1Panel icon indicating copy to clipboard operation
1Panel copied to clipboard

Published 20 hours ago verified publisher icon 1Panel-dev

[BUG] SSL 证书申请失败

Open vlssu opened this issue 1 year ago • 30 comments

联系方式

[email protected]

1Panel 版本

1.5.0

问题描述

申请SSL证书时总是失败不管是 xxxx.com*.xxxx.comxxx.xxxx.com 都是失败的

重现步骤

一台新的服务器,直接运行安装脚本安装的1.5.0版本,然后web服务装一下,并且增加 DNSpod ,通过DNS账号直接去申请(同样的账户在宝塔中能申请)

期待的正确结果

成功的申请到ssl证书,不管是泛域名子域名还是顶级域名

相关日志输出

服务内部错误: error: one or more domains had a problem: [*.xxxx.com] time limit exceeded: last error: could not determine authoritative nameservers [vlssu.com] time limit exceeded: last error: could not determine authoritative nameservers

附加信息

3c76a4e287707fddc1732c3d5a1a0fd image

vlssu avatar Aug 14 '23 05:08 vlssu

网站是反向代理 然后用 HTTP 模式申请的证书吗

zhengkunwang223 avatar Aug 14 '23 05:08 zhengkunwang223

网站是反向代理 然后用 HTTP 模式申请的证书吗

忘记补充了,抱歉,是通过DNS账户申请的 image

vlssu avatar Aug 14 '23 06:08 vlssu

网站是反向代理 然后用 HTTP 模式申请的证书吗

忘记补充了,抱歉,是通过DNS账户申请的 image

现在的错误应该是申请失败次数过多被限制了 可以新建一个 acme 账号 然后申请一下 贴一下错误图

zhengkunwang223 avatar Aug 14 '23 06:08 zhengkunwang223

网站是反向代理 然后用 HTTP 模式申请的证书吗

忘记补充了,抱歉,是通过DNS账户申请的 image

现在的错误应该是申请失败次数过多被限制了 可以新建一个 acme 账号 然后申请一下 贴一下错误图

image

服务内部错误: error: one or more domains had a problem: [*.xxxx.com] time limit exceeded: last error: could not determine authoritative nameservers

我间隔2天都是如此。而且不管是搭建了好久的还是新搭建出来的都有这个问题

vlssu avatar Aug 14 '23 06:08 vlssu

同样的问题,我用的是CloudFlare账号,API令牌是全局令牌不存在权限问题,无论如何都请求失败,服务器在美国应该不会有网络问题,之前在v1.2申请也不成功,现在v1.5也不行

Muska-Ami avatar Aug 17 '23 14:08 Muska-Ami

我的cloudflare 也是這樣 image

WyattYung avatar Sep 04 '23 08:09 WyattYung

同样的问题,错误6003,请问怎么解决

97668589 avatar Sep 26 '23 01:09 97668589

我也是6003的问题

Azhc avatar Sep 27 '23 02:09 Azhc

同样的问题……

huangzhongzhang avatar Oct 27 '23 01:10 huangzhongzhang

我也是Cloudflare 6003的问题,跟进一下~

lainbo avatar Nov 28 '23 07:11 lainbo

我也是,阿里云,服务内部错误: error: one or more domains had a problem: [xxxx.com] [xxxx.com] acme: error presenting token: alicloud: zone net. not found in AliDNS for domain xxxx.com

JanYork avatar Dec 07 '23 14:12 JanYork

v1.9.0 版本已发布。

wanghe-fit2cloud avatar Dec 13 '23 08:12 wanghe-fit2cloud

这是日志,好像还是不可以?我用的腾讯的 image

2023/12/13 17:26:13 开始申请证书,域名 [xxx.com,*.xxx.com] 申请方式 [DNS 自动] DNS 账号 [1305300729] 厂商 [DnsPod]
2023/12/13 17:26:13 [INFO] [xxx.com, *.xxx.com] acme: Obtaining bundled SAN certificate
2023/12/13 17:26:14 [INFO] [*.xxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956686
2023/12/13 17:26:14 [INFO] [xxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956696
2023/12/13 17:26:14 [INFO] [*.xxx.com] acme: use dns-01 solver
2023/12/13 17:26:14 [INFO] [xxx.com] acme: Could not find solver for: tls-alpn-01
2023/12/13 17:26:14 [INFO] [xxx.com] acme: Could not find solver for: http-01
2023/12/13 17:26:14 [INFO] [xxx.com] acme: use dns-01 solver
2023/12/13 17:26:14 [INFO] [*.xxx.com] acme: Preparing to solve DNS-01
2023/12/13 17:26:14 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:14 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:15 [INFO] [xxx.com] acme: Preparing to solve DNS-01
2023/12/13 17:26:15 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:15 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:16 [INFO] [*.xxx.com] acme: Cleaning DNS-01 challenge
2023/12/13 17:26:16 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:16 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:16 [WARN] [*.xxx.com] acme: cleaning up failed: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2023/12/13 17:26:16 [INFO] [xxx.com] acme: Cleaning DNS-01 challenge
2023/12/13 17:26:16 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:16 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:17 [WARN] [xxx.com] acme: cleaning up failed: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2023/12/13 17:26:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956686
2023/12/13 17:26:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956696
2023/12/13 17:26:18 申请  [xxx.com] 证书失败, error: one or more domains had a problem:
[*.xxx.com] [*.xxx.com] acme: error presenting token: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.
[xxx.com] [xxx.com] acme: error presenting token: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.

