acme.sh 无法自动续期

Steps to reproduce

对不起，我直接重新生成证书了，没法获取debug2

[Sat May 26 16:00:27 CST 2018] _main_domain='这里是域名' [Sat May 26 16:00:27 CST 2018] _alt_domains='no' [Sat May 26 16:00:27 CST 2018] Using config home:/usr/local/acme.sh [Sat May 26 16:00:27 CST 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory' [Sat May 26 16:00:27 CST 2018] DOMAIN_PATH='/usr/local/nginx/conf/ssl/这里是域名' [Sat May 26 16:00:27 CST 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory [Sat May 26 16:00:27 CST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory [Sat May 26 16:00:27 CST 2018] GET [Sat May 26 16:00:27 CST 2018] url='https://acme-v01.api.letsencrypt.org/directory' [Sat May 26 16:00:27 CST 2018] timeout= [Sat May 26 16:00:27 CST 2018] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header -g ' [Sat May 26 16:00:27 CST 2018] ret='0' [Sat May 26 16:00:27 CST 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change' [Sat May 26 16:00:27 CST 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Sat May 26 16:00:27 CST 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert' [Sat May 26 16:00:27 CST 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg' [Sat May 26 16:00:27 CST 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert' [Sat May 26 16:00:27 CST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf' [Sat May 26 16:00:27 CST 2018] ACME_NEW_NONCE [Sat May 26 16:00:27 CST 2018] ACME_VERSION [Sat May 26 16:00:27 CST 2018] Le_NextRenewTime [Sat May 26 16:00:27 CST 2018] _on_before_issue [Sat May 26 16:00:27 CST 2018] _chk_main_domain='这里是域名' [Sat May 26 16:00:27 CST 2018] _chk_alt_domains [Sat May 26 16:00:27 CST 2018] Le_LocalAddress [Sat May 26 16:00:27 CST 2018] d='这里是域名' [Sat May 26 16:00:27 CST 2018] Check for domain='这里是域名' [Sat May 26 16:00:27 CST 2018] _currentRoot='/home/wwwroot/这里是域名/ss-panel/public' [Sat May 26 16:00:27 CST 2018] d [Sat May 26 16:00:27 CST 2018] _saved_account_key_hash is not changed, skip register account. [Sat May 26 16:00:27 CST 2018] Read key length: [Sat May 26 16:00:27 CST 2018] _createcsr [Sat May 26 16:00:27 CST 2018] Single domain='这里是域名' [Sat May 26 16:00:27 CST 2018] Getting domain auth token for each domain [Sat May 26 16:00:27 CST 2018] d='这里是域名' [Sat May 26 16:00:27 CST 2018] Getting webroot for domain='这里是域名' [Sat May 26 16:00:27 CST 2018] _w='/home/wwwroot/这里是域名/ss-panel/public' [Sat May 26 16:00:27 CST 2018] _currentRoot='/home/wwwroot/这里是域名/ss-panel/public' [Sat May 26 16:00:27 CST 2018] Getting new-authz for domain='这里是域名' [Sat May 26 16:00:27 CST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory [Sat May 26 16:00:27 CST 2018] Try new-authz for the 0 time. [Sat May 26 16:00:27 CST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Sat May 26 16:00:27 CST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "这里是域名"}}' [Sat May 26 16:00:27 CST 2018] RSA key [Sat May 26 16:00:28 CST 2018] GET [Sat May 26 16:00:28 CST 2018] url='https://acme-v01.api.letsencrypt.org/directory' [Sat May 26 16:00:28 CST 2018] timeout= [Sat May 26 16:00:28 CST 2018] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header -g ' [Sat May 26 16:00:28 CST 2018] ret='0' [Sat May 26 16:00:28 CST 2018] POST [Sat May 26 16:00:28 