最新消息:20190717 VPS服务器:Vultr新加坡,WordPress主题:大前端D8,统一介绍入口:关于

【已解决】OneinStack添加虚拟主机的Let’s Encrypt的ssl证书出错:Let’s Encrypt Verify error! DNS problem: NXDOMAIN looking up A for

WebServer crifan 858浏览 0评论

折腾:

【已解决】给腾讯云香港CVM的CentOS中OneinStack中添加虚拟主机vhost配置

期间,在网站搬家,从Linode的VPS到腾讯云的香港CVM之前,

目前在还没有把服务器和DNS等配置更新呢,

即此刻crifan.com还是在Linode中呢:

<code>➜  ~ ping www.crifan.com
PING www.crifan.com (80.85.87.205): 56 data bytes
64 bytes from 80.85.87.205: icmp_seq=0 ttl=51 time=357.193 ms
64 bytes from 80.85.87.205: icmp_seq=1 ttl=51 time=301.462 ms
64 bytes from 80.85.87.205: icmp_seq=2 ttl=51 time=443.761 ms
64 bytes from 80.85.87.205: icmp_seq=3 ttl=51 time=275.714 ms
64 bytes from 80.85.87.205: icmp_seq=4 ttl=51 time=315.201 ms
^C
--- www.crifan.com ping statistics ---
6 packets transmitted, 5 packets received, 16.7% packet loss
round-trip min/avg/max/stddev = 275.714/338.666/443.761/58.798 ms
</code>

然后就先去OneinStack中试试添加vhost,结果出错:

<code>What Are You Doing?
        1. Use HTTP Only
        2. Use your own SSL Certificate and Key
        3. Use Let's Encrypt to Create SSL Certificate and Key
        q. Exit
Please input the correct option: 3

Please input domain(example: www.example.com): www.crifan.com
domain=www.crifan.com

Please input the directory for the domain:www.crifan.com :
(Default directory: /data/wwwroot/www.crifan.com): 
Virtual Host Directory=/data/wwwroot/www.crifan.com

Create Virtul Host directory......
set permissions of Virtual Host directory......

Do you want to add more domain name? [y/n]: crifan.com
input error! Please only input 'y' or 'n'

Do you want to add more domain name? [y/n]: y

Type domainname or IP(example: example.com other.example.com): crifan.com
domain list=crifan.com

Do you want to redirect from crifan.com to www.crifan.com? [y/n]: y

Do you want to redirect all HTTP requests to HTTPS? [y/n]: y

Let's Encrypt Verify error! DNS problem: NXDOMAIN looking up A for www.crifan.com

Let's Encrypt Verify error! DNS problem: NXDOMAIN looking up A for crifan.com
[Tue Dec 25 21:41:34 CST 2018] Registering account
[Tue Dec 25 21:41:36 CST 2018] Registered
[Tue Dec 25 21:41:36 CST 2018] ACCOUNT_THUMBPRINT='Rve1oSDwjdR0r9OQgKswSrga5vuq2xkzelJ58cX6cqg'
[Tue Dec 25 21:41:36 CST 2018] Creating domain key
[Tue Dec 25 21:41:36 CST 2018] The domain key is here: /root/.acme.sh/www.crifan.com/www.crifan.com.key
[Tue Dec 25 21:41:36 CST 2018] Multi domain='DNS:www.crifan.com,DNS:crifan.com'
[Tue Dec 25 21:41:36 CST 2018] Getting domain auth token for each domain
[Tue Dec 25 21:41:36 CST 2018] Getting webroot for domain='www.crifan.com'
[Tue Dec 25 21:41:36 CST 2018] Getting new-authz for domain='www.crifan.com'
[Tue Dec 25 21:41:38 CST 2018] The new-authz request is ok.
[Tue Dec 25 21:41:38 CST 2018] Getting webroot for domain='crifan.com'
[Tue Dec 25 21:41:38 CST 2018] Getting new-authz for domain='crifan.com'
[Tue Dec 25 21:41:39 CST 2018] The new-authz request is ok.
[Tue Dec 25 21:41:39 CST 2018] Verifying:www.crifan.com
[Tue Dec 25 21:41:43 CST 2018] Pending
[Tue Dec 25 21:41:46 CST 2018] www.crifan.com:Verify error:Invalid response from https://www.crifan.com/.well-known/acme-challenge/hWTtdFEsnlVmHhWEXp8vyj4xGACpyJ1rIwnApNpySq4: 
[Tue Dec 25 21:41:46 CST 2018] Please add '--debug' or '--log' to check more details.
[Tue Dec 25 21:41:46 CST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
Error: Create Let's Encrypt SSL Certificate failed! 
[root@VM_0_11_centos oneinstack]# 
</code>

