SSL certificate generation failed SSL 证书生成失败

[zhufx]

问题描述 SSL 证书生成失败 codezhufx.top:Verify error:64.64.242.124: Fetching https://codezhufx.tk: DNS problem: NXDOMAIN looking up A for codezhufx.tk - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for codezhufx.tk - check that a DNS record exists for this domain

看起来是对codezhufx.top生成证书，但是最后寻到了codezhufx.tk这个网址，但是不知道是啥原因。辛苦帮忙看下

It seems to generate a certificate for codezhufx.top, but finally found the URL codezhufx.tk, but I don't know the reason. Please help me take a look Debug log

[Thu Apr 13 11:04:43 EDT 2023] response='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:dns","detail":"64.64.242.124: Fetching https://codezhufx.tk: DNS problem: NXDOMAIN looking up A for codezhufx.tk - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for codezhufx.tk - check that a DNS record exists for this domain","status": 400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/219118288617/d1kKAg","token":"-NyYVbc1yd5WyLm9weHGDlZth3eHcWD-ZH9U4Nc3sR8","validationRecord":[{"url":"http://codezhufx.top/.well-known/acme-challenge/-NyYVbc1yd5WyLm9weHGDlZth3eHcWD-ZH9U4Nc3sR8","hostname":"codezhufx.top","port":"80","addressesResolved":["64.64.242.124"],"addressUsed":"64.64.242.124"}],"validated":"2023-04-13T15:04:40Z"}' [Thu Apr 13 11:04:43 EDT 2023] original='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:dns","detail":"64.64.242.124: Fetching https://codezhufx.tk: DNS problem: NXDOMAIN looking up A for codezhufx.tk - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for codezhufx.tk - check that a DNS record exists for this domain","status": 400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/219118288617/d1kKAg","token":"-NyYVbc1yd5WyLm9weHGDlZth3eHcWD-ZH9U4Nc3sR8","validationRecord":[{"url":"http://codezhufx.top/.well-known/acme-challenge/-NyYVbc1yd5WyLm9weHGDlZth3eHcWD-ZH9U4Nc3sR8","hostname":"codezhufx.top","port":"80","addressesResolved":["64.64.242.124"],"addressUsed":"64.64.242.124"}],"validated":"2023-04-13T15:04:40Z"}' [Thu Apr 13 11:04:43 EDT 2023] response='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:dns","detail":"64.64.242.124: Fetching https://codezhufx.tk: DNS problem: NXDOMAIN looking up A for codezhufx.tk - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for codezhufx.tk - check that a DNS record exists for this domain","status": 400},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/219118288617/d1kKAg","token":"-NyYVbc1yd5WyLm9weHGDlZth3eHcWD-ZH9U4Nc3sR8","validationRecord":[{"url":"http://codezhufx.top/.well-known/acme-challenge/-NyYVbc1yd5WyLm9weHGDlZth3eHcWD-ZH9U4Nc3sR8","hostname":"codezhufx.top","port":"80","addressesResolved":["64.64.242.124"],"addressUsed":"64.64.242.124"}],"validated":"2023-04-13T15:04:40Z"}' [Thu