search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
38.62k stars 4.91k forks source link

无法找到NGINX_CONF #1625

Open nazavoya opened 6 years ago

nazavoya commented 6 years ago

我发现acme.sh中查找nginx-conf是通过以下这个命令: NGINX_CONF="$(nginx -V 2>&1 | _egrep_o "--conf-path=[^ ]* " | tr -d " ")" 但是我通过这个命令并没有在我的nginx上发现有--conf-path参数(事实上我的nginx启动时是使用的默认de $NGINX_HOME/conf/nginx.conf配置文件),这样最终导致证书获取失败。 我的nginx启动时用的官方的启动脚本nginx start,以下是nginx配置输出: [root@server-01 ~]# nginx -V nginx version: nginx/1.12.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) built with OpenSSL 1.1.0g 2 Nov 2017 TLS SNI support enabled configure arguments: --prefix=/www/server/product/nginx/gateway/nginx-1.12.2 --pid-path=/www/server/product/nginx/gateway/nginx-1.12.2/logs/nginx.pid --lock-path=/www/server/product/nginx/gateway/nginx-1.12.2/logs/nginx.lock --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_image_filter_module --with-http_dav_module --with-http_gzip_static_module --with-http_slice_module --with-http_stub_status_module --with-http_sub_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-stream_realip_module --with-pcre=/www/software/pcre-8.42 --with-pcre-jit --with-openssl=/www/software/openssl-1.1.0g --with-zlib=/www/software/zlib-1.2.11 --add-module=/www/server/product/nginx/gateway/nginx-1.12.2/modules/nginx-goodies-nginx-sticky-module-ng-08a395c66e42 [root@server-01 ~]#

以下是DEBUG2日志:

[Sun May 27 11:06:33 CST 2018] Sleep 120 seconds for the txt records to take effect [Sun May 27 11:08:34 CST 2018] ok, let's start to verify [Sun May 27 11:08:34 CST 2018] Verifying:nazavoya.com [Sun May 27 11:08:34 CST 2018] d='nazavoya.com' [Sun May 27 11:08:34 CST 2018] keyauthorization='clQzEKa10L85cKbQJuwkF-DTHcZAnn_IR1xL9sxuqN0.BlWmYUOZpvoph1lO2mg7tL4JiNzuLUj1chY65Zh2ioc' [Sun May 27 11:08:34 CST 2018] uri='https://acme-v02.api.letsencrypt.org/acme/challenge/yd7tytrqd_S9Yg30HxKCM7SvOl2HDopxbTdFWW3h_x8/4829129309' [Sun May 27 11:08:34 CST 2018] _currentRoot='nginx:' [Sun May 27 11:08:34 CST 2018] Nginx mode for domain:nazavoya.com [Sun May 27 11:08:34 CST 2018] _croot='nginx:' [Sun May 27 11:08:34 CST 2018] _start_f [Sun May 27 11:08:34 CST 2018] find start conf from nginx command [Sun May 27 11:08:34 CST 2018] NGINX_CONF [Sun May 27 11:08:34 CST 2018] NGINX_CONF [Sun May 27 11:08:34 CST 2018] '' doesn't exist. [Sun May 27 11:08:34 CST 2018] pid [Sun May 27 11:08:34 CST 2018] No need to restore nginx, skip. [Sun May 27 11:08:34 CST 2018] _clearupdns [Sun May 27 11:08:34 CST 2018] Removing DNS records. [Sun May 27 11:08:34 CST 2018] txt='CHZsNAxO4G4GUTjT4V0qVOluNLKOQ5rrrh5dHANtNCg' [Sun May 27 11:08:34 CST 2018] Skip nazavoya.com for http-01 [Sun May 27 11:08:34 CST 2018] txt='WacwqI05efOW_wksKXMCVU30hXRGjdWq028W4ryoc3s' [Sun May 27 11:08:34 CST 2018] d_api='/www/runtime/acme/dnsapi/dns_ali.sh' [Sun May 27 11:08:34 CST 2018] _d_alias [Sun May 27 11:08:34 CST 2018] First detect the root zone [Sun May 27 11:08:35 CST 2018] GET [Sun May 27 11:08:35 CST 2018] url='https://alidns.aliyuncs.com/?AccessKeyId=S110itPFq87XmCxX&Action=DescribeDomainRecords&DomainName=nazavoya.com&Format=json&SignatureMethod=HMAC-SHA1&SignatureNonce=1527390514939321952&SignatureVersion=1.0&Timestamp=2018-05-27T03%3A08%3A34Z&Version=2015-01-09&Signature=a3wxXGD%2FLwSy20Za8pKsAnrlb%2BI%3D' [Sun May 27 11:08:35 CST 2018] timeout= [Sun May 27 11:08:35 CST 2018] Http already initialized. [Sun May 27 11:08:35 CST 2018] _CURL='curl -L --silent --dump-header /www/runtime/acme/data/http.header --trace-ascii /tmp/tmp.HFcJjVcqjs -g ' [Sun May 27 11:08:35 CST 2018] ret='0' [Sun May 27 11:08:35 CST 2018] response='{"PageNumber":1,"TotalCount":50,"PageSize":20,"RequestId":"BA85BA6A-61A1-412A-9D81-E1037E7687C8","DomainRecords":{"Record":[{"RR":"_acme-challenge","Status":"ENABLE","Value":"WacwqI05efOW_wksKXMCVU30hXRGjdWq028W4ryoc3s","Weight":1,"RecordId":"3908491979293696","Type":"TXT","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"eureka-03.apollo","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3893020547454976","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"eureka-02.apollo","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3893008129742848","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"eureka-01.apollo","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3893007989556224","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"admin-03.apollo","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3890452386219008","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"admin-02.apollo","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3890452250248192","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"admin-01.apollo","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3890452101399552","