Neilpang
commented
7 years ago 请 加上 --debug 2 输出更详细的log
Closed xjdata closed 7 years ago
Neilpang
commented
7 years ago 请 加上 --debug 2 输出更详细的log
xjdata
commented
7 years ago @Neilpang 谢谢。我debug 2又跑了下。日志如下
/root/.acme.sh/acme.sh --issue -d imxin.cn --dns dns_cx --log --debug 2
[Tue Dec 27 12:18:01 CST 2016] Lets find script dir.
[Tue Dec 27 12:18:01 CST 2016] _SCRIPT_='/root/.acme.sh/acme.sh'
[Tue Dec 27 12:18:01 CST 2016] _script='/root/.acme.sh/acme.sh'
[Tue Dec 27 12:18:01 CST 2016] _script_home='/root/.acme.sh'
[Tue Dec 27 12:18:01 CST 2016] Using default home:/root/.acme.sh
[Tue Dec 27 12:18:01 CST 2016] 8:LOG_FILE='/root/.acme.sh/acme.sh.log'
[Tue Dec 27 12:18:01 CST 2016] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.6.5
[Tue Dec 27 12:18:01 CST 2016] Using api:
[Tue Dec 27 12:18:01 CST 2016] DOMAIN_PATH='/root/.acme.sh/imxin.cn'
[Tue Dec 27 12:18:01 CST 2016] Le_NextRenewTime
[Tue Dec 27 12:18:01 CST 2016] 1:Le_Domain='imxin.cn'
[Tue Dec 27 12:18:01 CST 2016] 2:Le_Alt='no'
[Tue Dec 27 12:18:01 CST 2016] 3:Le_Webroot='dns_cx'
[Tue Dec 27 12:18:01 CST 2016] 4:Le_PreHook=''
[Tue Dec 27 12:18:01 CST 2016] 5:Le_PostHook=''
[Tue Dec 27 12:18:01 CST 2016] 6:Le_RenewHook=''
[Tue Dec 27 12:18:01 CST 2016] 7:Le_API='https://acme-v01.api.letsencrypt.org'
[Tue Dec 27 12:18:01 CST 2016] _on_before_issue
[Tue Dec 27 12:18:01 CST 2016] 'dns_cx' does not contain 'no'
[Tue Dec 27 12:18:01 CST 2016] Le_LocalAddress
[Tue Dec 27 12:18:01 CST 2016] Check for domain='imxin.cn'
[Tue Dec 27 12:18:01 CST 2016] _currentRoot='dns_cx'
[Tue Dec 27 12:18:01 CST 2016] 'dns_cx' does not contain 'apache'
[Tue Dec 27 12:18:01 CST 2016] _saved_account_key_hash='XGDEyw6Et19Vc23f6xPz3ZSjW0G15x9tEAoYzWf01wo='
[Tue Dec 27 12:18:01 CST 2016] _saved_account_key_hash is not changed, skip register account.
[Tue Dec 27 12:18:01 CST 2016] Read key length:
[Tue Dec 27 12:18:01 CST 2016] _createcsr
[Tue Dec 27 12:18:01 CST 2016] domain='imxin.cn'
[Tue Dec 27 12:18:01 CST 2016] domainlist
[Tue Dec 27 12:18:01 CST 2016] csrkey='/root/.acme.sh/imxin.cn/imxin.cn.key'
[Tue Dec 27 12:18:01 CST 2016] csr='/root/.acme.sh/imxin.cn/imxin.cn.csr'
[Tue Dec 27 12:18:01 CST 2016] csrconf='/root/.acme.sh/imxin.cn/imxin.cn.csr.conf'
[Tue Dec 27 12:18:01 CST 2016] Single domain='imxin.cn'
[Tue Dec 27 12:18:01 CST 2016] _is_idn_d='imxin.cn'
[Tue Dec 27 12:18:01 CST 2016] _idn_temp
[Tue Dec 27 12:18:01 CST 2016] _csr_cn='imxin.cn'
[Tue Dec 27 12:18:01 CST 2016] 8:Le_Keylength=''
[Tue Dec 27 12:18:01 CST 2016] Getting domain auth token for each domain
[Tue Dec 27 12:18:01 CST 2016] Getting webroot for domain='imxin.cn'
[Tue Dec 27 12:18:01 CST 2016] _w='dns_cx'
[Tue Dec 27 12:18:01 CST 2016] _currentRoot='dns_cx'
[Tue Dec 27 12:18:01 CST 2016] Getting new-authz for domain='imxin.cn'
[Tue Dec 27 12:18:01 CST 2016] Try new-authz for the 0 time.
