ShadowsocksR-Live / shadowsocksr-native

翻墙从容穿越党国敏感日 ShadowsocksR (SSRoT) native implementation for all platforms, GFW terminator

https://github.com/ShadowsocksR-Live/shadowsocksr-native/wiki

GNU General Public License v3.0

2.74k stars 765 forks source link

生成证书失败 #156

Closed hmi12 closed 3 years ago

hmi12 commented 3 years ago

2020-08-04 02:59:18 (15.7 MB/s) - ‘acme_tiny.py’ saved [11513/11513]

Parsing account key... Parsing CSR... Found domains: 52site.top, www.52site.top Getting directory... Directory found! Registering account... Registered! Creating new order... Order created! Verifying 52site.top... Traceback (most recent call last): File "acme_tiny.py", line 198, in main(sys.argv[1:]) File "acme_tiny.py", line 194, in main signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact) File "acme_tiny.py", line 143, in get_crt raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e)) ValueError: Wrote file to /fakesite/.well-known/acme-challenge/LGip88rq14O4hB4Aw44-Tw-BCdxxflrZrGh0ptbl47w, but couldn't download http://52site.top/.well-known/acme-challenge/LGip88rq14O4hB4Aw44-Tw-BCdxxflrZrGh0ptbl47w: Error: Url: http://52site.top/.well-known/acme-challenge/LGip88rq14O4hB4Aw44-Tw-BCdxxflrZrGh0ptbl47w Data: None Response Code: 404 Response:

404 Not Found

404 Not Found

nginx/1.14.0 (Ubuntu)

[Error] [CA] Obtain website certificate Failed

www.和不带www的域名都可以正常解析，端口80 可通

ssrlive commented 3 years ago

mkdir -p /fakesite/.well-known/acme-challenge/

这一句有没有报错?

ssrlive commented 3 years ago

再试一把

hmi12 commented 3 years ago

mkdir -p /fakesite/.well-known/acme-challenge/ 这个没有报错的。在生成证书的时候，无论自动还是手动，都是会报这个404的错误，就是访问这个URL的时候 http://xxxx/.well-known/acme-challenge/jhJOcaM57pALDRlBnL5FhJo4o--_uoXuxeLznhLyHDo 但是域名和解析我确定是没有问题的，这个一长串字符的文件也在acme-challenge目录下面。

ssrlive commented 3 years ago

是不是 nginx 的用户权限哪里出问题了?

ssrlive commented 3 years ago

奇怪的现象.

ssrlive commented 3 years ago

难道试新版 Linux 发行版的问题?

hmi12 commented 3 years ago

权限都是使用的root账户操作的。。。 ubuntu 1804， GCP上的

ssrlive commented 3 years ago

nginx 的工作进程是运行在 nginx 账号权限下的.

root         541  0.0  0.1   8724   912 ?        Ss   Jul02   0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx        542  0.0  3.2  24308 19436 ?        S    Jul02   4:04 nginx: worker process
root         545  0.0  6.6 337740 39356 ?        Ssl  Jul02   1:46 /usr/bin/ssr-server -d -c /etc/ssr-native/config.json

ssrlive commented 3 years ago

把 /fakesite/.well-known/acme-challenge/ 目录授权给 nginx 账号可读可写以后怎样?

hmi12 commented 3 years ago

抱歉打扰，应该是我nginx的问题，我kill 掉进程后，重新跑了一遍，可以了，打扰打扰，多谢。