acme.sh icon indicating copy to clipboard operation
acme.sh copied to clipboard
verified publisher icon acmesh-official

在不支持date +%N的系统下阿里云报错SignatureNonceUsed的问题

Open Jinenze opened this issue 9 months ago • 2 comments

如题,以下是源码

_ali_nonce() {
  #_head_n 1 </dev/urandom | _digest "sha256" hex | cut -c 1-31
  #Not so good...
  date +"%s%N" | sed 's/%N//g'
}

我使用的openwrt不支持date +%N

root@OpenWrt:~# date +"%s"
1740475004
root@OpenWrt:~# date +"%s%N"
1740475006

也有人之前提到过alpine系统不支持 #1369 这人也碰到相同的问题 #6204

[Thu Jan 16 01:18:36 UTC 2025] url='https://alidns.aliyuncs.com/?Signature=MYqqbqoq60jux%2BvITIw%2BSZtGDl8%3D&AccessKeyId=LT......m&Action=DescribeDomainRecords&DomainName=_acme-challenge.truenas.zt-plaza.com&Format=json&SignatureMethod=HMAC-SHA1&SignatureNonce=1736990316&SignatureVersion=1.0&Timestamp=2025-01-16T01%3A18%3A36Z&Version=2015-01-09'
[Thu Jan 16 01:18:37 UTC 2025] url='https://alidns.aliyuncs.com/?Signature=92qomfRjsr1q52wzfaL8jDTiwuI%3D&AccessKeyId=LT......m&Action=DescribeDomainRecords&DomainName=truenas.zt-plaza.com&Format=json&SignatureMethod=HMAC-SHA1&SignatureNonce=1736990317&SignatureVersion=1.0&Timestamp=2025-01-16T01%3A18%3A37Z&Version=2015-01-09'
[Thu Jan 16 01:18:37 UTC 2025] url='https://alidns.aliyuncs.com/?Signature=yktrAF5edOVROS0kRtaUmtejIr4%3D&AccessKeyId=LT......m&Action=DescribeDomainRecords&DomainName=zt-plaza.com&Format=json&SignatureMethod=HMAC-SHA1&SignatureNonce=1736990317&SignatureVersion=1.0&Timestamp=2025-01-16T01%3A18%3A37Z&Version=2015-01-09'
[Thu Jan 16 01:18:37 UTC 2025] url='https://alidns.aliyuncs.com/?Signature=p4OLh2%2B3%2FBfh7KqpCQjdTb9yD9A%3D&AccessKeyId=LT......m&Action=DescribeDomainRecords&DomainName=com&Format=json&SignatureMethod=HMAC-SHA1&SignatureNonce=1736990317&SignatureVersion=1.0&Timestamp=2025-01-16T01%3A18%3A37Z&Version=2015-01-09'

我直接加了1秒延迟

_ali_nonce() {
  #_head_n 1 </dev/urandom | _digest "sha256" hex | cut -c 1-31
  #Not so good...
  sleep 1s
  date +"%s%N" | sed 's/%N//g'
}

当然,或许直接换成docker容器就行 可以在Readme上提醒一下?我当时被这个问题折磨很久,完全找不到原因

Jinenze avatar Feb 25 '25 10:02 Jinenze

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

github-actions[bot] avatar Feb 25 '25 10:02 github-actions[bot]

不明白

Neilpang avatar Feb 28 '25 18:02 Neilpang

same problem here

SiuKam avatar Sep 07 '25 05:09 SiuKam

Confirmed. The "sleep 1s" fixed my problem with adding new domain names for the acme challenge.

pdwalker avatar Dec 04 '25 09:12 pdwalker

@pdwalker 修了, 请试一下最新的 dev 版本:

acme.sh  --upgrade  -b dev

Neilpang avatar Dec 05 '25 21:12 Neilpang