiny/acme-tiny$ ./acme_tiny.py --account-key /home/letsencrypt/.acme.sh/suitecrm.office.mojeip.cz/suitecrm.office.mojeip.cz.key --csr /home/letsencrypt/.acme.sh/suitecrm.office.mojeip.cz/suitecrm.office.mojeip.cz.csr --acme-dir /home/letsencrypt/webroot/.well-known/acme-challenge/ --ca http://boulder.office.mojeip.cz:4000
Parsing account key...
Parsing CSR...
Registering account...
Registered!
Verifying suitecrm.office.mojeip.cz...
Traceback (most recent call last):
  File "./acme_tiny.py", line 199, in <module>
    main(sys.argv[1:])
  File "./acme_tiny.py", line 195, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
  File "./acme_tiny.py", line 150, in get_crt
    domain, challenge_status))
ValueError: suitecrm.office.mojeip.cz challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'172.17.0.1'], u'url': u'http://suitecrm.office.mojeip.cz:5002/.well-known/acme-challenge/F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM', u'hostname': u'suitecrm.office.mojeip.cz', u'addressesTried': [], u'addressUsed': u'172.17.0.1', u'port': u'5002'}], u'keyAuthorization': u'F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM.zuwKtqMhCyrE0K9UDAVN1xiHewv-ztzFgwUpUdttZtY', u'uri': u'http://boulder.office.mojeip.cz:4000/acme/challenge/Bnk3Lc9o44ZmYeqBBHBTRgm8q3vEaDthFmFq0ck1vfw/27', u'token': u'F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM', u'error': {u'status': 400, u'type': u'urn:acme:error:connection', u'detail': u'Fetching http://suitecrm.office.mojeip.cz:5002/.well-known/acme-challenge/F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM: Connection refused'}, u'type': u'http-01'}

所以也许在巨石方面有些问题。但我仍然没有接近正确的功能。

1 个答案:

答案 0 :(得分:0)

这似乎是acme.sh的一个bug,请在github上报告一个问题。 我很快就会解决它。 感谢。

相关问题
最新问题