search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.24k stars 4.96k forks source link

Verify error: "error": { #4678

Open jianchao123 opened 1 year ago

jianchao123 commented 1 year ago

Mon 19 Jun 2023 07:14:32 PM HKT] xxxxxxx.buzz:Verify error:"error":{ [Mon 19 Jun 2023 07:14:32 PM HKT] Debug: get token url. [Mon 19 Jun 2023 07:14:32 PM HKT] GET [Mon 19 Jun 2023 07:14:32 PM HKT] url='http://xxxxxxxxx.buzz/.well-known/acme-challenge/fg4x_mAj159k8Vxyc1rvFLTgh0pt_4qVuIV9bA6AY4w' [Mon 19 Jun 2023 07:14:32 PM HKT] timeout=1 [Mon 19 Jun 2023 07:14:32 PM HKT] _CURL='curl --silent --dump-header /home/xxxx/.acme.sh/http.header -L -g --connect-timeout 1'

404 Not Found

404 Not Found

nginx/1.18.0 (Ubuntu)

[Mon 19 Jun 2023 07:14:32 PM HKT] ret='0' [Mon 19 Jun 2023 07:14:32 PM HKT] Debugging, skip removing: /home/xxxxx/xxxxxxxxxx.buzz/.well-known/acme-challenge/fg4x_mAj159k8Vxyc1rvFLTgh0pt_4qVuIV9bA6AY4w [Mon 19 Jun 2023 07:14:32 PM HKT] pid [Mon 19 Jun 2023 07:14:32 PM HKT] No need to restore nginx, skip.

github-actions[bot] commented 1 year ago

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

jianchao123 commented 1 year ago

I test my Nginx path, it is no problem. Is there a bug in the script?

jianchao123 commented 1 year ago

command: acme.sh --issue -d honeymmarket.buzz -w honeymmarket.buzz --debug

jianchao123 commented 1 year ago

I already chose the other way, I should have chosen the other way earlier

jianchao123 commented 1 year ago

实际上官网提供的certbot更好用,acme.sh真是一个糟糕的工具

xiaohuilam commented 1 year ago

应该是你域名下的验证失败了 建议访问下 http://xxxxxxxxx.buzz/.well-known/acme-challenge/fg4x_mAj159k8Vxyc1rvFLTgh0pt_4qVuIV9bA6AY4w 看看

此问题多数情况是你指定 --webroot 位置错误导致。

1523789353 commented 1 year ago

腾讯云服务器使用zerossl申请时会出现如下日志 [Tue Jun 27 22:18:31 UTC 2023] ***.***.com:Verify error:"error":{ [Tue Jun 27 22:18:31 UTC 2023] Debug: get token url. [Tue Jun 27 22:18:31 UTC 2023] GET [Tue Jun 27 22:18:31 UTC 2023] url='http://***.***.com/.well-known/acme-challenge/uOfP2Ux489hU4GuSOMM0wgNtc1RN1AQUCz8iy8GZ118' [Tue Jun 27 22:18:31 UTC 2023] timeout=1 [Tue Jun 27 22:18:31 UTC 2023] Http already initialized. [Tue Jun 27 22:18:31 UTC 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --trace-ascii /tmp/tmp.o5gzEmRafD -g --connect-timeout 1' uOfP2Ux489hU4GuSOMM0wgNtc1RN1AQUCz8iy8GZ118.cHuy1bntfHVYDzUlAND26AqPKKjC4KC2k8hIUCahx4Q[Tue Jun 27 22:18:31 UTC 2023] ret='0' [Tue Jun 27 22:18:31 UTC 2023] Debugging, skip removing: /root/acme/.well-known/acme-challenge/uOfP2Ux489hU4GuSOMM0wgNtc1RN1AQUCz8iy8GZ118 [Tue Jun 27 22:18:31 UTC 2023] pid [Tue Jun 27 22:18:31 UTC 2023] No need to restore nginx, skip. [Tue Jun 27 22:18:31 UTC 2023] _clearupdns [Tue Jun 27 22:18:31 UTC 2023] dns_entries [Tue Jun 27 22:18:31 UTC 2023] skip dns. [Tue Jun 27 22:18:31 UTC 2023] _on_issue_err [Tue Jun 27 22:18:31 UTC 2023] Please check log file for more details: /root/.acme.sh/acme.sh.log

添加--server letsencrypt --staging后会有如下日志 [Tue Jun 27 22:06:14 UTC 2023] original='{ "type": "http-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "***.***.***.***: Invalid response from https://dnspod.qcloud.com/static/webblock.html?d=***.***.com: \"\u003c!DOCTYPE html\u003e\\n\u003chtml\u003e\\n\\t\u003chead\u003e\\n\\t\\t\u003cmeta charset=\\\"utf-8\\\" /\u003e\\n\\t\\t\u003cmeta http-equiv=\\\"X-UA-Compatible\\\" content=\\\"IE=edge,chrome=1\\\" /\u003e\\n\\t\\t\u003c\"", "status": 403 }, "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/240605822127/ozI0ug", "token": "iZmX1H41TsNge4nHgY4njtcUnyLTKMRiL_cQZnfiuOc", "validationRecord": [ { "url": "http://***.***.com/.well-known/acme-challenge/iZmX1H41TsNge4nHgY4njtcUnyLTKMRiL_cQZnfiuOc", "hostname": "***.***.com", "port": "80", "addressesResolved": [ "***.***.***.***" ], "addressUsed": "***.***.***.***" }, { "url": "https://dnspod.qcloud.com/static/webblock.html?d=***.***.com", "hostname": "dnspod.qcloud.com", "port": "443", "addressesResolved": [ "128.14.246.42", "128.14.246.10", "128.14.246.11", "128.14.246.43" ], "addressUsed": "128.14.246.42" } ], "validated": "2023-06-27T22:06:10Z" }' 证实服务器443端口被腾讯云防火墙拦截

croomagnon commented 1 year ago

Problem is with nginx. I am running multiple domains off the same site.

Try this go to /etc/nginx/sites-enabled/<your-site>.conf then add like this 

 location /.well-known/acme-challenge/ {
                root /var/www/html/;
        }

It is when the domain is being verified that acme will create file .well-known/acme-challenge/<random>. this file is created in the root folder described above. if you have set up your files to serve off another location then //<youdomain.com>/.well-known/acme-challenge/ will not resolve to where acme.sh has written the file.

Other thing to try is when renewing use the --debug parameter and notice the url acme will verifiy the token. In previous comment it is http://xxxxxxxxx.buzz/.well-known/acme-challenge/fg4x_mAj159k8Vxyc1rvFLTgh0pt_4qVuIV9bA6AY4w, use curl to retrieve this location. If you get Error 400 - Bad Request it means the http request is redirected to port 443 on nginx, so you need to disable this behaviour. I went into .conf file and set ssl on to ssl off.

livehl commented 1 year ago

有没有可能是网站挂了其他https证书导致的? 反正我这里无论如何都过不了。挂了其他的网站

MrLiInGitHub commented 1 year ago

我也碰到了这个错误,结果是我的域名解析里面有之前添加的challenge记录没有删除才导致的报错,silly of me,不知道对你有没有帮助。