折腾:
【已解决】给腾讯云香港CVM的CentOS中OneinStack中添加虚拟主机vhost配置
期间,在网站搬家,从Linode的VPS到腾讯云的香港CVM之前,
目前在还没有把服务器和DNS等配置更新呢,
即此刻crifan.com还是在Linode中呢:
<code>➜ ~ ping www.crifan.com PING www.crifan.com (80.85.87.205): 56 data bytes 64 bytes from 80.85.87.205: icmp_seq=0 ttl=51 time=357.193 ms 64 bytes from 80.85.87.205: icmp_seq=1 ttl=51 time=301.462 ms 64 bytes from 80.85.87.205: icmp_seq=2 ttl=51 time=443.761 ms 64 bytes from 80.85.87.205: icmp_seq=3 ttl=51 time=275.714 ms 64 bytes from 80.85.87.205: icmp_seq=4 ttl=51 time=315.201 ms ^C --- www.crifan.com ping statistics --- 6 packets transmitted, 5 packets received, 16.7% packet loss round-trip min/avg/max/stddev = 275.714/338.666/443.761/58.798 ms </code>
然后就先去OneinStack中试试添加vhost,结果出错:
<code>What Are You Doing? 1. Use HTTP Only 2. Use your own SSL Certificate and Key 3. Use Let's Encrypt to Create SSL Certificate and Key q. Exit Please input the correct option: 3 Please input domain(example: www.example.com): www.crifan.com domain=www.crifan.com Please input the directory for the domain:www.crifan.com : (Default directory: /data/wwwroot/www.crifan.com): Virtual Host Directory=/data/wwwroot/www.crifan.com Create Virtul Host directory...... set permissions of Virtual Host directory...... Do you want to add more domain name? [y/n]: crifan.com input error! Please only input 'y' or 'n' Do you want to add more domain name? [y/n]: y Type domainname or IP(example: example.com other.example.com): crifan.com domain list=crifan.com Do you want to redirect from crifan.com to www.crifan.com? [y/n]: y Do you want to redirect all HTTP requests to HTTPS? [y/n]: y Let's Encrypt Verify error! DNS problem: NXDOMAIN looking up A for www.crifan.com Let's Encrypt Verify error! DNS problem: NXDOMAIN looking up A for crifan.com [Tue Dec 25 21:41:34 CST 2018] Registering account [Tue Dec 25 21:41:36 CST 2018] Registered [Tue Dec 25 21:41:36 CST 2018] ACCOUNT_THUMBPRINT='Rve1oSDwjdR0r9OQgKswSrga5vuq2xkzelJ58cX6cqg' [Tue Dec 25 21:41:36 CST 2018] Creating domain key [Tue Dec 25 21:41:36 CST 2018] The domain key is here: /root/.acme.sh/www.crifan.com/www.crifan.com.key [Tue Dec 25 21:41:36 CST 2018] Multi domain='DNS:www.crifan.com,DNS:crifan.com' [Tue Dec 25 21:41:36 CST 2018] Getting domain auth token for each domain [Tue Dec 25 21:41:36 CST 2018] Getting webroot for domain='www.crifan.com' [Tue Dec 25 21:41:36 CST 2018] Getting new-authz for domain='www.crifan.com' [Tue Dec 25 21:41:38 CST 2018] The new-authz request is ok. [Tue Dec 25 21:41:38 CST 2018] Getting webroot for domain='crifan.com' [Tue Dec 25 21:41:38 CST 2018] Getting new-authz for domain='crifan.com' [Tue Dec 25 21:41:39 CST 2018] The new-authz request is ok. [Tue Dec 25 21:41:39 CST 2018] Verifying:www.crifan.com [Tue Dec 25 21:41:43 CST 2018] Pending [Tue Dec 25 21:41:46 CST 2018] www.crifan.com:Verify error:Invalid response from https://www.crifan.com/.well-known/acme-challenge/hWTtdFEsnlVmHhWEXp8vyj4xGACpyJ1rIwnApNpySq4: [Tue Dec 25 21:41:46 CST 2018] Please add '--debug' or '--log' to check more details. [Tue Dec 25 21:41:46 CST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh Error: Create Let's Encrypt SSL Certificate failed! [root@VM_0_11_centos oneinstack]# </code>
<code>[root@VM_0_11_centos oneinstack]# ls /data/ mysql wwwlogs wwwroot [root@VM_0_11_centos oneinstack]# ls /data/wwwroot/ default www.crifan.com [root@VM_0_11_centos oneinstack]# ls /data/wwwroot/www.crifan.com/ [root@VM_0_11_centos oneinstack]# ls -lh /data/wwwroot/ total 8.0K drwxr-xr-x 3 www www 4.0K Dec 25 21:17 default drwxr-xr-x 2 www www 4.0K Dec 25 21:41 www.crifan.com </code>
目前
/data/wwwroot/www.crifan.com/
是空的
等后续网站内容备份好了,再继续去看看此处的ssl证书的问题如何解决
是不是只是 去原Linode中crifan.com中拷贝过来ssl证书的pem和crt等文件 就可以了。
不过此处add vhost后续步骤:
都还没执行呢。所以也不对。
搜:
oneinstack let’s encrypt Verify error:Invalid response from
OneinStack自动部署Let’s Encrypt证书 | Linux运维笔记
“升级acme.sh: acme.sh upgrade
之后再试试!”