vlssu avatar Dec 13 '23 09:12 vlssu

这是日志,好像还是不可以?我用的腾讯的 image

2023/12/13 17:26:13 开始申请证书,域名 [xxx.com,*.xxx.com] 申请方式 [DNS 自动] DNS 账号 [1305300729] 厂商 [DnsPod]
2023/12/13 17:26:13 [INFO] [xxx.com, *.xxx.com] acme: Obtaining bundled SAN certificate
2023/12/13 17:26:14 [INFO] [*.xxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956686
2023/12/13 17:26:14 [INFO] [xxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956696
2023/12/13 17:26:14 [INFO] [*.xxx.com] acme: use dns-01 solver
2023/12/13 17:26:14 [INFO] [xxx.com] acme: Could not find solver for: tls-alpn-01
2023/12/13 17:26:14 [INFO] [xxx.com] acme: Could not find solver for: http-01
2023/12/13 17:26:14 [INFO] [xxx.com] acme: use dns-01 solver
2023/12/13 17:26:14 [INFO] [*.xxx.com] acme: Preparing to solve DNS-01
2023/12/13 17:26:14 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:14 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:15 [INFO] [xxx.com] acme: Preparing to solve DNS-01
2023/12/13 17:26:15 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:15 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:16 [INFO] [*.xxx.com] acme: Cleaning DNS-01 challenge
2023/12/13 17:26:16 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:16 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:16 [WARN] [*.xxx.com] acme: cleaning up failed: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2023/12/13 17:26:16 [INFO] [xxx.com] acme: Cleaning DNS-01 challenge
2023/12/13 17:26:16 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:16 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:17 [WARN] [xxx.com] acme: cleaning up failed: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2023/12/13 17:26:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956686
2023/12/13 17:26:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956696
2023/12/13 17:26:18 申请  [xxx.com] 证书失败, error: one or more domains had a problem:
[*.xxx.com] [*.xxx.com] acme: error presenting token: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.
[xxx.com] [xxx.com] acme: error presenting token: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.

看一下你的 DNS 配置中是否有其他的 TXT 类型的参数 有的话删掉

zhengkunwang223 avatar Dec 13 '23 10:12 zhengkunwang223

这是日志,好像还是不可以?我用的腾讯的 image

2023/12/13 17:26:13 开始申请证书,域名 [xxx.com,*.xxx.com] 申请方式 [DNS 自动] DNS 账号 [1305300729] 厂商 [DnsPod]
2023/12/13 17:26:13 [INFO] [xxx.com, *.xxx.com] acme: Obtaining bundled SAN certificate
2023/12/13 17:26:14 [INFO] [*.xxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956686
2023/12/13 17:26:14 [INFO] [xxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956696
2023/12/13 17:26:14 [INFO] [*.xxx.com] acme: use dns-01 solver
2023/12/13 17:26:14 [INFO] [xxx.com] acme: Could not find solver for: tls-alpn-01
2023/12/13 17:26:14 [INFO] [xxx.com] acme: Could not find solver for: http-01
2023/12/13 17:26:14 [INFO] [xxx.com] acme: use dns-01 solver
2023/12/13 17:26:14 [INFO] [*.xxx.com] acme: Preparing to solve DNS-01
2023/12/13 17:26:14 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:14 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:15 [INFO] [xxx.com] acme: Preparing to solve DNS-01
2023/12/13 17:26:15 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:15 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:16 [INFO] [*.xxx.com] acme: Cleaning DNS-01 challenge
2023/12/13 17:26:16 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:16 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:16 [WARN] [*.xxx.com] acme: cleaning up failed: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2023/12/13 17:26:16 [INFO] [xxx.com] acme: Cleaning DNS-01 challenge
2023/12/13 17:26:16 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:16 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:17 [WARN] [xxx.com] acme: cleaning up failed: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2023/12/13 17:26:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956686
2023/12/13 17:26:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956696
2023/12/13 17:26:18 申请  [xxx.com] 证书失败, error: one or more domains had a problem:
[*.xxx.com] [*.xxx.com] acme: error presenting token: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.
[xxx.com] [xxx.com] acme: error presenting token: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.
  1. 看一下你的 DNS 配置中是否有其他的 TXT 类型的参数 有的话删掉
  2. 确认子域名已经配置到 DNS 中 例如 x.x.x.x.com 这个域名

