search

ShadowsocksR-Live / shadowsocksr-native

翻墙 从容穿越党国敏感日 ShadowsocksR (SSRoT) native implementation for all platforms, GFW terminator
https://github.com/ShadowsocksR-Live/shadowsocksr-native/wiki
GNU General Public License v3.0
2.74k stars 763 forks source link

[CA] 获取网站证书失败 #120

Closed bsun0802 closed 4 years ago

bsun0802 commented 4 years ago

Please answer these questions before submitting your issue. Thanks!

What version of shadowsocks-native are you using?

newest, last committed on Jan 20.

What operating system are you using?

Ubuntu-18.04, brand-new google cloud VM.

What did you do?

Followed the instructions in Wiki exactly. 运行自动化安装,域名解析成功。但是 [CA] 获取网站证书失败。

2020-04-10 14:40:08 (14.8 MB/s) - ‘acme_tiny.py’ saved [11513/1hhhhhhh1513]

Parsing account key...
Parsing CSR...
Found domains: www.h'h'h'h'h'h'h.org, www.www.hhhhhhh.org
Getting directory...
Directory found!
Registering account...
Registered!
Creating new order...
Order created!
Verifying www.hhhhhhh.org...
Traceback (most recent call last):
  File "acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "acme_tiny.py", line 143, in get_crt
    raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
ValueError: Wrote file to /fakesite/.well-known/acme-challenge/BqrQaFIAzrWlBJ15n3hS27bniMpO-uE4QnK90JjQHEg, but couldn't download http://www.hhhh.org/.well-known/acme-challenge/BqrQaFIAzrWlBJ15n3hS27bniMpO-uE4QnK90JjQHEg: Error:
Url: http://www.hhhhhhh.org/.well-known/acme-challenge/BqrQaFIAzrWlBJ15n3hS27bniMpO-uE4QnK90JjQHEg
Data: None
Response Code: 404
Response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.4.29 (Ubuntu) Server at www.xxxx.org Port 80</address>
</body></html>

[错误]  [CA] 获取 网站证书 失败

在此错误前, 所有指令均成功执行。

...
[OK]  域名 DNS 解析 IP 与 本机 IP 匹配 
...
[OK]  [CA] 创建帐号 key 完成 
...
[OK]  [CA] 创建 CSR 文件 完成

What did you expect to see?

我想安装并使用shadowsocksr-native

What did you see instead?

比较可疑的是

Generating RSA private key, 4096 bit long modulus (2 primes)
.............................++++
.....++++
e is 65537 (0x010001)
Can't load /root/.rnd into RNG
139888605692352:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd

好像有一个 connot open file 错误 但是仍然显示 [OK] [CA] 创建 CSR 文件 完成

What is your config in detail (with all sensitive info masked)?

google domain 购买的域名,google cloud platform 建立的VM。 IP 可以ping通,但是域名ping不同。自动化安装脚本可以成功DNS解析。 紧接着脚本出错。

ssrlive commented 4 years ago

你自己的问题。文档特别提醒把 www 也解析了。掉坑了吧?!

https://github.com/ShadowsocksR-Live/shadowsocksr-native/wiki/%E5%87%86%E5%A4%87%E5%B7%A5%E4%BD%9C#%E5%B0%86-%E5%9F%9F%E5%90%8D-%E5%92%8C-%E8%99%9A%E6%8B%9F%E4%B8%BB%E6%9C%BA-%E7%9A%84-ip-%E5%85%B3%E8%81%94%E4%B8%8A

bsun0802 commented 4 years ago

额现在域名可以ping通, www域名也可以ping通。但是自动安装还是会出错。为什么会出现这些file not found 的error阿?感谢大佬! nginx: [error] open() "/var/run/nginx.pid" failed (2: No such file or directory) Can't load /root/.rnd into RNG

[OK]  [nginx] 复制文件 完成 
nginx: [error] open() "/var/run/nginx.pid" failed (2: No such file or directory)
Generating RSA private key, 4096 bit long modulus (2 primes)
.............................++++
..............................................++++
e is 65537 (0x010001)
[OK]  [CA] 创建帐号 key 完成 
Generating RSA private key, 4096 bit long modulus (2 primes)
..................................................................................................................................................................................++++
.................................................................................................................++++
e is 65537 (0x010001)
Can't load /root/.rnd into RNG
140160291881408:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
[OK]  [CA] 创建 CSR 文件 完成
ssrlive commented 4 years ago 
Can't load /root/.rnd into RNG

这个不碍事吧?!

ssrlive commented 4 years ago

如果你懂 bash 脚本,找到出错所在根本不是问题,我很久没碰那个忘光了。

bsun0802 commented 4 years ago

Ok, I see. 我读的懂那个bash,但是我不懂web... 所以问题还是出在我的DNS域名解析上?我在安装的时候输入你的域名信息,输入www.example.org 就可以解析,但是输入example.org就会出现与本机ip不匹配。但是我两个都ping的通

ssrlive commented 4 years ago

如果你通过 cloudflare 解析域名, 就很有可能造成 本机 ip 与 域名 不匹配。 但不碍事。装下去。

bsun0802 commented 4 years ago

Google Domain 解析的域名。加了www, 本机ip匹配,但是获取证书失败。域名用example.org不加www,本机ip不匹配,装下起还是获取证书失败。

请问是该这么设置域名解析么?

Screen Shot 2020-04-10 at 11 59 03 PM
ssrlive commented 4 years ago

是不是解析延迟?明天看看?

ssrlive commented 4 years ago

或者你在脚本里把那个ping不通的条目删了再试

bsun0802 commented 4 years ago

好的,我再研究一下吧。

ssrlive commented 4 years ago

image

bsun0802 commented 4 years ago

成功了,看来是域名解析需要时间。但是Google Domain之前都是几分钟就好了。要不把这个google domain 购买之后DNS解析的设置截图放到wiki里面?那个freenom我下午搞了很久都不行,我美国有地址,但是说street number is not valid。freenom网站也不说清楚它那个field需要填什么地址。。。各种尝试无果,后从google domain买了域名。