1Panel
1Panel copied to clipboard
Published
20 hours ago •
1Panel-dev
1Panel-dev
[BUG] openresty 因为 SSL 证书崩溃
联系方式
1Panel 版本
v1.10.7-lts
问题描述
目前我的 SSL 证书有在腾讯云申请的,也有直接在 1panle 上面自动申请的。
最近只要机器一重启,能进入 1panel 的页面,但是只要过几秒, 1panle 就无法访问了
目前这是我的 SSL 证书的申请页面
这个是 OpenResty 的日志
2024/05/14 09:22:27 [notice] 1#1: [lua] config.lua:71: ini_waf_info(): Load 1Panel WAF Version:1.0.0
2024/05/14 09:22:27 [notice] 1#1: using the "epoll" event method
2024/05/14 09:22:27 [notice] 1#1: openresty/1.21.4.3
2024/05/14 09:22:27 [notice] 1#1: built by gcc 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
2024/05/14 09:22:27 [notice] 1#1: OS: Linux 5.15.0-71-generic
2024/05/14 09:22:27 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2024/05/14 09:22:27 [notice] 1#1: start worker processes
2024/05/14 09:22:27 [notice] 1#1: start worker process 7
2024/05/14 09:22:27 [notice] 1#1: start worker process 8
2024/05/14 09:22:27 [notice] 1#1: start cache manager process 9
2024/05/14 09:22:27 [notice] 1#1: start cache loader process 10
2024/05/14 09:22:27 [warn] 8#8: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/www/sites/bit.booleandev.xyz/ssl/fullchain.pem"
2024/05/14 09:23:27 [notice] 10#10: http file cache: /www/common/proxy/proxy_cache_dir 6.414M, bsize: 4096
2024/05/14 09:23:27 [notice] 1#1: signal 17 (SIGCHLD) received from 10
2024/05/14 09:23:27 [notice] 1#1: cache loader process 10 exited with code 0
2024/05/14 09:23:27 [notice] 1#1: signal 29 (SIGIO) received
2024/05/14 09:25:27 [warn] 8#8: no resolver defined to resolve ocsp.trust-provider.cn while requesting certificate status, responder: ocsp.trust-provider.cn, certificate: "/www/sites/1panel.booleandev.xyz/ssl/fullchain.pem"
2024/05/14 09:25:30 [error] 8#8: *233 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 113.215.189.198, server: 0.0.0.0:443
2024/05/14 09:25:34 [warn] 7#7: no resolver defined to resolve ocsp.trust-provider.cn while requesting certificate status, responder: ocsp.trust-provider.cn, certificate: "/www/sites/1panel.booleandev.xyz/ssl/fullchain.pem"
2024/05/14 09:27:02 [error] 8#8: *444 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 113.215.189.212, server: 0.0.0.0:443
2024/05/14 09:30:03 [crit] 8#8: *639 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 68.183.76.246, server: 0.0.0.0:443
但有一点很奇怪,我这边啥也没做,我直接用 IP 进行访问,它过一会又自动恢复了
重现步骤
自己申请的 SSL 证书和 1panle 申请的证书,同事存在,且重启服务器,我猜是这样
期待的正确结果
No response
相关日志输出
2024/05/14 09:22:27 [notice] 1#1: [lua] config.lua:71: ini_waf_info(): Load 1Panel WAF Version:1.0.0
2024/05/14 09:22:27 [notice] 1#1: using the "epoll" event method
2024/05/14 09:22:27 [notice] 1#1: openresty/1.21.4.3
2024/05/14 09:22:27 [notice] 1#1: built by gcc 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2)
2024/05/14 09:22:27 [notice] 1#1: OS: Linux 5.15.0-71-generic
2024/05/14 09:22:27 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2024/05/14 09:22:27 [notice] 1#1: start worker processes
2024/05/14 09:22:27 [notice] 1#1: start worker process 7
2024/05/14 09:22:27 [notice] 1#1: start worker process 8
2024/05/14 09:22:27 [notice] 1#1: start cache manager process 9
2024/05/14 09:22:27 [notice] 1#1: start cache loader process 10
2024/05/14 09:22:27 [warn] 8#8: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/www/sites/bit.booleandev.xyz/ssl/fullchain.pem"
2024/05/14 09:23:27 [notice] 10#10: http file cache: /www/common/proxy/proxy_cache_dir 6.414M, bsize: 4096
2024/05/14 09:23:27 [notice] 1#1: signal 17 (SIGCHLD) received from 10
2024/05/14 09:23:27 [notice] 1#1: cache loader process 10 exited with code 0
2024/05/14 09:23:27 [notice] 1#1: signal 29 (SIGIO) received
2024/05/14 09:25:27 [warn] 8#8: no resolver defined to resolve ocsp.trust-provider.cn while requesting certificate status, responder: ocsp.trust-provider.cn, certificate: "/www/sites/1panel.booleandev.xyz/ssl/fullchain.pem"
2024/05/14 09:25:30 [error] 8#8: *233 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 113.215.189.198, server: 0.0.0.0:443
2024/05/14 09:25:34 [warn] 7#7: no resolver defined to resolve ocsp.trust-provider.cn while requesting certificate status, responder: ocsp.trust-provider.cn, certificate: "/www/sites/1panel.booleandev.xyz/ssl/fullchain.pem"
2024/05/14 09:27:02 [error] 8#8: *444 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 113.215.189.212, server: 0.0.0.0:443
2024/05/14 09:30:03 [crit] 8#8: *639 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 68.183.76.246, server: 0.0.0.0:443
附加信息
No response