zhengkunwang223 avatar Dec 13 '23 10:12 zhengkunwang223

这是日志,好像还是不可以?我用的腾讯的 image

2023/12/13 17:26:13 开始申请证书,域名 [xxx.com,*.xxx.com] 申请方式 [DNS 自动] DNS 账号 [1305300729] 厂商 [DnsPod]
2023/12/13 17:26:13 [INFO] [xxx.com, *.xxx.com] acme: Obtaining bundled SAN certificate
2023/12/13 17:26:14 [INFO] [*.xxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956686
2023/12/13 17:26:14 [INFO] [xxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956696
2023/12/13 17:26:14 [INFO] [*.xxx.com] acme: use dns-01 solver
2023/12/13 17:26:14 [INFO] [xxx.com] acme: Could not find solver for: tls-alpn-01
2023/12/13 17:26:14 [INFO] [xxx.com] acme: Could not find solver for: http-01
2023/12/13 17:26:14 [INFO] [xxx.com] acme: use dns-01 solver
2023/12/13 17:26:14 [INFO] [*.xxx.com] acme: Preparing to solve DNS-01
2023/12/13 17:26:14 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:14 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:15 [INFO] [xxx.com] acme: Preparing to solve DNS-01
2023/12/13 17:26:15 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:15 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:16 [INFO] [*.xxx.com] acme: Cleaning DNS-01 challenge
2023/12/13 17:26:16 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:16 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:16 [WARN] [*.xxx.com] acme: cleaning up failed: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2023/12/13 17:26:16 [INFO] [xxx.com] acme: Cleaning DNS-01 challenge
2023/12/13 17:26:16 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:16 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:17 [WARN] [xxx.com] acme: cleaning up failed: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2023/12/13 17:26:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956686
2023/12/13 17:26:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956696
2023/12/13 17:26:18 申请  [xxx.com] 证书失败, error: one or more domains had a problem:
[*.xxx.com] [*.xxx.com] acme: error presenting token: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.
[xxx.com] [xxx.com] acme: error presenting token: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.
  1. 看一下你的 DNS 配置中是否有其他的 TXT 类型的参数 有的话删掉
  2. 确认子域名已经配置到 DNS 中 例如 x.x.x.x.com 这个域名

我域名是有cname cdn的,并且xxx.com确实有txt,但那是企业邮箱必须要填的,不然容易当垃圾邮件,并且我这在宝塔上是完美实现的,如果如果每次续签都得删掉txt是不是有点。。。而且我发现一点,就是在看日志的时候发现你们重试验证dns时的间距特别短,像宝塔发现验证错误会等5秒再次尝试,一共3-5次(具体记不得了),但是你们就尝试3次并且中间间隔和没有一样,那这重试就没有任何意义

vlssu avatar Dec 13 '23 11:12 vlssu

这是日志,好像还是不可以?我用的腾讯的 image

2023/12/13 17:26:13 开始申请证书,域名 [xxx.com,*.xxx.com] 申请方式 [DNS 自动] DNS 账号 [1305300729] 厂商 [DnsPod]
2023/12/13 17:26:13 [INFO] [xxx.com, *.xxx.com] acme: Obtaining bundled SAN certificate
2023/12/13 17:26:14 [INFO] [*.xxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956686
2023/12/13 17:26:14 [INFO] [xxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956696
2023/12/13 17:26:14 [INFO] [*.xxx.com] acme: use dns-01 solver
2023/12/13 17:26:14 [INFO] [xxx.com] acme: Could not find solver for: tls-alpn-01
2023/12/13 17:26:14 [INFO] [xxx.com] acme: Could not find solver for: http-01
2023/12/13 17:26:14 [INFO] [xxx.com] acme: use dns-01 solver
2023/12/13 17:26:14 [INFO] [*.xxx.com] acme: Preparing to solve DNS-01
2023/12/13 17:26:14 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:14 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:15 [INFO] [xxx.com] acme: Preparing to solve DNS-01
2023/12/13 17:26:15 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:15 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:16 [INFO] [*.xxx.com] acme: Cleaning DNS-01 challenge
2023/12/13 17:26:16 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:16 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:16 [WARN] [*.xxx.com] acme: cleaning up failed: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2023/12/13 17:26:16 [INFO] [xxx.com] acme: Cleaning DNS-01 challenge
2023/12/13 17:26:16 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:16 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:17 [WARN] [xxx.com] acme: cleaning up failed: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2023/12/13 17:26:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956686
2023/12/13 17:26:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956696
2023/12/13 17:26:18 申请  [xxx.com] 证书失败, error: one or more domains had a problem:
[*.xxx.com] [*.xxx.com] acme: error presenting token: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.
[xxx.com] [xxx.com] acme: error presenting token: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.
  1. 看一下你的 DNS 配置中是否有其他的 TXT 类型的参数 有的话删掉
  2. 确认子域名已经配置到 DNS 中 例如 x.x.x.x.com 这个域名