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"config-03.apollo","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3890415584106496","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"config-02.apollo","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3890415438140416","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"config-01.apollo","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3890415278572544","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"portal.apollo","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3884612246328320","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"uat.meta.apollo","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3884485168743424","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"fat.meta.apollo","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3884485012292608","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"pro.meta.apollo","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3884484742071296","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"dev.meta.apollo","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3884484578919424","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"sparkworker-03","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3878987476521984","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"sparkworker-02","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3878987341579264","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"sparkworker-01","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3878912105628672","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"sparkmaster","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3878892796565504","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600},{"RR":"zentao","Status":"ENABLE","Value":"39.106.62.127","Weight":1,"RecordId":"3877256224691200","Type":"A","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600}]}}' [Sun May 27 11:08:35 CST 2018] _sub_domain='_acme-challenge' [Sun May 27 11:08:35 CST 2018] _domain='nazavoya.com' [Sun May 27 11:08:36 CST 2018] GET [Sun May 27 11:08:36 CST 2018] url='https://alidns.aliyuncs.com/?AccessKeyId=S110itPFq87XmCxX&Action=DescribeDomainRecords&DomainName=nazavoya.com&Format=json&RRKeyWord=_acme-challenge&SignatureMethod=HMAC-SHA1&SignatureNonce=1527390515751055154&SignatureVersion=1.0&Timestamp=2018-05-27T03%3A08%3A35Z&TypeKeyWord=TXT&Version=2015-01-09&Signature=yhQzwEMUglUEV9zxp0b0pGvr33Y%3D' [Sun May 27 11:08:36 CST 2018] timeout= [Sun May 27 11:08:36 CST 2018] Http already initialized. [Sun May 27 11:08:36 CST 2018] _CURL='curl -L --silent --dump-header /www/runtime/acme/data/http.header --trace-ascii /tmp/tmp.HFcJjVcqjs -g ' [Sun May 27 11:08:36 CST 2018] ret='0' [Sun May 27 11:08:36 CST 2018] response='{"PageNumber":1,"TotalCount":1,"PageSize":20,"RequestId":"C79AF975-6D72-476B-94A6-9A2D50020144","DomainRecords":{"Record":[{"RR":"_acme-challenge","Status":"ENABLE","Value":"WacwqI05efOW_wksKXMCVU30hXRGjdWq028W4ryoc3s","Weight":1,"RecordId":"3908491979293696","Type":"TXT","DomainName":"nazavoya.com","Locked":false,"Line":"default","TTL":600}]}}' [Sun May 27 11:08:36 CST 2018] record_id='3908491979293696' [Sun May 27 11:08:37 CST 2018] GET [Sun May 27 11:08:37 CST 