[Tue Dec 27 12:18:01 CST 2016] _is_idn_d='imxin.cn'
[Tue Dec 27 12:18:01 CST 2016] _idn_temp
[Tue Dec 27 12:18:01 CST 2016] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Dec 27 12:18:01 CST 2016] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "imxin.cn"}}'
[Tue Dec 27 12:18:01 CST 2016] RSA key
[Tue Dec 27 12:18:01 CST 2016] Get nonce.
[Tue Dec 27 12:18:01 CST 2016] GET
[Tue Dec 27 12:18:01 CST 2016] url='https://acme-v01.api.letsencrypt.org/directory'
[Tue Dec 27 12:18:01 CST 2016] timeout
[Tue Dec 27 12:18:01 CST 2016] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.NhcpHh '
[Tue Dec 27 12:18:03 CST 2016] ret='0'
[Tue Dec 27 12:18:03 CST 2016] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 352
Boulder-Request-Id: 7KgWVmxwepZkdp0d-wpygLtRl6SUDZGX0Tev7yKRnGQ
Replay-Nonce: HUy8nogxwPb3CfP5WgrfVepmuZxKdtvi3dgt8d0LIEE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 27 Dec 2016 04:18:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 27 Dec 2016 04:18:03 GMT
Connection: keep-alive
'
[Tue Dec 27 12:18:03 CST 2016] _CACHED_NONCE='HUy8nogxwPb3CfP5WgrfVepmuZxKdtvi3dgt8d0LIEE'
[Tue Dec 27 12:18:03 CST 2016] nonce='HUy8nogxwPb3CfP5WgrfVepmuZxKdtvi3dgt8d0LIEE'
[Tue Dec 27 12:18:03 CST 2016] POST
[Tue Dec 27 12:18:03 CST 2016] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Tue Dec 27 12:18:03 CST 2016] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "5hifr5bG4SpKh8NvjdCcZqO9CKcbhj5WAc541HD7E0NlGO-BMlW0VqvXUhE3RrbLrnHlwKF
EsnyigOf-Wvubq7jTghOyRRr0CiQPhYqT7eAjnGOvKanCbqB_z7MIgan1sYI1AmQrfkReMhOzJ0JpBeGiOZnPzr6eQQ8tMtHPnxzun6_8zfDheG1bB9oSbIwbrLh9l_UQcdhRAuplV5fJeTdaWzP7kZAY-BdSH10FCqQHLBr7OyyY_w8S
BOh3sJhDrweeoL5qec63pF1AhPi3Djrw3TwMdyVkrPBWzgt7BMl1vbqrUDViI5k-vwKcjJ33m4HJ00nsvA1LLLrbCrx8qw"}}, "protected": "eyJub25jZSI6ICJIVXk4bm9neHdQYjNDZlA1V2dyZlZlcG11WnhLZHR2aTNkZ3Q4
ZDBMSUVFIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiNWhpZnI1Ykc0U3BLaDhOdmpkQ2NacU85Q0tjYmhqNVdBYzU0MUhEN0UwTmxHTy1CTWxXMFZxdlhVaEUzUnJiTHJuS
Gx3S0ZFc255aWdPZi1XdnVicTdqVGdoT3lSUnIwQ2lRUGhZcVQ3ZUFqbkdPdkthbkNicUJfejdNSWdhbjFzWUkxQW1RcmZrUmVNaE96SjBKcEJlR2lPWm5QenI2ZVFROHRNdEhQbnh6dW42Xzh6ZkRoZUcxYkI5b1NiSXdickxoOWxfVV
FjZGhSQXVwbFY1ZkplVGRhV3pQN2taQVktQmRTSDEwRkNxUUhMQnI3T3l5WV93OFNCT2gzc0poRHJ3ZWVvTDVxZWM2M3BGMUFoUGkzRGpydzNUd01keVZrclBCV3pndDdCTWwxdmJxclVEVmlJNWstdndLY2pKMzNtNEhKMDBuc3ZBMUx
MTHJiQ3J4OHF3In19", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiaW14aW4uY24ifX0", "signature": "TqRmrw7olNHiNBdTAEI6K35Hq