我域名是有cname cdn的,并且xxx.com确实有txt,但那是企业邮箱必须要填的,不然容易当垃圾邮件,并且我这在宝塔上是完美实现的,如果如果每次续签都得删掉txt是不是有点。。。而且我发现一点,就是在看日志的时候发现你们重试验证dns时的间距特别短,像宝塔发现验证错误会等5秒再次尝试,一共3-5次(具体记不得了),但是你们就尝试3次并且中间间隔和没有一样,那这重试就没有任何意义

我们用了一个第三方的 SDK https://github.com/go-acme/lego ,可能是这个不支持,也可能有我们没发现的配置,我们看一下吧

zhengkunwang223 avatar Dec 13 '23 13:12 zhengkunwang223

这是日志,好像还是不可以?我用的腾讯的 image

2023/12/13 17:26:13 开始申请证书,域名 [xxx.com,*.xxx.com] 申请方式 [DNS 自动] DNS 账号 [1305300729] 厂商 [DnsPod]
2023/12/13 17:26:13 [INFO] [xxx.com, *.xxx.com] acme: Obtaining bundled SAN certificate
2023/12/13 17:26:14 [INFO] [*.xxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956686
2023/12/13 17:26:14 [INFO] [xxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956696
2023/12/13 17:26:14 [INFO] [*.xxx.com] acme: use dns-01 solver
2023/12/13 17:26:14 [INFO] [xxx.com] acme: Could not find solver for: tls-alpn-01
2023/12/13 17:26:14 [INFO] [xxx.com] acme: Could not find solver for: http-01
2023/12/13 17:26:14 [INFO] [xxx.com] acme: use dns-01 solver
2023/12/13 17:26:14 [INFO] [*.xxx.com] acme: Preparing to solve DNS-01
2023/12/13 17:26:14 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:14 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:15 [INFO] [xxx.com] acme: Preparing to solve DNS-01
2023/12/13 17:26:15 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:15 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:16 [INFO] [*.xxx.com] acme: Cleaning DNS-01 challenge
2023/12/13 17:26:16 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:16 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:16 [WARN] [*.xxx.com] acme: cleaning up failed: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2023/12/13 17:26:16 [INFO] [xxx.com] acme: Cleaning DNS-01 challenge
2023/12/13 17:26:16 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:16 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:17 [WARN] [xxx.com] acme: cleaning up failed: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2023/12/13 17:26:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956686
2023/12/13 17:26:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956696
2023/12/13 17:26:18 申请  [xxx.com] 证书失败, error: one or more domains had a problem:
[*.xxx.com] [*.xxx.com] acme: error presenting token: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.
[xxx.com] [xxx.com] acme: error presenting token: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.
  1. 看一下你的 DNS 配置中是否有其他的 TXT 类型的参数 有的话删掉
  2. 确认子域名已经配置到 DNS 中 例如 x.x.x.x.com 这个域名

我域名是有cname cdn的,并且xxx.com确实有txt,但那是企业邮箱必须要填的,不然容易当垃圾邮件,并且我这在宝塔上是完美实现的,如果如果每次续签都得删掉txt是不是有点。。。而且我发现一点,就是在看日志的时候发现你们重试验证dns时的间距特别短,像宝塔发现验证错误会等5秒再次尝试,一共3-5次(具体记不得了),但是你们就尝试3次并且中间间隔和没有一样,那这重试就没有任何意义

我们用了一个第三方的 SDK https://github.com/go-acme/lego ,可能是这个不支持,也可能有我们没发现的配置,我们看一下吧

我觉得将验证失败后自动重新尝试部分重新改下, 在第一次尝试验证时发现失败,则等待5秒后再次尝试,如果二次还是错误则第三次,总次数可以为3次也可以5次,或者重新尝试的次数由用户决定。至少在尝试失败后等待5秒及以上在进行下一步操作。不做等待这挺不合理的