<code>[root@VM_0_11_centos oneinstack]# ls /data/
mysql  wwwlogs  wwwroot
[root@VM_0_11_centos oneinstack]# ls /data/wwwroot/
default  www.crifan.com
[root@VM_0_11_centos oneinstack]# ls /data/wwwroot/www.crifan.com/
[root@VM_0_11_centos oneinstack]# ls -lh /data/wwwroot/
total 8.0K
drwxr-xr-x 3 www www 4.0K Dec 25 21:17 default
drwxr-xr-x 2 www www 4.0K Dec 25 21:41 www.crifan.com
</code>

目前

/data/wwwroot/www.crifan.com/

是空的

等后续网站内容备份好了,再继续去看看此处的ssl证书的问题如何解决

是不是只是 去原Linode中crifan.com中拷贝过来ssl证书的pem和crt等文件 就可以了。

不过此处add vhost后续步骤:

都还没执行呢。所以也不对。

搜:

oneinstack let’s encrypt Verify error:Invalid response from

OneinStack自动部署Let’s Encrypt证书 | Linux运维笔记

“升级acme.sh: acme.sh upgrade

之后再试试!”

待会去试试

Let’s Encrypt无法创建 – OneinStack

启用Let’s Encrypt错误? – OneinStack

去看看:

How to debug acme.sh · Neilpang/acme.sh Wiki

centos7安装SSL证书失败 – OneinStack

Let’s Encrypt 免费 SSL 证书续期失败的处理 – 简书

想要试试:

acme.sh upgrade

结果此处根本没有acme.sh:

<code>[root@VM_0_11_centos oneinstack]# ll
total 3300
-rwxr-xr-x 1 root root   25291 Dec 25 18:41 addons.sh
-rwxr-xr-x 1 root root   18853 Dec 25 18:41 backup_setup.sh
-rwxr-xr-x 1 root root    7858 Dec 25 18:41 backup.sh
drwxr-xr-x 2 root root    4096 Dec 25 18:41 config
drwxr-xr-x 2 root root    4096 Dec 25 18:41 include
drwxr-xr-x 2 root root    4096 Dec 25 18:41 init.d
-rw-r--r-- 1 root root 3116030 Dec 25 21:17 install.log
-rwxr-xr-x 1 root root   43681 Dec 25 18:41 install.sh
-rw-r--r-- 1 root root   11358 Dec 25 18:41 LICENSE
-rw-r--r-- 1 root root    2395 Dec 25 21:00 options.conf
-rwxr-xr-x 1 root root    7778 Dec 25 18:41 pureftpd_vhost.sh
-rw-r--r-- 1 root root    5489 Dec 25 18:41 README.md
-rwxr-xr-x 1 root root    4926 Dec 25 18:41 reset_db_root_password.sh
drwxr-xr-x 4 root root    4096 Dec 25 21:40 src
-rwxr-xr-x 1 root root   11390 Dec 25 18:41 ss.sh
drwxr-xr-x 2 root root    4096 Dec 25 18:41 tools
-rwxr-xr-x 1 root root   17441 Dec 25 18:41 uninstall.sh
-rwxr-xr-x 1 root root    5725 Dec 25 18:41 upgrade.sh
-rw-r--r-- 1 root root    1803 Dec 25 18:41 versions.txt
-rwxr-xr-x 1 root root   47574 Dec 25 18:41 vhost.sh
</code>

然后注意到期间的错误:

<code>Let's Encrypt Verify error! DNS problem: NXDOMAIN looking up A for www.crifan.com
Let's Encrypt Verify error! DNS problem: NXDOMAIN looking up A for crifan.com
</code>

再加上别人提到已经添加了A记录

-》推断是:

此处是由于:DNS还是指向旧的Linode的VPS,所以DNS解析出错了。

-》解决办法应该是:

