错误交钥匙的linux confconsole脱水.well-known / acme-challenge 404未找到

时间:2019-03-31 19:48:37

标签: ssl nginx certificate lets-encrypt turnkeylinux.org

使用RamNode的Turnkey Linux发行版,我注意到我的网站的证书已经过期,并且https链接带有“继续”对话框标记。进一步研究该问题,Turnkey Linux将confconsole与Let's Encrypt结合使用以请求新证书。多个[虚拟]域要求用户手动使用cronjob在/etc/cron.daily/confconsole-dehydrated下每天调用的脱水包装器,但会导致错误:

/var/log/confconsole/letsencrypt.log 

[2019-03-09 05:35:04] dehydrated-wrapper: FATAL: An unexpected service is listening on port 80: nginx:
[2019-03-09 05:35:04] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
Restarting SSL tunnels: [stopped: /etc/stunnel/stunnel.conf] [Started: /etc/stunnel/stunnel.conf] stunnel.
[2019-03-09 05:35:09] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
[2019-03-09 05:35:09] cron: ERROR: dehydrated-wrapper exited with a non-zero exit code.
[2019-03-10 05:35:04] cron: /etc/ssl/private/cert.pem has expired or will do so within 30 days. Attempting renewal.

解决方案: 使用

更新/usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrated-wrapper

替换:

netstat -ltpn | grep ":80 " | head -1 | cut -d/ -f2 | sed -e 's [[:space:]].*$||'

与:

netstat -ltpn | grep ":80 " | head -1 | cut -d/ -f2 \
   | sed -e 's|[[:space:]].*$||; s|[^a-zA-Z0-9]||'

就像这次提交https://github.com/turnkeylinux/confconsole/commit/d1e61c4767c2148663429d63bc3a42925af8cbcd

然后再次手动运行cronjob或等待明天: /etc/cron.daily/confconsole-dehydrated 

[2019-03-31 19:26:45] confconsole.hook.sh: SUCCESS: Cert request successful. Writing cert.pem & cert.key for DOMAIN1 to /etc/ssl/private
[2019-03-31 19:26:52] confconsole.hook.sh: SUCCESS: Cert request successful. Writing cert.pem & cert.key for DOMAIN2 to /etc/ssl/private
[2019-03-31 19:26:59] confconsole.hook.sh: SUCCESS: Cert request successful. Writing cert.pem & cert.key for DOMAIN3 to /etc/ssl/private

谢谢,我希望它可以节省您一些时间

相关链接:https://github.com/turnkeylinux/tracker/issues/976

1 个答案:

答案 0 :(得分:0)

我已经在《问题邮报》本身中回答了这个问题,但是,这又是机器人的答案。

解决方案:使用/ p>更新/usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrated-wrapper

替换:

import sys
sys.stdout = open(“my_stdout.log”, “w”)
sys.stderr = open(“my_stderr.log”, “w”)

其中:

netstat -ltpn | grep ":80 " | head -1 | cut -d/ -f2 | sed -e 's [[:space:]].*$||'

我可以通过讨论根本问题来进一步扩展解决方案。

由于脱水包装中的行已将netstat -ltpn | grep ":80 " | head -1 | cut -d/ -f2 \ | sed -e 's|[[:space:]].*$||; s|[^a-zA-Z0-9]||' 变量分配给WEBSERVER,因此脱水无法在请求和更新证书之前停止nginx:。将nginx添加到case语句将允许您停止nginx,但由于它不存在而无法启动nginx:进程来托管nginx:位置,从而导致脱水时输入404尝试验证https ssl证书是否正确配置。

相关问题
最新问题