amhUaffUbxZ1lRBiCwTOLHK6rtrHOgqfJ7fOy4jHBc8h46SZ9jGuqwLJn3u_H9-t8oRD5CUjgF1gf8iXAi7gpElLB2ZEVs7Nr_i0-vB1VZl-ShyXffoLCpyHgco3bKkIJedKBBfNmBmk7PnONV2oUdl7FxSdavZg02KuDTQmOf0fc3vHq
p0yZOfZ4fULp1ijYs57wB9Htk73DzZ-2hkuo6nowaRBoFcGR6wpCyEiuXL5NTxoAc4Ft_3jrL27PwtyaJyMjTdyHoY8_7XFLb9vgPXvmjfolru5p1Mt1jTgpwc3mWo01nrwCmCCdnqvw"}'
[Tue Dec 27 12:18:03 CST 2016] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.hfFigb '
[Tue Dec 27 12:18:06 CST 2016] _ret='0'
[Tue Dec 27 12:18:06 CST 2016] original='{
"identifier": {
"type": "dns",
"value": "imxin.cn"
},
"status": "pending",
"expires": "2017-01-03T04:18:06.164554913Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/ThTIWZWqZC2sLT0pKb7AMZ9wlvWt1w-7t6PyYNFT49c/448846450",
"token": "tyQ7QulRopLPB5KuXBhLWU3Zynbk3qwSkYeMIcLbsJo"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/ThTIWZWqZC2sLT0pKb7AMZ9wlvWt1w-7t6PyYNFT49c/448846451",
"token": "GPxlX2HMKv21lMVBoqb43x4uBvqX09ZbAY5TUz82XQc"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/ThTIWZWqZC2sLT0pKb7AMZ9wlvWt1w-7t6PyYNFT49c/448846452",
"token": "aFOyzHsY1FpzOTSe8Gzh8EfMfatGczD-bn1VbyYfMoA"
}
],
"combinations": [
[
0
],
[
2
],
[
1
]
]
}'
[Tue Dec 27 12:18:06 CST 2016] responseHeaders='HTTP/1.1 100 Continue
Expires: Tue, 27 Dec 2016 04:18:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 993
Boulder-Request-Id: 8SKsmQPD1frdTQbN9D70GuZeROBAZiPY8PP2Z7WVhmw
Boulder-Requester: 7770878
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/ThTIWZWqZC2sLT0pKb7AMZ9wlvWt1w-7t6PyYNFT49c
Replay-Nonce: 7VjvtuyDNiOWXbR5oZHerNLHEadgoCQ_hZKLDQkmXMU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 27 Dec 2016 04:18:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 27 Dec 2016 04:18:06 GMT
Connection: keep-alive
'
[Tue Dec 27 12:18:06 CST 2016] response='{"identifier":{"type":"dns","value":"imxin.cn"},"status":"pending","expires":"2017-01-03T04:18:06.164554913Z","challenges":[{"type":"htt
p-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ThTIWZWqZC2sLT0pKb7AMZ9wlvWt1w-7t6PyYNFT49c/448846450","token":"tyQ7QulRopLPB5KuXBhLWU3Zynbk3
qwSkYeMIcLbsJo"},{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ThTIWZWqZC2sLT0pKb7AMZ9wlvWt1w-7t6PyYNFT49c/448846451","token":"G
PxlX2HMKv21lMVBoqb43x4uBvqX09ZbAY5TUz82XQc"},{"type":"tls-sni-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ThTIWZWqZC2sLT0pKb7AMZ9wlvWt1w-7t
6PyYNFT49c/448846452","token":"aFOyzHsY1FpzOTSe8Gzh8EfMfatGczD-bn1VbyYfMoA"}],"combinations":[[0],[2],[1]]}'
[Tue Dec 27 12:18:06 CST 2016] code='201'
[Tue Dec 27 12:18:06 CST 2016] The new-authz request is ok.