CST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz' [Sat May 26 16:00:28 CST 2018] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header -g ' [Sat May 26 16:00:29 CST 2018] _ret='0' [Sat May 26 16:00:29 CST 2018] code='201' [Sat May 26 16:00:29 CST 2018] The new-authz request is ok. [Sat May 26 16:00:29 CST 2018] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ytiQssuGozd0Hg6WN_HeX0WvThUBEr4tbI-ivWctmvg/4817182877","token":"zi2CjLkte9wpe-yRAPzaDEw9u3RZn8zTEvs-kBLc3kI"' [Sat May 26 16:00:29 CST 2018] token='zi2CjLkte9wpe-yRAPzaDEw9u3RZn8zTEvs-kBLc3kI' [Sat May 26 16:00:29 CST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/ytiQssuGozd0Hg6WN_HeX0WvThUBEr4tbI-ivWctmvg/4817182877' [Sat May 26 16:00:29 CST 2018] keyauthorization='zi2CjLkte9wpe-yRAPzaDEw9u3RZn8zTEvs-kBLc3kI.EXUnGP-YcnhIvSm_W1CUtcGrsOgXXQfhcGp4V8XW5io' [Sat May 26 16:00:29 CST 2018] dvlist='这里是域名#zi2CjLkte9wpe-yRAPzaDEw9u3RZn8zTEvs-kBLc3kI.EXUnGP-YcnhIvSm_W1CUtcGrsOgXXQfhcGp4V8XW5io#https://acme-v01.api.letsencrypt.org/acme/challenge/ytiQssuGozd0Hg6WN_HeX0WvThUBEr4tbI-ivWctmvg/4817182877#http-01#/home/wwwroot/这里是域名/ss-panel/public' [Sat May 26 16:00:29 CST 2018] d [Sat May 26 16:00:29 CST 2018] vlist='这里是域名#zi2CjLkte9wpe-yRAPzaDEw9u3RZn8zTEvs-kBLc3kI.EXUnGP-YcnhIvSm_W1CUtcGrsOgXXQfhcGp4V8XW5io#https://acme-v01.api.letsencrypt.org/acme/challenge/ytiQssuGozd0Hg6WN_HeX0WvThUBEr4tbI-ivWctmvg/4817182877#http-01#/home/wwwroot/这里是域名/ss-panel/public,' [Sat May 26 16:00:29 CST 2018] d='这里是域名' [Sat May 26 16:00:29 CST 2018] ok, let's start to verify [Sat May 26 16:00:29 CST 2018] Verifying:这里是域名 [Sat May 26 16:00:29 CST 2018] d='这里是域名' [Sat May 26 16:00:29 CST 2018] keyauthorization='zi2CjLkte9wpe-yRAPzaDEw9u3RZn8zTEvs-kBLc3kI.EXUnGP-YcnhIvSm_W1CUtcGrsOgXXQfhcGp4V8XW5io' [Sat May 26 16:00:29 CST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/ytiQssuGozd0Hg6WN_HeX0WvThUBEr4tbI-ivWctmvg/4817182877' [Sat May 26 16:00:29 CST 2018] _currentRoot='/home/wwwroot/这里是域名/ss-panel/public' [Sat May 26 16:00:29 CST 2018] wellknown_path='/home/wwwroot/这里是域名/ss-panel/public/.well-known/acme-challenge' [Sat May 26 16:00:29 CST 2018] writing token:zi2CjLkte9wpe-yRAPzaDEw9u3RZn8zTEvs-kBLc3kI to /home/wwwroot/这里是域名/ss-panel/public/.well-known/acme-challenge/zi2CjLkte9wpe-yRAPzaDEw9u3RZn8zTEvs-kBLc3kI [Sat May 26 16:00:29 CST 2018] Changing owner/group of .well-known to root:root [Sat May 26 16:00:29 CST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/ytiQssuGozd0Hg6WN_HeX0WvThUBEr4tbI-ivWctmvg/4817182877' [Sat May 26 16:00:29 CST 2018] payload='{"resource": "challenge", "keyAuthorization": "zi2CjLkte9wpe-yRAPzaDEw9u3RZn8zTEvs-kBLc3kI.EXUnGP-YcnhIvSm_W1CUtcGrsOgXXQfhcGp4V8XW5io"}' [Sat May 26 16:00:29 CST 2018] POST [Sat May 26 16:00:29 CST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/ytiQssuGozd0Hg6WN_HeX0WvThUBEr4tbI-ivWctmvg/4817182877' [Sat May 26 16:00:29 CST 2018] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header -g ' [Sat May 26 16:00:30 CST 2018] _ret='0' [Sat May 26 16:00:30 CST 2018] code='202' [Sat May 26 16:00:30 CST 2018] sleep 2 secs to verify [Sat May 26 16:00:32 CST 2018] checking [Sat May 26 16:00:32 CST 2018] GET [Sat May 26 16:00:32 CST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/ytiQssuGozd0Hg6WN_HeX0WvThUBEr4tbI-ivWctmvg/4817182877' [Sat