vlssu avatar Dec 14 '23 10:12 vlssu

这是日志,好像还是不可以?我用的腾讯的 image

2023/12/13 17:26:13 开始申请证书,域名 [xxx.com,*.xxx.com] 申请方式 [DNS 自动] DNS 账号 [1305300729] 厂商 [DnsPod]
2023/12/13 17:26:13 [INFO] [xxx.com, *.xxx.com] acme: Obtaining bundled SAN certificate
2023/12/13 17:26:14 [INFO] [*.xxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956686
2023/12/13 17:26:14 [INFO] [xxx.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956696
2023/12/13 17:26:14 [INFO] [*.xxx.com] acme: use dns-01 solver
2023/12/13 17:26:14 [INFO] [xxx.com] acme: Could not find solver for: tls-alpn-01
2023/12/13 17:26:14 [INFO] [xxx.com] acme: Could not find solver for: http-01
2023/12/13 17:26:14 [INFO] [xxx.com] acme: use dns-01 solver
2023/12/13 17:26:14 [INFO] [*.xxx.com] acme: Preparing to solve DNS-01
2023/12/13 17:26:14 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:14 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:15 [INFO] [xxx.com] acme: Preparing to solve DNS-01
2023/12/13 17:26:15 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:15 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:16 [INFO] [*.xxx.com] acme: Cleaning DNS-01 challenge
2023/12/13 17:26:16 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:16 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:16 [WARN] [*.xxx.com] acme: cleaning up failed: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2023/12/13 17:26:16 [INFO] [xxx.com] acme: Cleaning DNS-01 challenge
2023/12/13 17:26:16 [INFO] Found CNAME entry for "_acme-challenge.xxx.com.": "xxxx5hj.xxx.com.cdn.dnsv1.com.cn."
2023/12/13 17:26:16 [INFO] Found CNAME entry for "xxxx5hj.xxx.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2023/12/13 17:26:17 [WARN] [xxx.com] acme: cleaning up failed: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2023/12/13 17:26:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956686
2023/12/13 17:26:17 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/293204956696
2023/12/13 17:26:18 申请  [xxx.com] 证书失败, error: one or more domains had a problem:
[*.xxx.com] [*.xxx.com] acme: error presenting token: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.
[xxx.com] [xxx.com] acme: error presenting token: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.
  1. 看一下你的 DNS 配置中是否有其他的 TXT 类型的参数 有的话删掉
  2. 确认子域名已经配置到 DNS 中 例如 x.x.x.x.com 这个域名

我域名是有cname cdn的,并且xxx.com确实有txt,但那是企业邮箱必须要填的,不然容易当垃圾邮件,并且我这在宝塔上是完美实现的,如果如果每次续签都得删掉txt是不是有点。。。而且我发现一点,就是在看日志的时候发现你们重试验证dns时的间距特别短,像宝塔发现验证错误会等5秒再次尝试,一共3-5次(具体记不得了),但是你们就尝试3次并且中间间隔和没有一样,那这重试就没有任何意义

我们用了一个第三方的 SDK https://github.com/go-acme/lego ,可能是这个不支持,也可能有我们没发现的配置,我们看一下吧

我觉得将验证失败后自动重新尝试部分重新改下, 在第一次尝试验证时发现失败,则等待5秒后再次尝试,如果二次还是错误则第三次,总次数可以为3次也可以5次,或者重新尝试的次数由用户决定。至少在尝试失败后等待5秒及以上在进行下一步操作。不做等待这挺不合理的

重试操作是 SDK 自己实现的,我们无法更改 我们增加的配置是 获取 DNS 解析超时时间为 1小时 每次重试间隔时间 5秒,你这个错误,我们还得定位一下

zhengkunwang223 avatar Dec 14 '23 10:12 zhengkunwang223

确实可能需要再次确认一下,我出现了使用相同DNS账户,在相同的颁发组织申请,香港机器上申请过程极其慢(30分钟起),但是日本机器上就非常快(10秒左右)的情况

lainbo avatar Dec 14 '23 12:12 lainbo

确实可能需要再次确认一下,我出现了使用相同DNS账户,在相同的颁发组织申请,香港机器上申请过程极其慢(30分钟起),但是日本机器上就非常快(10秒左右)的情况

这个可能跟你的机器的位置有关 可能 DNS 生效的区域和时间不同 本质上是 不断的去请求 DNS 厂商 查看 DNS 是否生效

zhengkunwang223 avatar Dec 14 '23 13:12 zhengkunwang223

我发现了一个方法可以解决这个问题,我原来用的是Global API Token,当我创建一个区域DNS令牌,然后填入这个令牌就可以申请成功了。 image

LReion avatar Dec 15 '23 14:12 LReion

我突然发现,我使用dns账号的验证方式,用的dnspod,但是域名的操作日志上并没有新增删减。 然后我的域名解析上是有泛解析的 *.xxx.com,他每次验证的时候都在前面加了 _acme-challenge,但因为没有新增记录继续验证_acme-challenge.xxx.com,自然就解析到了泛域名上的dns内容,就导致日志看起来怪怪的。 归根结底就是没有新增dns记录导致的这个问题

vlssu avatar Dec 21 '23 02:12 vlssu

我突然发现,我使用dns账号的验证方式,用的dnspod,但是域名的操作日志上并没有新增删减。 然后我的域名解析上是有泛解析的 *.xxx.com,他每次验证的时候都在前面加了 _acme-challenge,但因为没有新增记录继续验证_acme-challenge.xxx.com,自然就解析到了泛域名上的dns内容,就导致日志看起来怪怪的。 归根结底就是没有新增dns记录导致的这个问题

