ds920 verify证书报错：DNSSEC: DNSKEY Missing

Itachi666 commented 5 days ago

有点奇怪，是哪里没配上或者过期了么

begin generateCrt
begin updating default cert by acme.sh tool
[Sun Jun 30 14:17:02 CST 2024] Multi domain='DNS:{mydomain.com},DNS:*.{mydomain.com}'
[Sun Jun 30 14:17:02 CST 2024] Getting domain auth token for each domain
[Sun Jun 30 14:17:04 CST 2024] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Sun Jun 30 14:17:08 CST 2024] Getting webroot for domain='{mydomain.com}'
[Sun Jun 30 14:17:08 CST 2024] Getting webroot for domain='*.{mydomain.com}'
[Sun Jun 30 14:17:08 CST 2024] Adding txt value: AAAAAAAAAAAAAAAAAAAAA-skmtxBuSkKTceqpqIak for domain:  _acme-challenge.{mydomain.com}
[Sun Jun 30 14:17:10 CST 2024] The txt record is added: Success.
[Sun Jun 30 14:17:10 CST 2024] Adding txt value: o9nq6NZN7dHgXgr2Off4j1niBz67qB0BbioQeAov8Rw for domain:  _acme-challenge.{mydomain.com}
[Sun Jun 30 14:17:12 CST 2024] The txt record is added: Success.
[Sun Jun 30 14:17:12 CST 2024] Sleep 60 seconds for the txt records to take effect
[Sun Jun 30 14:18:12 CST 2024] Verifying: {mydomain.com}
[Sun Jun 30 14:18:16 CST 2024] Pending
[Sun Jun 30 14:18:19 CST 2024] Pending
[Sun Jun 30 14:18:22 CST 2024] Pending
[Sun Jun 30 14:18:24 CST 2024] {mydomain.com}:Verify error:DNS problem: looking up TXT for _acme-challenge.{mydomain.com}: DNSSEC: DNSKEY Missing
[Sun Jun 30 14:18:24 CST 2024] Removing DNS records.
[Sun Jun 30 14:18:24 CST 2024] Removing txt: wxtQkOP50CYNfff8zGFKGND-skmtxBuSkKTceqpqIak for domain: _acme-challenge.{mydomain.com}
[Sun Jun 30 14:18:27 CST 2024] Removed: Success
[Sun Jun 30 14:18:27 CST 2024] Removing txt: o9nq6NZN7dHfffr2OlJ4j1niBz67qB0BbioQeAov8Rw for domain: _acme-challenge.{mydomain.com}
[Sun Jun 30 14:18:29 CST 2024] Removed: Success
[Sun Jun 30 14:18:29 CST 2024] Please check log file for more details: /volume1/docker/syno-acme/acme.sh/acme.sh.log
[Sun Jun 30 14:18:31 CST 2024] Installing cert to:/usr/syno/etc/certificate/_archive/8zc4w9/cert.pem
cat: /volume1/docker/syno-acme/acme.sh/{mydomain.com}/{mydomain.com}.cer: No such file or directory
[ERR] fail to generateCrt

