别名验证方式不成功 domain-alias 和challenge-alias

thriken commented 6 years ago

1.domain-alias方式

win7e.com在HE.net建立了acme.win7e.com 作为验证用的域名 tbccj.com 是要申请证书的域名

**NS acme.win7e.com  =>ns1.he.net~ns5.he.net
CNAME _acme-challenge.tbccj.com => acme.win7e.com** 
‘acme.sh --issue --dns dns_he -d tbccj.com -d '*.tbccj.com' --domain-alias @.win7e.com --debug’
或者
‘acme.sh --issue --dns dns_he -d tbccj.com -d '*.tbccj.com' --domain-alias acme.win7e.com --debug’

[Mon Jul  9 02:12:37 CST 2018] _chk_main_domain='tbccj.com'
[Mon Jul  9 02:12:37 CST 2018] _chk_alt_domains='*.tbccj.com'
[Mon Jul  9 02:12:37 CST 2018] Le_LocalAddress
[Mon Jul  9 02:12:37 CST 2018] d='tbccj.com'
[Mon Jul  9 02:12:37 CST 2018] Check for domain='tbccj.com'
[Mon Jul  9 02:12:37 CST 2018] _currentRoot='dns_he'
[Mon Jul  9 02:12:37 CST 2018] d='*.tbccj.com'
[Mon Jul  9 02:12:37 CST 2018] Check for domain='*.tbccj.com'
[Mon Jul  9 02:12:37 CST 2018] _currentRoot='dns_he'
[Mon Jul  9 02:12:37 CST 2018] d
[Mon Jul  9 02:12:37 CST 2018] _saved_account_key_hash is not changed, skip register account.
[Mon Jul  9 02:12:37 CST 2018] Read key length:
[Mon Jul  9 02:12:37 CST 2018] _createcsr
[Mon Jul  9 02:12:37 CST 2018] Multi domain='DNS:tbccj.com,DNS:*.tbccj.com'
[Mon Jul  9 02:12:37 CST 2018] Getting domain auth token for each domain
[Mon Jul  9 02:12:37 CST 2018] d='*.tbccj.com'
[Mon Jul  9 02:21:03 CST 2018] _currentRoot='dns_he'
[Mon Jul  9 02:21:03 CST 2018] d='*.tbccj.com'
[Mon Jul  9 02:21:03 CST 2018] _d_alias='=@.win7e.com'
[Mon Jul  9 02:21:03 CST 2018] txtdomain='@.win7e.com'
[Mon Jul  9 02:21:03 CST 2018] txt='YHrK7aW1480afUD7p-aGRaUPUCBwJiXW6m_Rycn15fY'
[Mon Jul  9 02:21:03 CST 2018] d_api='/root/.acme.sh/dnsapi/dns_he.sh'
[Mon Jul  9 02:21:03 CST 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_he.sh
[Mon Jul  9 02:21:03 CST 2018] Using DNS-01 Hurricane Electric hook
[Mon Jul  9 02:22:06 CST 2018] Looking for zone "@.win7e.com"
[Mon Jul  9 02:22:06 CST 2018] Zone "@.win7e.com" doesn't exist, let's try a less specific zone.
[Mon Jul  9 02:22:06 CST 2018] Looking for zone "win7e.com"
[Mon Jul  9 02:22:06 CST 2018] Found relevant zone "win7e.com" with id "432681" - will be used for domain "@.win7e.com".
[Mon Jul  9 02:22:06 CST 2018] Zone id "432681" will be used.
[Mon Jul  9 02:22:06 CST 2018] POST
[Mon Jul  9 02:23:09 CST 2018] TXT record added successfully.
[Mon Jul  9 02:23:09 CST 2018] d='*.tbccj.com'
[Mon Jul  9 02:23:09 CST 2018] _d_alias='=@.win7e.com'
[Mon Jul  9 02:23:09 CST 2018] txtdomain='@.win7e.com'
[Mon Jul  9 02:23:09 CST 2018] txt='_3TPtCMhZwwLy-romC5twb1v-L4KfAnJN4fr5uP62Cc'
[Mon Jul  9 02:23:09 CST 2018] d_api='/root/.acme.sh/dnsapi/dns_he.sh'
[Mon Jul  9 02:23:09 CST 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_he.sh
[Mon Jul  9 02:23:09 CST 2018] Using DNS-01 Hurricane Electric hook

[Mon Jul  9 02:24:13 CST 2018] Looking for zone "@.win7e.com"
[Mon Jul  9 02:24:13 CST 2018] Zone "@.win7e.com" doesn't exist, let's try a less specific zone.
[Mon Jul  9 02:24:13 CST 2018] Looking for zone "win7e.com"
[Mon Jul  9 02:24:13 CST 2018] Found relevant zone "win7e.com" with id "432681" - will be used for domain "@.win7e.com".