我用了国内的 DNSPOD 申请了单域名 二级域名 泛域名 都没有问题 日志里都有添加 删除 TXT 的记录,你的 DNS 中是不是已经有 TXT 记录

zhengkunwang223 avatar Dec 21 '23 03:12 zhengkunwang223

我突然发现,我使用dns账号的验证方式,用的dnspod,但是域名的操作日志上并没有新增删减。 然后我的域名解析上是有泛解析的 *.xxx.com,他每次验证的时候都在前面加了 _acme-challenge,但因为没有新增记录继续验证_acme-challenge.xxx.com,自然就解析到了泛域名上的dns内容,就导致日志看起来怪怪的。 归根结底就是没有新增dns记录导致的这个问题

我用了国内的 DNSPOD 申请了单域名 二级域名 泛域名 都没有问题 日志里都有添加 删除 TXT 的记录,你的 DNS 中是不是已经有 TXT 记录

就这一条记录,而且是企业邮箱需要加的一项 image

vlssu avatar Dec 21 '23 06:12 vlssu

我突然发现,我使用dns账号的验证方式,用的dnspod,但是域名的操作日志上并没有新增删减。 然后我的域名解析上是有泛解析的 *.xxx.com,他每次验证的时候都在前面加了 _acme-challenge,但因为没有新增记录继续验证_acme-challenge.xxx.com,自然就解析到了泛域名上的dns内容,就导致日志看起来怪怪的。 归根结底就是没有新增dns记录导致的这个问题

我用了国内的 DNSPOD 申请了单域名 二级域名 泛域名 都没有问题 日志里都有添加 删除 TXT 的记录,你的 DNS 中是不是已经有 TXT 记录

就这一条记录,而且是企业邮箱需要加的一项 image

我试了一下 有 TXT 记录也没问题 所以这个问题可能还得再观察观察

zhengkunwang223 avatar Dec 21 '23 10:12 zhengkunwang223

@zhengkunwang223 https://go-acme.github.io/lego/dns/dnspod/ 我发现他的文档中说,弃用了dnspod 所以你可能得改成 tencentcloud

vlssu avatar Jan 16 '24 15:01 vlssu 

2024/02/25 15:30:25 开始申请证书,域名 [*.XXXX.com] 申请方式 [DNS 自动] DNS 账号 [1panel] 厂商 [TencentCloud]
2024/02/25 15:30:25 [INFO] [*.XXXX.com] acme: Obtaining bundled SAN certificate
2024/02/25 15:30:26 [INFO] [*.XXXX.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/XXXXXXXXXX
2024/02/25 15:30:26 [INFO] [*.XXXX.com] acme: use dns-01 solver
2024/02/25 15:30:26 [INFO] [*.XXXX.com] acme: Preparing to solve DNS-01
2024/02/25 15:30:26 [INFO] Found CNAME entry for "_acme-challenge.XXXX.com.": "ab3a845b.XXXX.com.cdn.dnsv1.com.cn."
2024/02/25 15:30:26 [INFO] Found CNAME entry for "ab3a845b.XXXX.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2024/02/25 15:30:27 [INFO] [*.XXXX.com] acme: Cleaning DNS-01 challenge
2024/02/25 15:30:27 [INFO] Found CNAME entry for "_acme-challenge.XXXX.com.": "ab3a845b.XXXX.com.cdn.dnsv1.com.cn."
2024/02/25 15:30:27 [INFO] Found CNAME entry for "ab3a845b.XXXX.com.cdn.dnsv1.com.cn.": "ciwc7cuz.slt.sched.tdnsv8.com."
2024/02/25 15:30:27 [WARN] [*.XXXX.com] acme: cleaning up failed: tencentcloud: failed to get hosted zone: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com. 
2024/02/25 15:30:28 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/XXXXXXXXXX
2024/02/25 15:30:28 申请  [*.XXXX.com] 证书失败, error: one or more domains had a problem:
[*.XXXX.com] [*.XXXX.com] acme: error presenting token: tencentcloud: failed to get hosted zone: zone tdnsv8.com. not found in dnspod for domain ciwc7cuz.slt.sched.tdnsv8.com.