[Tue Dec 27 12:18:06 CST 2016] entry='"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/ThTIWZWqZC2sLT0pKb7AMZ9wlvWt1w-7t6PyYNFT49c/4
48846451","token":"GPxlX2HMKv21lMVBoqb43x4uBvqX09ZbAY5TUz82XQc"'
[Tue Dec 27 12:18:06 CST 2016] token='GPxlX2HMKv21lMVBoqb43x4uBvqX09ZbAY5TUz82XQc'
[Tue Dec 27 12:18:06 CST 2016] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/ThTIWZWqZC2sLT0pKb7AMZ9wlvWt1w-7t6PyYNFT49c/448846451'
[Tue Dec 27 12:18:06 CST 2016] keyauthorization='GPxlX2HMKv21lMVBoqb43x4uBvqX09ZbAY5TUz82XQc.nMq1sYLkhe_CdPg_PWSh-GQHSihOOv_pYrS44ELrXBI'
[Tue Dec 27 12:18:06 CST 2016] dvlist='imxin.cn#GPxlX2HMKv21lMVBoqb43x4uBvqX09ZbAY5TUz82XQc.nMq1sYLkhe_CdPg_PWSh-GQHSihOOv_pYrS44ELrXBI#https://acme-v01.api.letsencrypt.org/acme
/challenge/ThTIWZWqZC2sLT0pKb7AMZ9wlvWt1w-7t6PyYNFT49c/448846451#dns-01#dns_cx'
[Tue Dec 27 12:18:06 CST 2016] txtdomain='_acme-challenge.imxin.cn'
[Tue Dec 27 12:18:06 CST 2016] txt='-xszZA2uJ7aPLnyLLPOzRUwW0LTAj20vSVSbieiCxd8'
[Tue Dec 27 12:18:06 CST 2016] d_api='/root/.acme.sh/dnsapi/dns_cx.sh'
[Tue Dec 27 12:18:06 CST 2016] Found domain api file: /root/.acme.sh/dnsapi/dns_cx.sh
[Tue Dec 27 12:18:06 CST 2016] 22:CX_Key='90f84a3a5b794cdd8c2232a972801353'
[Tue Dec 27 12:18:06 CST 2016] 23:CX_Secret='dbd5431859c415e6'
[Tue Dec 27 12:18:06 CST 2016] First detect the root zone
[Tue Dec 27 12:18:06 CST 2016] ep='domain'
[Tue Dec 27 12:18:06 CST 2016] url='https://www.cloudxns.net/api2/domain'
[Tue Dec 27 12:18:06 CST 2016] cdate='2016-12-27 04:18:06 UTC'
[Tue Dec 27 12:18:06 CST 2016] data
[Tue Dec 27 12:18:06 CST 2016] sec='90f84a3a5b794cdd8c2232a972801353https://www.cloudxns.net/api2/domain2016-12-27 04:18:06 UTCdbd5431859c415e6'
[Tue Dec 27 12:18:06 CST 2016] hmac='cc3398d34d8a79d61449d4902d651202'
[Tue Dec 27 12:18:06 CST 2016] GET
[Tue Dec 27 12:18:06 CST 2016] url='https://www.cloudxns.net/api2/domain'
[Tue Dec 27 12:18:06 CST 2016] timeout
[Tue Dec 27 12:18:06 CST 2016] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header --trace-ascii /tmp/tmp.jcjJJg '
[Tue Dec 27 12:18:07 CST 2016] ret='0'
[Tue Dec 27 12:18:07 CST 2016] response='{"code":1,"message":"success","total":"15","data":[{"id":"322431","domain":"imxin.cn.","status":"o
k","level":"3","take_over_status":"ok","create_time":"2016-12-25 06:13:32","update_time":"2016-12-27 05:51:42","ttl":"600"}]}'
[Tue Dec 27 12:18:07 CST 2016] h='imxin.cn'
[Tue Dec 27 12:18:07 CST 2016] seg
[Tue Dec 27 12:18:07 CST 2016] _domain_id
[Tue Dec 27 12:18:07 CST 2016] invalid domain
[Tue Dec 27 12:18:07 CST 2016] Error add txt for domain:_acme-challenge.imxin.cn
[Tue Dec 27 12:18:07 CST 2016] pid
[Tue Dec 27 12:18:07 CST 2016] _clearupdns
[Tue Dec 27 12:18:07 CST 2016] Dns not added, skip.