等搬家完成后,更新DNS域名设置,把crifan.comwww.crifan.com解析为当前的腾讯云的服务器,然后再去vhost,估计就可以了。

待后续确认和验证

顺带也继续去搜搜看:

oneinstack let’s encrypt Verify error! DNS problem: NXDOMAIN looking up A

Let’s Encrypt Verify error! – OneinStack

后续也去看看,是否和防火墙,安全组,是否有关系

Let’s Encrypt 的 NXDOMAIN 机制到底是怎样的 – V2EX

<code>➜  ~ dig www.crifan.com

; &lt;&lt;&gt;&gt; DiG 9.10.6 &lt;&lt;&gt;&gt; www.crifan.com
;; global options: +cmd
;; Got answer:
;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 60995
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.crifan.com.            IN    A

;; ANSWER SECTION:
www.crifan.com.        133    IN    A    80.85.87.205

;; Query time: 107 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Tue Dec 25 22:03:15 CST 2018
;; MSG SIZE  rcvd: 59
</code>

解决Let’s Encrypt SSL证书配置错误”DNS problem: NXDOMAIN looking up A for xxx.com” – 数安时代(GDCA)

“出现这个问题原因可能是:

刚刚解析了A记录,解析服务器还没有生效

服务器本地 DNS缓存未更新”

很明显,我此处看来就是由于DNS的A记录没有添加指向当前服务器所导致的。

Let’s Encrypt 简单使用 | ckwongloy

现在已经:

【已解决】去DNSPod的腾讯云中更新crifan.com的DNS域名设置

更新为最新IP了:

<code>[root@VM_0_11_centos oneinstack]# ping www.crifan.com
PING www.crifan.com (150.109.113.228) 56(84) bytes of data.
64 bytes from 150.109.113.228 (150.109.113.228): icmp_seq=1 ttl=63 time=0.329 ms
</code>

所以可以继续重新添加vhost了

<code>[root@VM_0_11_centos oneinstack]# pwd
/root/oneinstack
[root@VM_0_11_centos oneinstack]# ll
total 3300
-rwxr-xr-x 1 root root   25291 Dec 25 18:41 addons.sh
-rwxr-xr-x 1 root root   18853 Dec 25 18:41 backup_setup.sh
-rwxr-xr-x 1 root root    7858 Dec 25 18:41 backup.sh
drwxr-xr-x 2 root root    4096 Dec 25 18:41 config
drwxr-xr-x 2 root root    4096 Dec 25 18:41 include
drwxr-xr-x 2 root root    4096 Dec 25 18:41 init.d
-rw-r--r-- 1 root root 3116030 Dec 25 21:17 install.log
-rwxr-xr-x 1 root root   43681 Dec 25 18:41 install.sh
-rw-r--r-- 1 root root   11358 Dec 25 18:41 LICENSE
-rw-r--r-- 1 root root    2395 Dec 25 21:00 options.conf
-rwxr-xr-x 1 root root    7778 Dec 25 18:41 pureftpd_vhost.sh
-rw-r--r-- 1 root root    5489 Dec 25 18:41 README.md
-rwxr-xr-x 1 root root    4926 Dec 25 18:41 reset_db_root_password.sh
drwxr-xr-x 4 root root    4096 Dec 25 21:40 src
-rwxr-xr-x 1 root root   11390 Dec 25 18:41 ss.sh
drwxr-xr-x 2 root root    4096 Dec 25 18:41 tools
-rwxr-xr-x 1 root root   17441 Dec 25 18:41 uninstall.sh
-rwxr-xr-x 1 root root    5725 Dec 25 18:41 upgrade.sh
-rw-r--r-- 1 root root    1803 Dec 25 18:41 versions.txt
-rwxr-xr-x 1 root root   47574 Dec 25 18:41 vhost.sh
[root@VM_0_11_centos oneinstack]# ./vhost.sh 
</code>

继续:

<code>#######################################################################
#       OneinStack for CentOS/RedHat 6+ Debian 7+ and Ubuntu 12+      #
#       For more information please visit https://oneinstack.com      #
#######################################################################

What Are You Doing?
        1. Use HTTP Only
        2. Use your own SSL Certificate and Key
        3. Use Let's Encrypt to Create SSL Certificate and Key
        q. Exit
Please input the correct option: 3

Please input domain(example: www.example.com): www.crifan.com
domain=www.crifan.com

Please input the directory for the domain:www.crifan.com :
(Default directory: /data/wwwroot/www.crifan.com): 
Virtual Host Directory=/data/wwwroot/www.crifan.com

Create Virtul Host directory......
set permissions of Virtual Host directory......