这回使用了腾讯云依旧如此

并且我看了操作日志,只读取了域名列表,其他的操作一概没有 image

vlssu avatar Feb 25 '24 07:02 vlssu

我腾讯云也碰到了申请SSL失败的问题

2024/04/26 10:27:49 开始申请证书,域名 [xxxxxx.cn] 申请方式 [DNS 自动] DNS 账号 [腾讯云] 厂商 [TencentCloud]
2024/04/26 10:27:49 [INFO] [xxxxxx.cn] acme: Obtaining bundled SAN certificate
2024/04/26 10:27:49 [INFO] [xxxxxx.cn] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/343105284747
2024/04/26 10:27:49 [INFO] [xxxxxx.cn] acme: Could not find solver for: tls-alpn-01
2024/04/26 10:27:49 [INFO] [xxxxxx.cn] acme: Could not find solver for: http-01
2024/04/26 10:27:49 [INFO] [xxxxxx.cn] acme: use dns-01 solver
2024/04/26 10:27:49 [INFO] [xxxxxx.cn] acme: Preparing to solve DNS-01
2024/04/26 10:28:42 [INFO] [xxxxxx.cn] acme: Waiting for DNS record propagation.
2024/04/26 10:30:57 [INFO] [xxxxxx.cn] acme: Checking DNS record propagation using [114.114.114.114:53 8.8.8.8:53]
2024/04/26 10:31:27 [INFO] Wait for propagation [timeout: 30m0s, interval: 30s]
2024/04/26 10:31:27 [INFO] retry due to: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/chall-v3/343105284747/xVpyTQ :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: "O0afatDIgijJoAvvyaQTjBemxZXfAF_P4XwSO9ljJ-xZd9NGHMc"
2024/04/26 10:32:13 [INFO] [xxxxxx.cn] acme: Cleaning DNS-01 challenge
2024/04/26 10:32:15 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/343096160457
2024/04/26 10:32:15 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/343105284747
2024/04/26 10:32:16 申请  [xxxxxx.cn] 证书失败, error: one or more domains had a problem:
[xxxxxx.cn] acme: error: 400 :: urn:ietf:params:acme:error:dns :: During secondary validation: DNS problem: query timed out looking up TXT for _acme-challenge.xxxxxx.cn
 
2024/04/26 10:37:51 [INFO] [xxxxxx.cn] acme: Trying to solve DNS-01
2024/04/26 10:37:51 [INFO] [xxxxxx.cn] acme: Checking DNS record propagation using [114.114.114.114:53 8.8.8.8:53]
2024/04/26 10:38:21 [INFO] Wait for propagation [timeout: 30m0s, interval: 30s]
2024/04/26 10:38:22 [INFO] [xxxxxx.cn] acme: Cleaning DNS-01 challenge
2024/04/26 10:38:24 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/343105284747
2024/04/26 10:38:24 申请  [xxxxxx.cn] 证书失败, error: one or more domains had a problem:
[xxxxxx.cn] failed to initiate challenge: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/chall-v3/343105284747/xVpyTQ :: urn:ietf:params:acme:error:malformed :: Unable to update challenge :: authorization must be pending

在腾讯云控制台日志发现有新增txt记录和删除操作 image

basilbai avatar Apr 26 '24 02:04 basilbai

我腾讯云也碰到了申请SSL失败的问题

2024/04/26 10:27:49 开始申请证书,域名 [xxxxxx.cn] 申请方式 [DNS 自动] DNS 账号 [腾讯云] 厂商 [TencentCloud]
2024/04/26 10:27:49 [INFO] [xxxxxx.cn] acme: Obtaining bundled SAN certificate
2024/04/26 10:27:49 [INFO] [xxxxxx.cn] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/343105284747
2024/04/26 10:27:49 [INFO] [xxxxxx.cn] acme: Could not find solver for: tls-alpn-01
2024/04/26 10:27:49 [INFO] [xxxxxx.cn] acme: Could not find solver for: http-01
2024/04/26 10:27:49 [INFO] [xxxxxx.cn] acme: use dns-01 solver
2024/04/26 10:27:49 [INFO] [xxxxxx.cn] acme: Preparing to solve DNS-01
2024/04/26 10:28:42 [INFO] [xxxxxx.cn] acme: Waiting for DNS record propagation.
2024/04/26 10:30:57 [INFO] [xxxxxx.cn] acme: Checking DNS record propagation using [114.114.114.114:53 8.8.8.8:53]
2024/04/26 10:31:27 [INFO] Wait for propagation [timeout: 30m0s, interval: 30s]
2024/04/26 10:31:27 [INFO] retry due to: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/chall-v3/343105284747/xVpyTQ :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: "O0afatDIgijJoAvvyaQTjBemxZXfAF_P4XwSO9ljJ-xZd9NGHMc"
2024/04/26 10:32:13 [INFO] [xxxxxx.cn] acme: Cleaning DNS-01 challenge
2024/04/26 10:32:15 [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/343096160457
2024/04/26 10:32:15 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/343105284747
2024/04/26 10:32:16 申请  [xxxxxx.cn] 证书失败, error: one or more domains had a problem:
[xxxxxx.cn] acme: error: 400 :: urn:ietf:params:acme:error:dns :: During secondary validation: DNS problem: query timed out looking up TXT for _acme-challenge.xxxxxx.cn
 