May 26 16:00:32 CST 2018] timeout= [Sat May 26 16:00:32 CST 2018] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header -g ' [Sat May 26 16:00:33 CST 2018] ret='0' [Sat May 26 16:00:33 CST 2018] [1;31;32mSuccess[0m [Sat May 26 16:00:33 CST 2018] pid [Sat May 26 16:00:33 CST 2018] pid [Sat May 26 16:00:33 CST 2018] No need to restore nginx, skip. [Sat May 26 16:00:33 CST 2018] _clearupdns [Sat May 26 16:00:33 CST 2018] skip dns. [Sat May 26 16:00:33 CST 2018] Verify finished, start to sign. [Sat May 26 16:00:33 CST 2018] i='2' [Sat May 26 16:00:33 CST 2018] j='16' [Sat May 26 16:00:33 CST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-cert' [Sat May 26 16:00:33 CST 2018] payload='{"resource": "new-cert", "csr": "MIICoTCCAYkCAQAwHjEcMBoGA1UEAxMTd3d3LmZ1dGF3YWxsLnJldmlldzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ5nX3xoTB4a7LCcouEkPw2YKEWP1Y4dAFYGIVIxfNhkCFwmz7_YFk962i_yansA0wLkT0PRYRlOH7JaAahCHWc0SZyzSv7dBa3nuelDDpT_SYitxQ5qhzgBvOwCr9428SaIhtEAQekVjC8rqpn5sbtqh3ocCdlZzpQAQURCLXAPQfdswYXdr1CwKsiTAbWYOnqnaV1xEF3Or2A3L77wNtlLCvX-hPVQO2U6iUHdXty0KuYjs5ceZ_WQ2VfFs9H6Wf_zoErqoqzRWpL3j0rICn-Nsdm8iiUAIBQuG-0JXeqx5DUxPonFfBK3dLLfDVAp6VcjwH8Mykr9av-u6PabXK8CAwEAAaA-MDwGCSqGSIb3DQEJDjEvMC0wCwYDVR0PBAQDAgXgMB4GA1UdEQQXMBWCE3d3dy5mdXRhd2FsbC5yZXZpZXcwDQYJKoZIhvcNAQELBQADggEBAIYxtbrgqAzOJ9Qwo2NR6vpGWHZkjyr0utbWh3rvWkRMy1ODhTMX5P90UK5CB3JAVW97C4zChPODA6URnkukhePcGOi-AwaFmzsGXMG0ZPdOY6_4wjtU_N1ypCaGW9OdzXeDyDAJFVV-tGbD8-1W6iLiKCPl2I__temJ_2d02UgMfoQdpIsJ9YGEz7vF0QSo9wLtD-qa7EeVP6Ng2xmoGlojVaPccA2JhEWWtHJIAv6gJde5VPDKPHGPHqPIHJLxl5UCQ6TTCYDcHEmy-AjXg3aHNwoG_LegP7w-26Qfnlop1wtmlZ6AIJMUnyOK47L_v-nXUm9vptcsEamWEtbebeY"}' [Sat May 26 16:00:33 CST 2018] POST [Sat May 26 16:00:33 CST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-cert' [Sat May 26 16:00:33 CST 2018] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header -g ' [Sat May 26 16:00:34 CST 2018] _ret='0' [Sat May 26 16:00:34 CST 2018] code='201' [Sat May 26 16:00:34 CST 2018] Le_LinkCert='https://acme-v01.api.letsencrypt.org/acme/cert/04a92a15551718c36781f73848c4ef81d793' [Sat May 26 16:00:34 CST 2018] [1;31;32mCert success.[0m [Sat May 26 16:00:34 CST 2018] Your cert is in [1;31;32m /usr/local/nginx/conf/ssl/这里是域名/这里是域名.cer [0m [Sat May 26 16:00:34 CST 2018] Your cert key is in [1;31;32m /usr/local/nginx/conf/ssl/这里是域名/这里是域名.key [0m [Sat May 26 16:00:34 CST 2018] Le_LinkIssuer='https://acme-v01.api.letsencrypt.org/acme/issuer-cert' [Sat May 26 16:00:34 CST 2018] _link_issuer_retry='0' [Sat May 26 16:00:34 CST 2018] GET [Sat May 26 16:00:34 CST 2018] url='https://acme-v01.api.letsencrypt.org/acme/issuer-cert' [Sat May 26 16:00:34 CST 2018] timeout= [Sat May 26 16:00:34 CST 2018] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header -g ' [Sat May 26 16:00:35 CST 2018] ret='0' [Sat May 26 16:00:35 CST 2018] The intermediate CA cert is in [1;31;32m /usr/local/nginx/conf/ssl/这里是域名/ca.cer [0m [Sat May 26 16:00:35 CST 2018] And the full chain certs is there: [1;31;32m /usr/local/nginx/conf/ssl/这里是域名/fullchain.cer [0m [Sat May 26 16:00:35 CST 2018] Run reload cmd: /etc/init.d/nginx reload [Sat May 26 16:00:35 CST 2018] [1;31;32mReload success[0m [Sat May 26 16:00:35 CST 2018] _on_issue_success

