【待反馈】DNS验证无法续签/申请SSL证书
为了能快速了解并处理您的问题,请提供以下基础信息:面板、插件版本:当前版本: Linux正式版8.0.5发布时间:2024/01/02
系统版本:
CentOS 7.9.2009 x86_64(Py3.7.9)
问题描述:
因为需要申请通配符证书,因此选择Let's Encrypt的DNS验证(支持通配符),但是申请的时候提示:“Traceback (most recent call last): File "/www/server/panel/class/acme_v2.py", line 1388, in apply_cert self.get_apis() File "/www/server/panel/class/acme_v2.py", line 104, in get_apis raise Exception(res.content) Exception",不管选择“阿里云DNS”还是“手动解析”,都提示上述错误
相关截图(日志、错误):
以下是bt 22的部分日志
- 更新ssh日志成功
- 开始更新SSH登录日志...
- 更新ssh日志成功
- Traceback (most recent call last):
File "/www/server/panel/pyenv/lib/python3.7/site-packages/urllib3/connection.py", line 170, in _new_conn
(self._dns_host, self.port), self.timeout, **extra_kw
File "/www/server/panel/pyenv/lib/python3.7/site-packages/urllib3/util/connection.py", line 96, in create_connection
raise err
File "/www/server/panel/pyenv/lib/python3.7/site-packages/urllib3/util/connection.py", line 86, in create_connection
sock.connect(sa)
socket.timeout: timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/www/server/panel/pyenv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 706, in urlopen
chunked=chunked,
File "/www/server/panel/pyenv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 382, in _make_request
self._validate_conn(conn)
File "/www/server/panel/pyenv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 1010, in _validate_conn
conn.connect()
File "/www/server/panel/pyenv/lib/python3.7/site-packages/urllib3/connection.py", line 353, in connect
conn = self._new_conn()
File "/www/server/panel/pyenv/lib/python3.7/site-packages/urllib3/connection.py", line 177, in _new_conn
% (self.host, self.timeout),
urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPSConnection object at 0x7fb22f4c9c90>, 'Connection to www.bt.cn timed out. (connect timeout=60)')
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/www/server/panel/pyenv/lib/python3.7/site-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/www/server/panel/pyenv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 756, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()
File "/www/server/panel/pyenv/lib/python3.7/site-packages/urllib3/util/retry.py", line 573, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='www.bt.cn', port=443): Max retries exceeded with url: /api/wpanel/get_messages (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fb22f4c9c90>, 'Connection to www.bt.cn timed out. (connect timeout=60)'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "class/http_requests.py", line 104, in post
result = requests.post(url,data,timeout=timeout,headers=headers,verify=verify)
File "/www/server/panel/pyenv/lib/python3.7/site-packages/requests/api.py", line 119, in post
return request('post', url, data=data, json=json, **kwargs)
File "/www/server/panel/pyenv/lib/python3.7/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/www/server/panel/pyenv/lib/python3.7/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/www/server/panel/pyenv/lib/python3.7/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/www/server/panel/pyenv/lib/python3.7/site-packages/requests/adapters.py", line 504, in send
raise ConnectTimeout(e, request=request)
requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='www.bt.cn', port=443): Max retries exceeded with url: /api/wpanel/get_messages (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7fb22f4c9c90>, 'Connection to www.bt.cn timed out. (connect timeout=60)'))
- 开始更新SSH登录日志... 您好,你的服务器是否做了IP限制?看了下代码可能是无法连接到CA证书商那边的地址
您到服务器SSH终端里执行
curl https://acme-v02.api.letsencrypt.org/directory
curl https://acme-staging-v02.api.letsencrypt.org/directory
看下返回信息 大炮运维V587 发表于 2024-2-22 10:56
您好,你的服务器是否做了IP限制?看了下代码可能是无法连接到CA证书商那边的地址
您到服务器SSH终端里执 ...
# curl https://acme-v02.api.letsencrypt.org/directory
curl: (35) TCP connection reset by peer
# curl https://acme-staging-v02.api.letsencrypt.org/directory
curl: (35) TCP connection reset by peer
以上是执行情况,服务器貌似没做过IP限制,但是福建省福州和泉州有ip白名单,不再名单内的域名(绑定了非大陆IP的域名)会被重定向,我的服务器是阿里云北京的。宝塔面板也未限制IP,但是服务器和宝塔面板有开启端口限制 并非正文 发表于 2024-2-22 11:02
# curl https://acme-v02.api.letsencrypt.org/directory
curl: (35) TCP connection reset...
服务器/etc目录下的hosts.allow和hosts.deny两个文件都是空白的 并非正文 发表于 2024-2-22 11:02
# curl https://acme-v02.api.letsencrypt.org/directory
curl: (35) TCP connection reset...
您的服务器连接不到CA证书那边,正常的应该是这样的
请联系在服务器运营商那边,看下是不是当前网络线路的问题
大炮运维V587 发表于 2024-2-22 11:21
您的服务器连接不到CA证书那边,正常的应该是这样的
请联系在服务器运营商那边,看下是不是当前网络线路 ...
我关闭了代理软件以及全局代理后,重启了服务器以及面板,已经可以通过“手动解析”来申请证书了,但是选择阿里云DNS时,提示以下错误:“Traceback (most recent call last): File "/www/server/panel/class/acme_v2.py", line 1396, in apply_cert self.get_auths(index) File "/www/server/panel/class/acme_v2.py", line 430, in get_auths self.set_auth_info(identifier_auth, index=index) File "/www/server/panel/class/acme_v2.py", line 460, in set_auth_info identifier_auth['auth_to'], identifier_auth['domain'], identifier_auth['auth_value']) File "/www/server/panel/class/acme_v2.py", line 577, in create_dns_record self._dns_class.create_dns_record(public.de_punycode(domain), dns_value) File "/www/server/panel/class/panelDnsapi.py", line 542, in create_dns_record self.add_record(root, 'TXT', acme_txt, domain_dns_value) File "/www/server/panel/class/panelDnsapi.py", line 567, in add_record raise ValueError(req.json()['Message']) ValueError: The "TXT" type record is in conflict the "CNAME" type records.”
并非正文 发表于 2024-2-22 12:35
我关闭了代理软件以及全局代理后,重启了服务器以及面板,已经可以通过“手动解析”来申请证书了,但是选 ...
是因为DNS解析记录里面有冲突的项目吗 并非正文 发表于 2024-2-22 12:44
是因为DNS解析记录里面有冲突的项目吗
用另一个域名测试了,应该是域名内DNS解析冲突导致的,另一个域名可以使用DNS解析自动申请
页:
[1]