2024/04/26 10:37:51 [INFO] [xxxxxx.cn] acme: Trying to solve DNS-01
2024/04/26 10:37:51 [INFO] [xxxxxx.cn] acme: Checking DNS record propagation using [114.114.114.114:53 8.8.8.8:53]
2024/04/26 10:38:21 [INFO] Wait for propagation [timeout: 30m0s, interval: 30s]
2024/04/26 10:38:22 [INFO] [xxxxxx.cn] acme: Cleaning DNS-01 challenge
2024/04/26 10:38:24 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/343105284747
2024/04/26 10:38:24 申请  [xxxxxx.cn] 证书失败, error: one or more domains had a problem:
[xxxxxx.cn] failed to initiate challenge: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/chall-v3/343105284747/xVpyTQ :: urn:ietf:params:acme:error:malformed :: Unable to update challenge :: authorization must be pending

在腾讯云控制台日志发现有新增txt记录和删除操作 image

我也是经常遇到,但是错误五花八门

  • 有时候是你这种里的错误
  • 有时候就是成功里夹杂着错误
2024/04/28 20:39:34 开始申请证书,域名 [xxx.cn,*.xxx.cn] 申请方式 [DNS 自动] DNS 账号 [腾讯云] 厂商 [TencentCloud]
2024/04/28 20:39:34 [INFO] [xxx.cn, *.xxx.cn] acme: Obtaining bundled SAN certificate
2024/04/28 20:39:34 [INFO] retry due to: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: "GDpsvN1zBi6mXrqyWCqalD_LSYyKkvWCK8Vynotps5XQDoKRsxY"
2024/04/28 20:39:36 [INFO] [*.xxx.cn] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/uid
2024/04/28 20:39:36 [INFO] [xxx.cn] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/uid
2024/04/28 20:39:36 [INFO] [*.xxx.cn] acme: use dns-01 solver
2024/04/28 20:39:36 [INFO] [xxx.cn] acme: Could not find solver for: tls-alpn-01
2024/04/28 20:39:36 [INFO] [xxx.cn] acme: Could not find solver for: http-01
2024/04/28 20:39:36 [INFO] [xxx.cn] acme: use dns-01 solver
2024/04/28 20:39:36 [INFO] [*.xxx.cn] acme: Preparing to solve DNS-01
2024/04/28 20:39:36 [INFO] [xxx.cn] acme: Preparing to solve DNS-01
2024/04/28 20:39:37 [INFO] [*.xxx.cn] acme: Trying to solve DNS-01
2024/04/28 20:39:37 [INFO] [*.xxx.cn] acme: Checking DNS record propagation using [192.168.1.10:53 192.168.1.20:53]
2024/04/28 20:40:07 [INFO] Wait for propagation [timeout: 30m0s, interval: 30s]
2024/04/28 20:40:13 [INFO] [*.xxx.cn] The server validated our request
2024/04/28 20:40:13 [INFO] [xxx.cn] acme: Trying to solve DNS-01
2024/04/28 20:40:13 [INFO] [xxx.cn] acme: Checking DNS record propagation using [192.168.1.10:53 192.168.1.20:53]
2024/04/28 20:40:43 [INFO] Wait for propagation [timeout: 30m0s, interval: 30s]
2024/04/28 20:40:51 [INFO] [xxx.cn] The server validated our request
2024/04/28 20:40:51 [INFO] [*.xxx.cn] acme: Cleaning DNS-01 challenge
2024/04/28 20:40:53 [INFO] [xxx.cn] acme: Cleaning DNS-01 challenge
2024/04/28 20:40:54 [INFO] [xxx.cn, *.xxx.cn] acme: Validations succeeded; requesting certificates
2024/04/28 20:40:55 [INFO] [xxx.cn] Server responded with a certificate.
2024/04/28 20:40:55 申请 [xxx.cn,*.xxx.cn] 证书成功!!

敏感信息做了处理

  • 有时候申请成功了还是失败 ~~(可能是我不小心多点了几下确认)~~

~~申请证书跟抽奖一样的,绷不住了~~

ChishFoxcat avatar Apr 28 '24 12:04 ChishFoxcat