无法自动续期，但是手动重新创建是可以的，我使用的是LNMP 1.5

感谢开发者.

May 26 '18 14:05 Hello-Moeka

无法自动续期

是什么意思, 能不能多说几句你的情况. 你这样惜字如金我怎么帮你 ? 你沟通的越好, 就越有可能获得帮助, 否则没有任何帮助.

我自己有十几个域名, 都在自动续期.

你可以手动开启 log, 下次有问题就可以查看log

https://github.com/Neilpang/acme.sh/wiki/Enable-acme.sh-log

acme.sh  --issue  .....  --log     --log-level 2

你只需开启一次, 以后自动都会有log.

May 26 '18 14:05 Neilpang

额，非常抱歉，第一次在Github发issue，望谅解目前的情况就是自动续期失败，然后上面贴的是一段log，我尝试手动执行续期的命令未果，最后直接重新创建了，但是我还是希望找到失败的原因，acme.sh --issue ..... --log --log-level 2 已经开了，不过目前还在有效期没办法获取错误信息了，之前的错误基本上就是重复上面的log，您看看能不能找到原因，实在不行的话等60天后报错了我再来麻烦了

May 26 '18 14:05 Hello-Moeka

没关系, 如果续期失败, 你可以手动运行

acme.sh  --cron  --debug 2

这样就能看到输出了.

May 26 '18 14:05 Neilpang

抱歉, 我主要是看到很多人发问题都是不说什么具体情况. 我干着急.

我希望咱们开发者能想朋友一样沟通. 有温度一点. 效率高能解决问题.

May 26 '18 14:05 Neilpang

目前我重新创建之后证书已经可用，acme.sh --cron --debug 2执行这个提示的都是skip，没什么错误信息，上面的log没什么帮助的话我等到期再出现问题再发issue吧。谢谢

May 26 '18 14:05 Hello-Moeka

我加了 --force 强制更新，应该是没问题了，再遇到的话我再联系您吧，感谢开发者.`

May 26 '18 14:05 Hello-Moeka

@Neilpang 我是通过lnmp onlyssl使用acme.sh更新ssl证书的有这么个报错信息

 The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead.

没找到这个模式要在哪里改，为啥我是dns手动模式

Mar 14 '20 09:03 shyandsy

抱歉, 我主要是看到很多人发问题都是不说什么具体情况. 我干着急.

我希望咱们开发者能想朋友一样沟通. 有温度一点. 效率高能解决问题.

大佬的脾气真的是太好了🫡🫡🫡

Dec 09 '23 10:12 BitbeyHub

acme.sh acme.sh copied to clipboard

无法自动续期

Steps to reproduce

acme.sh
acme.sh copied to clipboard