Itachi666 commented 5 days ago

补一个acme的log

[Sun Jun 30 14:18:12 CST 2024] ok, let's start to verify
[Sun Jun 30 14:18:12 CST 2024] Verifying: {mydomain.com}
[Sun Jun 30 14:18:12 CST 2024] d='{mydomain.com}'
[Sun Jun 30 14:18:12 CST 2024] keyauthorization='ffffffffffffffffffffffff-bdS1KM6ifThRwiRTh3lg_Wg.i3ZmPxutt1wlKBh902DKWXTbfVgk-LY-pD_OMPET5Hs'
[Sun Jun 30 14:18:12 CST 2024] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/370721172857/IDbUZw'
[Sun Jun 30 14:18:12 CST 2024] _currentRoot='dns_ali'
[Sun Jun 30 14:18:12 CST 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/370721172857/IDbUZw'
[Sun Jun 30 14:18:12 CST 2024] payload='{}'
[Sun Jun 30 14:18:12 CST 2024] POST
[Sun Jun 30 14:18:12 CST 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/370721172857/IDbUZw'
[Sun Jun 30 14:18:12 CST 2024] _CURL='curl -L --silent --dump-header /volume1/docker/syno-acme/acme.sh/http.header '
[Sun Jun 30 14:18:13 CST 2024] _ret='0'
[Sun Jun 30 14:18:13 CST 2024] code='200'
[Sun Jun 30 14:18:13 CST 2024] trigger validation code: 200
[Sun Jun 30 14:18:13 CST 2024] sleep 2 secs to verify
[Sun Jun 30 14:18:15 CST 2024] checking
[Sun Jun 30 14:18:15 CST 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/370721172857/IDbUZw'
[Sun Jun 30 14:18:15 CST 2024] payload
[Sun Jun 30 14:18:15 CST 2024] POST
[Sun Jun 30 14:18:15 CST 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/370721172857/IDbUZw'
[Sun Jun 30 14:18:15 CST 2024] _CURL='curl -L --silent --dump-header /volume1/docker/syno-acme/acme.sh/http.header '
[Sun Jun 30 14:18:16 CST 2024] _ret='0'
[Sun Jun 30 14:18:16 CST 2024] code='200'
[Sun Jun 30 14:18:16 CST 2024] Pending
[Sun Jun 30 14:18:16 CST 2024] sleep 2 secs to verify
[Sun Jun 30 14:18:18 CST 2024] checking
[Sun Jun 30 14:18:18 CST 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/370721172857/IDbUZw'
[Sun Jun 30 14:18:18 CST 2024] payload
[Sun Jun 30 14:18:18 CST 2024] POST
[Sun Jun 30 14:18:18 CST 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/370721172857/IDbUZw'
[Sun Jun 30 14:18:18 CST 2024] _CURL='curl -L --silent --dump-header /volume1/docker/syno-acme/acme.sh/http.header '
[Sun Jun 30 14:18:19 CST 2024] _ret='0'
[Sun Jun 30 14:18:19 CST 2024] code='200'
[Sun Jun 30 14:18:19 CST 2024] Pending
[Sun Jun 30 14:18:19 CST 2024] sleep 2 secs to verify
[Sun Jun 30 14:18:21 CST 2024] checking
[Sun Jun 30 14:18:21 CST 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/370721172857/IDbUZw'
[Sun Jun 30 14:18:21 CST 2024] payload
[Sun Jun 30 14:18:21 CST 2024] POST
[Sun Jun 30 14:18:21 CST 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/370721172857/IDbUZw'
[Sun Jun 30 14:18:21 CST 2024] _CURL='curl -L --silent --dump-header /volume1/docker/syno-acme/acme.sh/http.header '
[Sun Jun 30 14:18:21 CST 2024] _ret='0'
[Sun Jun 30 14:18:21 CST 2024] code='200'
[Sun Jun 30 14:18:22 CST 2024] Pending
[Sun Jun 30 14:18:22 CST 2024] sleep 2 secs to verify
[Sun Jun 30 14:18:24 CST 2024] checking
[Sun Jun 30 14:18:24 CST 2024] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/370721172857/IDbUZw'
[Sun Jun 30 14:18:24 CST 2024] payload
[Sun Jun 30 14:18:24 CST 2024] POST
[Sun Jun 30 14:18:24 CST 2024] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/370721172857/IDbUZw'
[Sun Jun 30 14:18:24 CST 2024] _CURL='curl -L --silent --dump-header /volume1/docker/syno-acme/acme.sh/http.header '
[Sun Jun 30 14:18:24 CST 2024] _ret='0'
[Sun Jun 30 14:18:24 CST 2024] code='200'
[Sun Jun 30 14:18:24 CST 2024] {mydomain.com}:Verify error:DNS problem: looking up TXT for _acme-challenge.{mydomain.com}: DNSSEC: DNSKEY Missing
[Sun Jun 30 14:18:24 CST 2024] Skip for removelevel:
[Sun Jun 30 14:18:24 CST 2024] pid
[Sun Jun 30 14:18:24 CST 2024] No need to restore nginx, skip.
[Sun Jun 30 14:18:24 CST 2024] _clearupdns

Itachi666 commented 5 days ago

我是 .top 域名，感觉可能有关系

https://community.letsencrypt.org/t/dns-problem-looking-up-a-for-xxx-domain-top-dnssec-dnskey-missing-no-valid-aaaa-records-found-for-xxx-domain-top/220650/28

https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/667b2f1a30637f178a9534a7

andyzhshg / syno-acme

ds920 verify证书报错：DNSSEC: DNSKEY Missing #111