我正在尝试使用letsencrypt,acme-tiny和Flask蓝图来更新我的Flask Rest API认证,但是出了点问题,我不知道是什么原因。
我试图更改目录data的权限,将其移入和移出应用程序结构。我还尝试了不同的蓝图组合,但没有任何效果。
应用程序文件结构如下所示:
|- ~
|- ~/my_application
|---- api
|---- |---- app.py
|---- tls
|---- |---- account.key
|---- |---- server.key
|---- |---- server.crt
|---- |---- server.csr
|- ~/data
|---- |---- letsencrypt
|---- |---- |---- acme-challenge
|- ~/3rdparty
|---- |---- acme-tyne
|---- |---- |---- acme-tiny.py
我已将acme-tiny项目克隆到3rdparty目录中,并已将蓝图.well-known注册到应用程序中,如下所示:
from os import path
url = path.join(path.expanduser('~'), 'data/letsencrypt/'))
blueprint = Blueprint(
'.well-known',
__name__,
static_url_path=('/%s' % (url)),
static_folder=path)
app.register_blueprint(blueprint)
然后我执行以下步骤:
openssl genrsa 4096 > ~/my_application/tls/account.key
openssl req -new -sha256 -key ~/my_application/tls/server.key -subj "/CN=example.com" > ~/my_application/tls/server.csr
python3 ~/3rdparty/acme_tiny/acme_tiny.py --account-key ~/my_application/tls/account.key --csr ~/my_application/tls/server.csr --acme-dir ~/data/letsencrypt/acme-challenge/ > ./signed.crt
但是出现以下错误:
Parsing account key...
Parsing CSR...
Found domains: example.com
Getting directory...
Directory found!
Registering account...
Already registered!
Creating new order...
Order created!
Verifying example.com...
Traceback (most recent call last):
File "3rdparty/acme-tiny/acme_tiny.py", line 141, in get_crt
assert (disable_check or _do_request(wellknown_url)[0] == keyauthorization)
File "3rdparty/acme-tiny/acme_tiny.py", line 46, in _do_request
raise ValueError("{0}:\nUrl: {1}\nData: {2}\nResponse Code: {3}\nResponse: {4}".format(err_msg, url, data, code, resp_data))
ValueError: Error:
Url: http://example.com/.well-known/acme-challenge/xxxxxx
Data: None
Response Code: None
Response: <urlopen error [Errno 110] Connection timed out>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "3rdparty/acme-tiny/acme_tiny.py", line 198, in <module>
main(sys.argv[1:])
File "3rdparty/acme-tiny/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "3rdparty/acme-tiny/acme_tiny.py", line 143, in get_crt
raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to ~/data/letsencrypt/acme-challenge/xxxxxx, but couldn't download http://example.com/.well-known/acme-challenge/xxxxxx: Error:
Url: http://example.com/.well-known/acme-challenge/xxxxxx
Data: None
Response Code: None
Response: <urlopen error [Errno 110] Connection timed out>