2018] url='https://alidns.aliyuncs.com/?AccessKeyId=S110itPFq87XmCxX&Action=DeleteDomainRecord&Format=json&RecordId=3908491979293696&SignatureMethod=HMAC-SHA1&SignatureNonce=1527390516625520938&SignatureVersion=1.0&Timestamp=2018-05-27T03%3A08%3A36Z&Version=2015-01-09&Signature=rB3CrKejPHcbvU6cn9F2iD%2B%2BzQ0%3D' [Sun May 27 11:08:37 CST 2018] timeout= [Sun May 27 11:08:37 CST 2018] Http already initialized. [Sun May 27 11:08:37 CST 2018] _CURL='curl -L --silent --dump-header /www/runtime/acme/data/http.header --trace-ascii /tmp/tmp.HFcJjVcqjs -g ' [Sun May 27 11:08:37 CST 2018] ret='0' [Sun May 27 11:08:37 CST 2018] response='{"RecordId":"3908491979293696","RequestId":"D89DE5C7-BC21-468C-B01C-892621C93396"}' [Sun May 27 11:08:37 CST 2018] _on_issue_err [Sun May 27 11:08:37 CST 2018] Please add '--debug' or '--log' to check more details. [Sun May 27 11:08:37 CST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh [Sun May 27 11:08:37 CST 2018] _chk_vlist='nazavoya.com#clQzEKa10L85cKbQJuwkF-DTHcZAnn_IR1xL9sxuqN0.BlWmYUOZpvoph1lO2mg7tL4JiNzuLUj1chY65Zh2ioc#https://acme-v02.api.letsencrypt.org/acme/challenge/yd7tytrqd_S9Yg30HxKCM7SvOl2HDopxbTdFWW3h_x8/4829129309#http-01#nginx:,*.nazavoya.com#USWtDlb9YMVEBaQ2XReY4jQPubB7g3skHqtJKHIjSSA.BlWmYUOZpvoph1lO2mg7tL4JiNzuLUj1chY65Zh2ioc#https://acme-v02.api.letsencrypt.org/acme/challenge/UYaWAFAbN3MLNL5fUbR2petZa925JauPfa8LFCRKYig/4829129308#dns-01#dns_ali,' [Sun May 27 11:08:37 CST 2018] start to deactivate authz [Sun May 27 11:08:37 CST 2018] tigger domain validation. [Sun May 27 11:08:37 CST 2018] _t_url='https://acme-v02.api.letsencrypt.org/acme/challenge/yd7tytrqd_S9Yg30HxKCM7SvOl2HDopxbTdFWW3h_x8/4829129309' [Sun May 27 11:08:37 CST 2018] _t_key_authz='clQzEKa10L85cKbQJuwkF-DTHcZAnn_IR1xL9sxuqN0.BlWmYUOZpvoph1lO2mg7tL4JiNzuLUj1chY65Zh2ioc' [Sun May 27 11:08:37 CST 2018] url='https://acme-v02.api.letsencrypt.org/acme/challenge/yd7tytrqd_S9Yg30HxKCM7SvOl2HDopxbTdFWW3h_x8/4829129309' [Sun May 27 11:08:37 CST 2018] payload='{"keyAuthorization": "clQzEKa10L85cKbQJuwkF-DTHcZAnn_IR1xL9sxuqN0.BlWmYUOZpvoph1lO2mg7tL4JiNzuLUj1chY65Zh2ioc"}' [Sun May 27 11:08:37 CST 2018] Use cached jwk for file: /www/runtime/acme/data/ca/acme-v02.api.letsencrypt.org/account.key [Sun May 27 11:08:37 CST 2018] Use _CACHED_NONCE='tXSFRr4wXaBrtLpwPiK9SMpsKxaBjyPzS0bIpe-AKpw' [Sun May 27 11:08:37 CST 2018] nonce='tXSFRr4wXaBrtLpwPiK9SMpsKxaBjyPzS0bIpe-AKpw' [Sun May 27 11:08:37 CST 2018] POST [Sun May 27 11:08:37 CST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/challenge/yd7tytrqd_S9Yg30HxKCM7SvOl2HDopxbTdFWW3h_x8/4829129309' [Sun May 27 11:08:37 CST 2018] body='{"protected": "eyJub25jZSI6ICJ0WFNGUnI0d1hhQnJ0THB3UGlLOVNNcHNLeGFCanlQelMwYklwZS1BS3B3IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UveWQ3dHl0cnFkX1M5WWczMEh4S0NNN1N2T2wySERvcHhiVGRGV1czaF94OC80ODI5MTI5MzA5IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8zNTYyNzAwNyJ9", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogImNsUXpFS2ExMEw4NWNLYlFKdXdrRi1EVEhjWkFubl9JUjF4TDlzeHVxTjAuQmxXbVlVT1pwdm9waDFsTzJtZzd0TDRKaU56dUxVajFjaFk2NVpoMmlvYyJ9", "signature": "eg306bkGooN4cSpBmocIPDKYbi9W_X36HEl-xmXQf4ZQzPVHURI3xU_SilftRn9ex9e1A0Q1AjsBjdYCsJ6bZfoDZ_n9tyRvv0ztFeqkiP8GdCAkn-1DeX_XC5MAIcGEXnEYvK-NIQzRJD5gczwZChlph-_Z9fQ0rsuisysDZT1EA1KM9F8uCkBJyxhWjqwNYdVGs2IoFm91JDLYtpTr903l6HlKsHBO8uJ4nkHEDrpSRyIuPRWme3Q_z-8eze6JIfBLvNnWT5iVDfHWgIgM4AkoHCtblB8fXnPiiR8Qchx61Ann_nnwggWDEbD36NaGds4rXJvrWKZSmSo8eAXHhw"}' [Sun May 27 11:08:37 CST 2018] _postContentType='application/jose+json' [Sun