[Tue Dec 27 12:18:07 CST 2016] _on_issue_err
[Tue Dec 27 12:18:07 CST 2016] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Tue Dec 27 12:18:07 CST 2016] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2j 26 Sep 2016
apache:
apache doesn't exists.
nc:
OpenBSD netcat (Debian patchlevel 4)
usage: nc [-46DdhklnrStUuvzC] [-i interval] [-P proxy_username] [-p source_port]
[-s source_ip_address] [-T ToS] [-w timeout] [-X proxy_protocol]
[-x proxy_address[:port]] [hostname] [port[s]]
Command Summary:
-4 Use IPv4
-6 Use IPv6
-D Enable the debug socket option
-d Detach from stdin
-h This help text
-i secs Delay interval for lines sent, ports scanned
-k Keep inbound sockets open for multiple connects
-l Listen mode, for inbound connects
-n Suppress name/port resolutions
-P proxyuser Username for proxy authentication
-p port Specify local port for remote connects
-q secs quit after EOF on stdin and delay of secs
-r Randomize remote ports
-S Enable the TCP MD5 signature option
-s addr Local source address
-T ToS Set IP Type of Service
-C Send CRLF as line-ending
-t Answer TELNET negotiation
-U Use UNIX domain socket
-u UDP mode
-v Verbose
-w secs Timeout for connects and final net reads
-X proto Proxy protocol: "4", "5" (SOCKS) or "connect"
-x addr[:port] Specify proxy address and port
-z Zero-I/O mode [used for scanning]
Port numbers can be individual or ranges: lo-hi [inclusive]你是什么系统. 有bash 吗
xjdata
commented
7 years ago 我docker下面跑的。 alpine。
RUN apk --no-cache add openssl curl netcat-openbsd \
&& curl https://get.acme.sh | sh
&& /root/.acme.sh/acme.sh \
--issue \
-d $DOMAIN \
--dns dns_cx \
--log \
--debug 2 \
--accountemail $ACCOUNTE_MAIL \
--auto-upgrade \
#&& proxychains4 /root/.acme.sh/acme.sh \
&& /root/.acme.sh/acme.sh \
--installcert \
-d $DOMAIN \
--keypath $SITE_DIR/$KEY_NAME.key \
--certpath $SITE_DIR/$KEY_NAME.domain.cer \
--capath $SITE_DIR/$KEY_NAME.ca.cer \
--fullchainpath $SITE_DIR/$KEY_NAME.fullchain.cer \
--reloadcmd "service nginx force-reload"
--log好的, 我回头再 alpine 上测一下 dns_cx
xjdata
commented
7 years ago 多谢~
Neilpang
commented
7 years ago dns_cx 在alpine上的确是有问题, 我晚上回去修.
xjdata
commented
7 years ago 无私奉献,太感谢了。
Neilpang
commented
7 years ago @xjdata 修掉了. 你再试试.
xjdata
commented
7 years ago 多谢!
Neilpang
commented
7 years ago @xjdata 忘了问一个问题了. 你是安装的acme.sh 还是直接拷贝的.
安装完之后, 文件头是 sh 还是 bash
xjdata
commented
7 years ago curl https://get.acme.sh | sh
安装的。
Neilpang
commented
7 years ago 麻烦看一下文件头:
head -1 ~/.acme.sh/dnsapi/dns_cx.shhead -1 ~/.acme.sh/dnsapi/dns_cx.sh
#!/usr/bin/env sh
命令如下
日志如下。
谢谢。