search

phlinhng / v2ray-tcp-tls-web

VLESS / Trojan-Go / Shadowsocks 脚本 支持纯 IPv6
https://github.com/phlinhng/v2ray-tcp-tls-web/wiki
Do What The F*ck You Want To Public License
684 stars 332 forks source link

2.1.2版本 证书签发一直失败 #63

Closed miaoxinwei closed 3 years ago

miaoxinwei commented 3 years ago

老版本OK,

新版本日志:

Issuing certificate [Fri Oct 16 16:18:02 CST 2020] Using CA: https://acme-v02.api.letsencrypt.org/directory [Fri Oct 16 16:18:02 CST 2020] Create account key ok. [Fri Oct 16 16:18:02 CST 2020] Registering account: https://acme-v02.api.letsencrypt.org/directory [Fri Oct 16 16:18:03 CST 2020] Registered [Fri Oct 16 16:18:03 CST 2020] ACCOUNT_THUMBPRINT='2b-uLYkkOYnJqHqPz7oeRfARH2T13MG3GPRqu72jhdM' [Fri Oct 16 16:18:03 CST 2020] Creating domain key [Fri Oct 16 16:18:03 CST 2020] The domain key is here: /root/.acme.sh/mxwus.top_ecc/mxwus.top.key [Fri Oct 16 16:18:03 CST 2020] Single domain='mxwus.top' [Fri Oct 16 16:18:04 CST 2020] Getting domain auth token for each domain [Fri Oct 16 16:18:05 CST 2020] Getting webroot for domain='mxwus.top' [Fri Oct 16 16:18:06 CST 2020] Verifying: mxwus.top [Fri Oct 16 16:18:06 CST 2020] Nginx mode for domain:mxwus.top [Fri Oct 16 16:18:06 CST 2020] Found conf file: /etc/nginx/sites-enabled/v2gun.conf [Fri Oct 16 16:18:06 CST 2020] Backup /etc/nginx/sites-enabled/v2gun.conf to /root/.acme.sh/mxwus.top_ecc/backup/mxwus.top.nginx.conf [Fri Oct 16 16:18:06 CST 2020] Check the nginx conf before setting up. [Fri Oct 16 16:18:07 CST 2020] OK, Set up nginx config file [Fri Oct 16 16:18:07 CST 2020] nginx conf is done, let's check it again. [Fri Oct 16 16:18:07 CST 2020] Reload nginx [Fri Oct 16 16:18:12 CST 2020] mxwus.top:Verify error:Fetching https://mxwus.top/.well-known/acme-challenge/BC6y3KvkBnYz9YV1od_QVwfDKNz19YP0mu1JLu-sQi0: Connection refused [Fri Oct 16 16:18:12 CST 2020] Restoring from /root/.acme.sh/mxwus.top_ecc/backup/mxwus.top.nginx.conf to /etc/nginx/sites-enabled/v2gun.conf [Fri Oct 16 16:18:12 CST 2020] Reload nginx [Fri Oct 16 16:18:12 CST 2020] Please add '--debug' or '--log' to check more details. [Fri Oct 16 16:18:12 CST 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh Installing certificate [Fri Oct 16 16:18:13 CST 2020] Installing key to:/etc/ssl/v2ray/key.pem [Fri Oct 16 16:18:13 CST 2020] Installing full chain to:/etc/ssl/v2ray/fullchain.pem cat: /root/.acme.sh/mxwus.top_ecc/fullchain.cer: No such file or directory 证书签发失败, 请运行修复证书

miaoxinwei commented 3 years ago

现在是回滚2.0.5在用了,周末再对比下源码,也试过google domains

liwenjie119 commented 3 years ago

这个问题是否是在acme验证完.well-known之前,就重定向http到https导致的?这导致无法通过https验证完成

liwenjie119 commented 3 years ago

我回退了多个版本都无法正常安装

miaoxinwei commented 3 years ago

我回退了多个版本都无法正常安装

老版本无法使用是因为作者改了域名IP校验的接口

用下面代码替换

checkIP() {
  local realIP4="$(curl -s `curl -s https://raw.githubusercontent.com/phlinhng/v2ray-tcp-tls-web/${branch}/custom/ip4_api`)"
  local realIP6="$(curl -s `curl -s https://raw.githubusercontent.com/phlinhng/v2ray-tcp-tls-web/${branch}/custom/ip6_api`)"
  local resolvedIP4="$(ping $1 -c 1 | head -n 1 | grep  -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -n 1)"
  local resolvedIP6="$(ping6 $1 -c 1 | head -n 1 | grep  -oE '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))' | head -n 1)"

  if [[ "${realIP4}" == "${resolvedIP4}" ]] || [[ "${realIP6}" == "${resolvedIP6}" ]]; then
    return 0
  else
    return 1
  fi
}
liwenjie119 commented 3 years ago

我回退了多个版本都无法正常安装

老版本无法使用是因为作者改了域名IP校验的接口

用下面代码替换

checkIP() {
  local realIP4="$(curl -s `curl -s https://raw.githubusercontent.com/phlinhng/v2ray-tcp-tls-web/${branch}/custom/ip4_api`)"
  local realIP6="$(curl -s `curl -s https://raw.githubusercontent.com/phlinhng/v2ray-tcp-tls-web/${branch}/custom/ip6_api`)"
  local resolvedIP4="$(ping $1 -c 1 | head -n 1 | grep  -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -n 1)"
  local resolvedIP6="$(ping6 $1 -c 1 | head -n 1 | grep  -oE '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))' | head -n 1)"

  if [[ "${realIP4}" == "${resolvedIP4}" ]] || [[ "${realIP6}" == "${resolvedIP6}" ]]; then
    return 0
  else
    return 1
  fi
}

回退是个办法,不过我直接重装vps了,然后正常装好了

miaoxinwei commented 3 years ago

确实玄学 新的vps没问题了。。 关闭了