May 27 11:08:37 CST 2018] Http already initialized. [Sun May 27 11:08:37 CST 2018] _CURL='curl -L --silent --dump-header /www/runtime/acme/data/http.header --trace-ascii /tmp/tmp.HFcJjVcqjs -g ' [Sun May 27 11:08:38 CST 2018] _ret='0' [Sun May 27 11:08:38 CST 2018] original='{ "type": "http-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/yd7tytrqd_S9Yg30HxKCM7SvOl2HDopxbTdFWW3h_x8/4829129309", "token": "clQzEKa10L85cKbQJuwkF-DTHcZAnn_IR1xL9sxuqN0" }' [Sun May 27 11:08:38 CST 2018] responseHeaders='HTTP/1.1 200 OK Server: nginx Content-Type: application/json Content-Length: 223 Boulder-Requester: 35627007 Link: https://acme-v02.api.letsencrypt.org/acme/authz/yd7tytrqd_S9Yg30HxKCM7SvOl2HDopxbTdFWW3h_x8;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/challenge/yd7tytrqd_S9Yg30HxKCM7SvOl2HDopxbTdFWW3h_x8/4829129309 Replay-Nonce: vIh5A8R9ks9-SN3QKsltxX-VyPu6qw2N5E4EY7_GBvc X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 27 May 2018 03:08:38 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 27 May 2018 03:08:38 GMT Connection: keep-alive ' [Sun May 27 11:08:38 CST 2018] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/yd7tytrqd_S9Yg30HxKCM7SvOl2HDopxbTdFWW3h_x8/4829129309","token":"clQzEKa10L85cKbQJuwkF-DTHcZAnn_IR1xL9sxuqN0"}' [Sun May 27 11:08:38 CST 2018] code='200' [Sun May 27 11:08:38 CST 2018] tigger domain validation. [Sun May 27 11:08:38 CST 2018] _t_url='https://acme-v02.api.letsencrypt.org/acme/challenge/UYaWAFAbN3MLNL5fUbR2petZa925JauPfa8LFCRKYig/4829129308' [Sun May 27 11:08:38 CST 2018] _t_key_authz='USWtDlb9YMVEBaQ2XReY4jQPubB7g3skHqtJKHIjSSA.BlWmYUOZpvoph1lO2mg7tL4JiNzuLUj1chY65Zh2ioc' [Sun May 27 11:08:38 CST 2018] url='https://acme-v02.api.letsencrypt.org/acme/challenge/UYaWAFAbN3MLNL5fUbR2petZa925JauPfa8LFCRKYig/4829129308' [Sun May 27 11:08:38 CST 2018] payload='{"keyAuthorization": "USWtDlb9YMVEBaQ2XReY4jQPubB7g3skHqtJKHIjSSA.BlWmYUOZpvoph1lO2mg7tL4JiNzuLUj1chY65Zh2ioc"}' [Sun May 27 11:08:38 CST 2018] Use cached jwk for file: /www/runtime/acme/data/ca/acme-v02.api.letsencrypt.org/account.key [Sun May 27 11:08:38 CST 2018] Use _CACHED_NONCE='vIh5A8R9ks9-SN3QKsltxX-VyPu6qw2N5E4EY7_GBvc' [Sun May 27 11:08:38 CST 2018] nonce='vIh5A8R9ks9-SN3QKsltxX-VyPu6qw2N5E4EY7_GBvc' [Sun May 27 11:08:38 CST 2018] POST [Sun May 27 11:08:38 CST 2018] _post_url='https://acme-v02.api.letsencrypt.org/acme/challenge/UYaWAFAbN3MLNL5fUbR2petZa925JauPfa8LFCRKYig/4829129308' [Sun May 27 11:08:38 CST 2018] body='{"protected": "eyJub25jZSI6ICJ2SWg1QThSOWtzOS1TTjNRS3NsdHhYLVZ5UHU2cXcyTjVFNEVZN19HQnZjIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvVVlhV0FGQWJOM01MTkw1ZlViUjJwZXRaYTkyNUphdVBmYThMRkNSS1lpZy80ODI5MTI5MzA4IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8zNTYyNzAwNyJ9", "payload": "eyJrZXlBdXRob3JpemF0aW9uIjogIlVTV3REbGI5WU1WRUJhUTJYUmVZNGpRUHViQjdnM3NrSHF0SktISWpTU0EuQmxXbVlVT1pwdm9waDFsTzJtZzd0TDRKaU56dUxVajFjaFk2NVpoMmlvYyJ9", "signature": "iS1IOL94GnN3c2D8rqS5fETBbX3IL0H17XbI5MjYPke15mYSVeHcJ_pYGEPM1yvdOc8V28sgdeao1Uzhd_jKtHQEKckuPJTKLa6QA8rBp_h7x265oQ8Kl7bkW4FXFKuo87JfEc4h1ZGUmKd5zFn8mNVsFSFXSrYuXyd01tcDvjhaPXKg6SykTUfTenVqepu0ddntvAlvHJ1w6nKTNYycGldHa-zdvC3gEnmpaY-YfsAGdfmA_IO0myDAVSQHln9gNb8zkGFguC-tztrUEOQvpLeDcg8s1_NiGCauwcj3vTCRIzlVAQ-OP5KSx4JnBHab8mxJNen7CAPBXBrppxPsyg"}' [Sun May 27 11:08:38 CST 2018] _postContentType='application/jose+json' [Sun May 27 