Do you want to add more domain name? [y/n]: y

Type domainname or IP(example: example.com other.example.com): crifan.com
domain list=crifan.com

Do you want to redirect from crifan.com to www.crifan.com? [y/n]: y

Do you want to redirect all HTTP requests to HTTPS? [y/n]: y
[Sun Dec 30 11:16:53 CST 2018] Multi domain='DNS:www.crifan.com,DNS:crifan.com'
[Sun Dec 30 11:16:53 CST 2018] Getting domain auth token for each domain
[Sun Dec 30 11:16:53 CST 2018] Getting webroot for domain='www.crifan.com'
[Sun Dec 30 11:16:53 CST 2018] Getting new-authz for domain='www.crifan.com'
[Sun Dec 30 11:16:55 CST 2018] The new-authz request is ok.
[Sun Dec 30 11:16:55 CST 2018] Getting webroot for domain='crifan.com'
[Sun Dec 30 11:16:55 CST 2018] Getting new-authz for domain='crifan.com'
[Sun Dec 30 11:16:56 CST 2018] The new-authz request is ok.
[Sun Dec 30 11:16:57 CST 2018] Verifying:www.crifan.com
[Sun Dec 30 11:17:01 CST 2018] Success
[Sun Dec 30 11:17:01 CST 2018] Verifying:crifan.com
[Sun Dec 30 11:17:04 CST 2018] Success
[Sun Dec 30 11:17:04 CST 2018] Verify finished, start to sign.
[Sun Dec 30 11:17:07 CST 2018] Cert success.
-----BEGIN CERTIFICATE-----
MIIFY...4CLLcitfVJa7eF+Y
gg...w=
-----END CERTIFICATE-----
[Sun Dec 30 11:17:07 CST 2018] Your cert is in  /root/.acme.sh/www.crifan.com/www.crifan.com.cer 
[Sun Dec 30 11:17:07 CST 2018] Your cert key is in  /root/.acme.sh/www.crifan.com/www.crifan.com.key 
[Sun Dec 30 11:17:07 CST 2018] The intermediate CA cert is in  /root/.acme.sh/www.crifan.com/ca.cer 
[Sun Dec 30 11:17:07 CST 2018] And the full chain certs is there:  /root/.acme.sh/www.crifan.com/fullchain.cer 

Do you want to add hotlink protection? [y/n]: n

Allow Rewrite rule? [y/n]: y

Please input the rewrite of programme :
wordpress,opencart,magento2,drupal,joomla,codeigniter,laravel
thinkphp,pathinfo,discuz,typecho,ecshop,nextcloud rewrite was exist.
(Default rewrite: other): wordpress
You choose rewrite=wordpress

Allow Nginx/Tengine/OpenResty access_log? [y/n]: y
You access log file=/data/wwwlogs/www.crifan.com_nginx.log

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
Reload Nginx......

#######################################################################
#       OneinStack for CentOS/RedHat 6+ Debian 7+ and Ubuntu 12+      #
#       For more information please visit https://oneinstack.com      #
#######################################################################
Your domain:                  www.crifan.com
Virtualhost conf:             /usr/local/nginx/conf/vhost/www.crifan.com.conf
Directory of:                 /data/wwwroot/www.crifan.com
Rewrite rule:                 /usr/local/nginx/conf/rewrite/wordpress.conf
Let's Encrypt SSL Certificate:/usr/local/nginx/conf/ssl/www.crifan.com.crt
SSL Private Key:              /usr/local/nginx/conf/ssl/www.crifan.com.key
</code>

【总结】

此处用OneinStack去运行vhost.sh添加域名设置的话:

需要先确保已更新为最新DNS配置,把域名解析到当前服务器的IP了,比如:

<code>ping www.crifan.com
</code>

输出是最新此处腾讯云香港服务器的IP:150.109.113.228

然后才能正常的使用Let’s Encrypt去生成ssl证书,才能正常添加域名的。

转载请注明:在路上 » 【已解决】OneinStack添加虚拟主机的Let’s Encrypt的ssl证书出错:Let’s Encrypt Verify error! DNS problem: NXDOMAIN looking up A for

发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
58 queries in 0.234 seconds, using 18.92MB memory