Apr 13 11:04:43 EDT 2023] status='invalid' [Thu Apr 13 11:04:43 EDT 2023] error='"error":{"type":"urn:ietf:params:acme:error:dns","detail":"64.64.242.124: Fetching https://codezhufx.tk: DNS problem: NXDOMAIN looking up A for codezhufx.tk - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for codezhufx.tk - check that a DNS record exists for this domain","status": 400' [Thu Apr 13 11:04:43 EDT 2023] errordetail='64.64.242.124: Fetching https://codezhufx.tk: DNS problem: NXDOMAIN looking up A for codezhufx.tk - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for codezhufx.tk - check that a DNS record exists for this domain' [Thu Apr 13 11:04:43 EDT 2023] codezhufx.top:Verify error:64.64.242.124: Fetching https://codezhufx.tk: DNS problem: NXDOMAIN looking up A for codezhufx.tk - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for codezhufx.tk - check that a DNS record exists for this domain [Thu Apr 13 11:04:43 EDT 2023] Debug: get token url. [Thu Apr 13 11:04:43 EDT 2023] GET [Thu Apr 13 11:04:43 EDT 2023] url='http://codezhufx.top/.well-known/acme-challenge/-NyYVbc1yd5WyLm9weHGDlZth3eHcWD-ZH9U4Nc3sR8' [Thu Apr 13 11:04:43 EDT 2023] timeout=1 [Thu Apr 13 11:04:43 EDT 2023] Http already initialized. [Thu Apr 13 11:04:43 EDT 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.MYUIn1oWHW -g --connect-timeout 1' [Thu Apr 13 11:04:43 EDT 2023] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6 [Thu Apr 13 11:04:43 EDT 2023] Here is the curl dump log: [Thu Apr 13 11:04:43 EDT 2023] == Info: Trying 64.64.242.124... == Info: TCP_NODELAY set == Info: Connected to codezhufx.top (64.64.242.124) port 80 (#0) => Send header, 194 bytes (0xc2) 0000: GET /.well-known/acme-challenge/-NyYVbc1yd5WyLm9weHGDlZth3eHcWD- 0040: ZH9U4Nc3sR8 HTTP/1.1 0056: Host: codezhufx.top 006b: User-Agent: acme.sh/3.0.6 (https://github.com/acmesh-official/ac 00ab: me.sh) 00b3: Accept: / 00c0: <= Recv header, 32 bytes (0x20) 0000: HTTP/1.1 301 Moved Permanently <= Recv header, 22 bytes (0x16) 0000: Server: nginx/1.23.3 <= Recv header, 37 bytes (0x25) 0000: Date: Thu, 13 Apr 2023 15:04:43 GMT <= Recv header, 25 bytes (0x19) 0000: Content-Type: text/html <= Recv header, 21 bytes (0x15) 0000: Content-Length: 169 <= Recv header, 24 bytes (0x18) 0000: Connection: keep-alive <= Recv header, 32 bytes (0x20) 0000: Location: https://codezhufx.tk <= Recv header, 2 bytes (0x2) 0000: == Info: Ignoring the response-body <= Recv data, 169 bytes (0xa9) 0000: 0008: 003b: 0043:

301 Moved Permanently

0074:

---

nginx/1.23.3 0097: 00a0: == Info: Connection #0 to host codezhufx.top left intact == Info: Clear auth, redirects to port from 80 to 443== Info: Issue another request to this URL: 'https://codezhufx.tk' == Info: Rebuilt URL to: https://codezhufx.tk/ == Info: Could not resolve host: codezhufx.tk == Info: Closing connection 1 [Thu Apr 13 11:04:43 EDT 2023] ret='6' [Thu Apr 13 11:04:43 EDT 2023] Debugging, skip removing: codezhufx.top/.well-known/acme-challenge/-NyYVbc1yd5WyLm9weHGDlZth3eHcWD-ZH9U4Nc3sR8 [Thu Apr 13 11:04:43 EDT 2023] pid [Thu Apr 13 11:04:44 EDT 2023] No need to restore nginx, skip. [Thu Apr 13 11:04:44 EDT 2023] _clearupdns [Thu Apr 13 11:04:44 EDT 2023] dns_entries [Thu Apr 13 11:04:44 EDT 2023] skip dns. [Thu Apr 13 11:04:44 EDT 2023] _on_issue_err [Thu Apr 13 11:04:44 EDT 2023] Please add '--debug' or '--log' to check more details. [Thu Apr 13 11:04:44 EDT 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Thu Apr 13 11:04:44 EDT 2023] _chk_vlist='codezhufx.top#-NyYVbc1yd5WyLm9weHGDlZth3eHcWD-ZH9U4Nc3sR8.l2U8aSibHpMj4w6f3VqNOZSGQVGa8im2TVcs3kFptpo#https://acme-v02.api.letsencrypt.org/acme/chall-v3/219118288617/d1kKAg#http-01#codezhufx.top,' [Thu Apr 13 11:04:44 EDT 2023] start to deactivate authz [Thu Apr 13 11:04:44 EDT 2023] Trigger domain validation. [Thu Apr 13 11:04:44 EDT 2023] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/219118288617/d1kKAg' [Thu Apr 13 11:04:44 EDT 2023] _t_key_authz='-NyYVbc1yd5WyLm9weHGDlZth3eHcWD-ZH9U4Nc3sR8.l2U8aSibHpMj4w6f3VqNOZSGQVGa8im2TVcs3kFptpo' [Thu Apr 13 11:04:44 EDT 2023] _t_vtype [Thu Apr 13 11:04:44 EDT 2023] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/219118288617/d1kKAg' [Thu Apr 13 11:04:44 EDT 2023] payload='{}' [Thu Apr 13 11:04:44 EDT 2023] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/directory/account.key [Thu Apr 13 11:04:44 EDT 2023] Use _CACHED_NONCE='F977b6bKSzXzulT40c4XuHbDLr539ThZsFKPg03Gmkcgcpg' [Thu Apr 13 11:04:44 EDT 2023] nonce='F977b6bKSzXzulT40c4XuHbDLr539ThZsFKPg03Gmkcgcpg' [Thu Apr 13 11:04:44 EDT 2023] POST [Thu Apr 13 11:04:44 EDT 2023] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/219118288617/d1kKAg' [Thu Apr 13 11:04:44 EDT 2023] body='{"protected": "eyJub25jZSI6ICJGOTc3YjZiS1N6WHp1bFQ0MGM0WHVIYkRMcjUzOVRoWnNGS1BnMDNHbWtjZ2NwZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvMjE5MTE4Mjg4NjE3L2Qxa0tBZyIsICJhbGciOiAiRVMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTAzOTM1NTc5NyJ9", "payload": "e30", "signature": "cz3qCTqSaCBQIJr0q-1SEY0iR2PsLHl_m4BdwvUnrCbpEcNZUKrlftJOF0ZwB1V0Yj-_U2-UQHzM6mJiqBneDw"}' [Thu Apr 13 11:04:44 EDT 2023] _postContentType='application/jose+json' [Thu Apr 13 11:04:44 EDT 2023] Http already initialized. [Thu Apr 13 11:04:44 EDT 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.MYUIn1oWHW -g ' [Thu Apr 13 11:04:44 EDT 2023] _ret='0' [Thu Apr 13 11:04:44 EDT 2023] responseHeaders='HTTP/2 400 server: nginx date: Thu, 13 Apr 2023 15:04:44 GMT content-type: application/problem+json content-length: 144 boulder-requester: 1039355797 cache-control: public, max-age=0, no-cache link: https://acme-v02.api.letsencrypt.org/directory;rel="index" replay-nonce: 5CA2xfNID88SfRzUL0biwYYiro6x2Hx3VrlmncmNQXLlqhc ' [Thu Apr 13 11:04:44 EDT 2023] code='400' [Thu Apr 13 11:04:44 EDT 2023] original='{ "type": "urn:ietf:params:acme:error:malformed", "detail": "Unable to update challenge :: authorization must be pending", "status": 400 }' [Thu Apr 13 11:04:44 EDT 2023] response='{ "type": "urn:ietf:params:acme:error:malformed", "detail": "Unable to update challenge :: authorization must be pending", "status": 400 }'

acme.sh  --issue .....   --debug 2

[github-actions[bot]]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

[zhufx]

有没有大佬帮忙看下，已经提供debug日志了

[dugwood]

@zhufx your issue is that you don't have an A record:

# dig A codezhufx.tk

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;codezhufx.tk.                  IN      A

;; AUTHORITY SECTION:
tk.                     5       IN      SOA     a.ns.tk. joost\.zuurbier.dot.tk. 1684904464 10800 3600 604800 5

The 301 redirect is fine, if another domain answers for it. But from here the A record is missing (same thing for the AAAA). So the 400 error is okay from Let'sEncrypt.