11:08:38 CST 2018] Http already initialized. [Sun May 27 11:08:38 CST 2018] _CURL='curl -L --silent --dump-header /www/runtime/acme/data/http.header --trace-ascii /tmp/tmp.HFcJjVcqjs -g ' [Sun May 27 11:08:39 CST 2018] _ret='0' [Sun May 27 11:08:39 CST 2018] original='{ "type": "dns-01", "status": "pending", "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/UYaWAFAbN3MLNL5fUbR2petZa925JauPfa8LFCRKYig/4829129308", "token": "USWtDlb9YMVEBaQ2XReY4jQPubB7g3skHqtJKHIjSSA" }' [Sun May 27 11:08:39 CST 2018] responseHeaders='HTTP/1.1 200 OK Server: nginx Content-Type: application/json Content-Length: 222 Boulder-Requester: 35627007 Link: https://acme-v02.api.letsencrypt.org/acme/authz/UYaWAFAbN3MLNL5fUbR2petZa925JauPfa8LFCRKYig;rel="up" Location: https://acme-v02.api.letsencrypt.org/acme/challenge/UYaWAFAbN3MLNL5fUbR2petZa925JauPfa8LFCRKYig/4829129308 Replay-Nonce: Jyio2HCDCkI_pD4aslxGOcztxxTT56h2cKvAImEfTZc X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sun, 27 May 2018 03:08:39 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sun, 27 May 2018 03:08:39 GMT Connection: keep-alive ' [Sun May 27 11:08:39 CST 2018] response='{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/challenge/UYaWAFAbN3MLNL5fUbR2petZa925JauPfa8LFCRKYig/4829129308","token":"USWtDlb9YMVEBaQ2XReY4jQPubB7g3skHqtJKHIjSSA"}' [Sun May 27 11:08:39 CST 2018] code='200' [Sun May 27 11:08:39 CST 2018] socat doesn't exists. [Sun May 27 11:08:39 CST 2018] Diagnosis versions: openssl:openssl OpenSSL 1.0.2k-fips 26 Jan 2017 apache: apache doesn't exists. nginx: nginx version: nginx/1.12.2 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) built with OpenSSL 1.1.0g 2 Nov 2017 TLS SNI support enabled configure arguments: --prefix=/www/server/product/nginx/gateway/nginx-1.12.2 --pid-path=/www/server/product/nginx/gateway/nginx-1.12.2/logs/nginx.pid --lock-path=/www/server/product/nginx/gateway/nginx-1.12.2/logs/nginx.lock --user=nginx --group=nginx --with-threads --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_image_filter_module --with-http_dav_module --with-http_gzip_static_module --with-http_slice_module --with-http_stub_status_module --with-http_sub_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-stream_realip_module --with-pcre=/www/software/pcre-8.42 --with-pcre-jit --with-openssl=/www/software/openssl-1.1.0g --with-zlib=/www/software/zlib-1.2.11 --add-module=/www/server/product/nginx/gateway/nginx-1.12.2/modules/nginx-goodies-nginx-sticky-module-ng-08a395c66e42 socat: [Sun May 27 11:08:39 CST 2018] Installing key to:/www/config/ca/private/certbot/nazavoya.com-key.pem [Sun May 27 11:08:39 CST 2018] Installing full chain to:/www/config/ca/certs/certbot/nazavoya.com-chain.pem cat: /www/runtime/acme/data/nazavoya.com/fullchain.cer: No such file or directory [Sun May 27 11:08:39 CST 2018] Run reload cmd: /www/script/product/nginx force-reload

其中关于nginx conf的输出是: [Sun May 27 11:08:34 CST 2018] NGINX_CONF [Sun May 27 11:08:34 CST 2018] NGINX_CONF [Sun May 27 11:08:34 CST 2018] '' doesn't exist.

Rysle commented 6 years ago

+1, same problem.

Neilpang commented 6 years ago
  1. 首先, 日志里面为啥还有 dns 的输出. 你是把 nginx 和 dns 方法混合使用了吗. 一般情况下不需要. 这是高级用法. 如果你确定明白混合模式的意思, 可以这样用. 否则建议你只使用一种, nginx 或者 dns
  2. 其次, 如果你使用nginx 模式, 我们有隐藏功能可以手动指定 nginx conf. 只是目前没有在命令行公开. 你可以试试: 
    
acme.sh --issue  -d domain.com  -w nginx:$NGINX_HOME/conf/nginx.conf