[Mon Jul  9 02:25:16 CST 2018] TXT record added successfully.
[Mon Jul  9 02:25:16 CST 2018] Sleep [1;31;32m120[0m seconds for the txt records to take effect
[Mon Jul  9 02:27:17 CST 2018] ok, let's start to verify
[Mon Jul  9 02:27:17 CST 2018] Verifying:tbccj.com
[Mon Jul  9 02:27:17 CST 2018] d='tbccj.com'
[Mon Jul  9 02:29:24 CST 2018] sleep 2 secs to verify
[Mon Jul  9 02:29:26 CST 2018] checking
[Mon Jul  9 02:31:32 CST 2018] tbccj.com:Verify error:No TXT record found at _acme-challenge.tbccj.com
[Mon Jul  9 02:31:32 CST 2018] Skip for removelevel:
[Mon Jul  9 02:31:32 CST 2018] pid
[Mon Jul  9 02:31:32 CST 2018] No need to restore nginx, skip.
[Mon Jul  9 02:31:32 CST 2018] _clearupdns
[Mon Jul  9 02:31:32 CST 2018] Removing DNS records.
[Mon Jul  9 02:31:32 CST 2018] txt='YHrK7aW1480afUD7p-aGRaUPUCBwJiXW6m_Rycn15fY'
[Mon Jul  9 02:31:32 CST 2018] d_api='/root/.acme.sh/dnsapi/dns_he.sh'
[Mon Jul  9 02:31:32 CST 2018] _d_alias='=@.win7e.com'
[Mon Jul  9 02:31:32 CST 2018] Cleaning up after DNS-01 Hurricane Electric hook
[Mon Jul  9 02:31:32 CST 2018] POST
[Mon Jul  9 02:31:32 CST 2018] _post_url='https://dns.he.net/'
[Mon Jul  9 02:32:36 CST 2018] _ret='0'
[Mon Jul  9 02:32:36 CST 2018] Looking for zone "@.win7e.com"
[Mon Jul  9 02:32:36 CST 2018] Zone "@.win7e.com" doesn't exist, let's try a less specific zone.
[Mon Jul  9 02:32:36 CST 2018] Looking for zone "win7e.com"
[Mon Jul  9 02:32:36 CST 2018] Found relevant zone "win7e.com" with id "432681" - will be used for domain "@.win7e.com".
[Mon Jul  9 02:33:39 CST 2018] The txt record is not found, just skip
[Mon Jul  9 02:33:39 CST 2018] txt='_3TPtCMhZwwLy-romC5twb1v-L4KfAnJN4fr5uP62Cc'
[Mon Jul  9 02:33:39 CST 2018] d_api='/root/.acme.sh/dnsapi/dns_he.sh'
[Mon Jul  9 02:33:39 CST 2018] _d_alias='=@.win7e.com'
[Mon Jul  9 02:33:39 CST 2018] Cleaning up after DNS-01 Hurricane Electric hook
[Mon Jul  9 02:34:42 CST 2018] _ret='0'
[Mon Jul  9 02:34:42 CST 2018] Looking for zone "@.win7e.com"
[Mon Jul  9 02:34:42 CST 2018] Zone "@.win7e.com" doesn't exist, let's try a less specific zone.
[Mon Jul  9 02:34:42 CST 2018] Looking for zone "win7e.com"
[Mon Jul  9 02:34:42 CST 2018] Found relevant zone "win7e.com" with id "432681" - will be used for domain "@.win7e.com".
[Mon Jul  9 02:35:46 CST 2018] The txt record is not found, just skip

### 2.challenge-alias
**CNAME:_acme-challenge.tbccj.com => _acme-challenge.win7e.com**
‘acme.sh --issue --dns dns_he -d tbccj.com -d '*.tbccj.com' --challenge-alias win7e.com’

[root@bwg .acme.sh]# ./acme.sh --issue --dns dns_he -d tbccj.com -d '*.tbccj.com' --challenge-alias acme.win7e.com                                        
[Mon Jul  9 00:51:55 CST 2018] Multi domain='DNS:tbccj.com,DNS:*.tbccj.com'
[Mon Jul  9 00:51:55 CST 2018] Getting domain auth token for each domain
[Mon Jul  9 01:00:20 CST 2018] Getting webroot for domain='tbccj.com'
[Mon Jul  9 01:00:20 CST 2018] Getting webroot for domain='*.tbccj.com'
[Mon Jul  9 01:00:21 CST 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_                                                     he.sh
[Mon Jul  9 01:00:21 CST 2018] Using DNS-01 Hurricane Electric hook
[Mon Jul  9 01:02:27 CST 2018] TXT record added successfully.
[Mon Jul  9 01:02:27 CST 2018] Found domain api file: /root/.acme.sh/dnsapi/dns_                                                     he.sh
[Mon Jul  9 01:02:27 CST 2018] Using DNS-01 Hurricane Electric hook
[Mon Jul  9 01:04:39 CST 2018] TXT record added successfully.
[Mon Jul  9 01:04:39 CST 2018] Sleep 120 seconds for the txt records to take eff                                                     ect
[Mon Jul  9 01:06:40 CST 2018] Verifying:tbccj.com
[Mon Jul  9 01:10:55 CST 2018] tbccj.com:Verify error:No TXT record found at _ac                                                     me-challenge.tbccj.com
[Mon Jul  9 01:10:55 CST 2018] Removing DNS records.
[Mon Jul  9 01:10:55 CST 2018] Cleaning up after DNS-01 Hurricane Electric hook
[Mon Jul  9 01:14:06 CST 2018] Record removed successfully.
[Mon Jul  9 01:14:06 CST 2018] Cleaning up after DNS-01 Hurricane Electric hook
[Mon Jul  9 01:17:16 CST 2018] Record removed successfully.
[Mon Jul  9 01:17:16 CST 2018] Please check log file for more details: /usr/loca                                                     l/acme.sh/acme.sh.log

该怎么做？

Neilpang commented 6 years ago

首先, 这个cname 并没有成功:

CNAME _acme-challenge.tbccj.com => acme.win7e.com

其次, 用这个: ‘acme.sh --issue --dns dns_he -d tbccj.com -d '*.tbccj.com' --domain-alias acme.win7e.com --debug’

thriken commented 6 years ago

o.o 是因为当时服务器访问的解析没有生效么想想也是，本地生效很快，远端却不一定。。。后来我把域名NS解析在HE然后申请，也申请了三次才成功，大概有20-40分钟吧 acme服务器那边解析慢吧

acmesh-official / acme.sh

别名验证方式不成功 domain-alias 和challenge-alias #1718

1.domain-alias方式