待会去试试
Let’s Encrypt无法创建 – OneinStack
启用Let’s Encrypt错误? – OneinStack
去看看:
How to debug acme.sh · Neilpang/acme.sh Wiki
Let’s Encrypt 免费 SSL 证书续期失败的处理 – 简书
想要试试:
acme.sh upgrade
结果此处根本没有acme.sh:
<code>[root@VM_0_11_centos oneinstack]# ll total 3300 -rwxr-xr-x 1 root root 25291 Dec 25 18:41 addons.sh -rwxr-xr-x 1 root root 18853 Dec 25 18:41 backup_setup.sh -rwxr-xr-x 1 root root 7858 Dec 25 18:41 backup.sh drwxr-xr-x 2 root root 4096 Dec 25 18:41 config drwxr-xr-x 2 root root 4096 Dec 25 18:41 include drwxr-xr-x 2 root root 4096 Dec 25 18:41 init.d -rw-r--r-- 1 root root 3116030 Dec 25 21:17 install.log -rwxr-xr-x 1 root root 43681 Dec 25 18:41 install.sh -rw-r--r-- 1 root root 11358 Dec 25 18:41 LICENSE -rw-r--r-- 1 root root 2395 Dec 25 21:00 options.conf -rwxr-xr-x 1 root root 7778 Dec 25 18:41 pureftpd_vhost.sh -rw-r--r-- 1 root root 5489 Dec 25 18:41 README.md -rwxr-xr-x 1 root root 4926 Dec 25 18:41 reset_db_root_password.sh drwxr-xr-x 4 root root 4096 Dec 25 21:40 src -rwxr-xr-x 1 root root 11390 Dec 25 18:41 ss.sh drwxr-xr-x 2 root root 4096 Dec 25 18:41 tools -rwxr-xr-x 1 root root 17441 Dec 25 18:41 uninstall.sh -rwxr-xr-x 1 root root 5725 Dec 25 18:41 upgrade.sh -rw-r--r-- 1 root root 1803 Dec 25 18:41 versions.txt -rwxr-xr-x 1 root root 47574 Dec 25 18:41 vhost.sh </code>
然后注意到期间的错误:
<code>Let's Encrypt Verify error! DNS problem: NXDOMAIN looking up A for www.crifan.com Let's Encrypt Verify error! DNS problem: NXDOMAIN looking up A for crifan.com </code>
再加上别人提到已经添加了A记录
-》推断是:
此处是由于:DNS还是指向旧的Linode的VPS,所以DNS解析出错了。
-》解决办法应该是:
等搬家完成后,更新DNS域名设置,把crifan.com和www.crifan.com解析为当前的腾讯云的服务器,然后再去vhost,估计就可以了。
待后续确认和验证
顺带也继续去搜搜看:
oneinstack let’s encrypt Verify error! DNS problem: NXDOMAIN looking up A
Let’s Encrypt Verify error! – OneinStack
后续也去看看,是否和防火墙,安全组,是否有关系
Let’s Encrypt 的 NXDOMAIN 机制到底是怎样的 – V2EX
<code>➜ ~ dig www.crifan.com ; <<>> DiG 9.10.6 <<>> www.crifan.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60995 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.crifan.com. IN A ;; ANSWER SECTION: www.crifan.com. 133 IN A 80.85.87.205 ;; Query time: 107 msec ;; SERVER: 114.114.114.114#53(114.114.114.114) ;; WHEN: Tue Dec 25 22:03:15 CST 2018 ;; MSG SIZE rcvd: 59 </code>
解决Let’s Encrypt SSL证书配置错误”DNS problem: NXDOMAIN looking up A for xxx.com” – 数安时代(GDCA)
“出现这个问题原因可能是:
刚刚解析了A记录,解析服务器还没有生效
服务器本地 DNS缓存未更新”
很明显,我此处看来就是由于DNS的A记录没有添加指向当前服务器所导致的。
Let’s Encrypt 简单使用 | ckwongloy
现在已经:
【已解决】去DNSPod的腾讯云中更新crifan.com的DNS域名设置
更新为最新IP了:
<code>[root@VM_0_11_centos oneinstack]# ping www.crifan.com PING www.crifan.com (150.109.113.228) 56(84) bytes of data. 64 bytes from 150.109.113.228 (150.109.113.228): icmp_seq=1 ttl=63 time=0.329 ms </code>
所以可以继续重新添加vhost了
<code>[root@VM_0_11_centos oneinstack]# pwd /root/oneinstack [root@VM_0_11_centos oneinstack]# ll total 3300 -rwxr-xr-x 1 root root 25291 Dec 25 18:41 addons.sh -rwxr-xr-x 1 root root 18853 Dec 25 18:41 backup_setup.sh -rwxr-xr-x 1 root root 7858 Dec 25 18:41 backup.sh drwxr-xr-x 2 root root 4096 Dec 25 18:41 config drwxr-xr-x 2 root root 4096 Dec 25 18:41 include drwxr-xr-x 2 root root 4096 Dec 25 18:41 init.d -rw-r--r-- 1 root root 3116030 Dec 25 21:17 install.log -rwxr-xr-x 1 root root 43681 Dec 25 18:41 install.sh -rw-r--r-- 1 root root 11358 Dec 25 18:41 LICENSE -rw-r--r-- 1 root root 2395 Dec 25 21:00 options.conf -rwxr-xr-x 1 root root 7778 Dec 25 18:41 pureftpd_vhost.sh -rw-r--r-- 1 root root 5489 Dec 25 18:41 README.md -rwxr-xr-x 1 root root 4926 Dec 25 18:41 reset_db_root_password.sh drwxr-xr-x 4 root root 4096 Dec 25 21:40 src -rwxr-xr-x 1 root root 11390 Dec 25 18:41 ss.sh drwxr-xr-x 2 root root 4096 Dec 25 18:41 tools -rwxr-xr-x 1 root root 17441 Dec 25 18:41 uninstall.sh -rwxr-xr-x 1 root root 5725 Dec 25 18:41 upgrade.sh -rw-r--r-- 1 root root 1803 Dec 25 18:41 versions.txt -rwxr-xr-x 1 root root 47574 Dec 25 18:41 vhost.sh [root@VM_0_11_centos oneinstack]# ./vhost.sh </code>
继续:
<code>####################################################################### # OneinStack for CentOS/RedHat 6+ Debian 7+ and Ubuntu 12+ # # For more information please visit https://oneinstack.com # ####################################################################### What Are You Doing? 1. Use HTTP Only 2. Use your own SSL Certificate and Key 3. Use Let's Encrypt to Create SSL Certificate and Key q. Exit Please input the correct option: 3 Please input domain(example: www.example.com): www.crifan.com domain=www.crifan.com Please input the directory for the domain:www.crifan.com : (Default directory: /data/wwwroot/www.crifan.com): Virtual Host Directory=/data/wwwroot/www.crifan.com Create Virtul Host directory...... set permissions of Virtual Host directory...... Do you want to add more domain name? [y/n]: y Type domainname or IP(example: example.com other.example.com): crifan.com domain list=crifan.com Do you want to redirect from crifan.com to www.crifan.com? [y/n]: y Do you want to redirect all HTTP requests to HTTPS? [y/n]: y [Sun Dec 30 11:16:53 CST 2018] Multi domain='DNS:www.crifan.com,DNS:crifan.com' [Sun Dec 30 11:16:53 CST 2018] Getting domain auth token for each domain [Sun Dec 30 11:16:53 CST 2018] Getting webroot for domain='www.crifan.com' [Sun Dec 30 11:16:53 CST 2018] Getting new-authz for domain='www.crifan.com' [Sun Dec 30 11:16:55 CST 2018] The new-authz request is ok. [Sun Dec 30 11:16:55 CST 2018] Getting webroot for domain='crifan.com' [Sun Dec 30 11:16:55 CST 2018] Getting new-authz for domain='crifan.com' [Sun Dec 30 11:16:56 CST 2018] The new-authz request is ok. [Sun Dec 30 11:16:57 CST 2018] Verifying:www.crifan.com [Sun Dec 30 11:17:01 CST 2018] Success [Sun Dec 30 11:17:01 CST 2018] Verifying:crifan.com [Sun Dec 30 11:17:04 CST 2018] Success [Sun Dec 30 11:17:04 CST 2018] Verify finished, start to sign. [Sun Dec 30 11:17:07 CST 2018] Cert success. -----BEGIN CERTIFICATE----- MIIFY...4CLLcitfVJa7eF+Y gg...w= -----END CERTIFICATE----- [Sun Dec 30 11:17:07 CST 2018] Your cert is in /root/.acme.sh/www.crifan.com/www.crifan.com.cer [Sun Dec 30 11:17:07 CST 2018] Your cert key is in /root/.acme.sh/www.crifan.com/www.crifan.com.key [Sun Dec 30 11:17:07 CST 2018] The intermediate CA cert is in /root/.acme.sh/www.crifan.com/ca.cer [Sun Dec 30 11:17:07 CST 2018] And the full chain certs is there: /root/.acme.sh/www.crifan.com/fullchain.cer Do you want to add hotlink protection? [y/n]: n Allow Rewrite rule? [y/n]: y Please input the rewrite of programme : wordpress,opencart,magento2,drupal,joomla,codeigniter,laravel thinkphp,pathinfo,discuz,typecho,ecshop,nextcloud rewrite was exist. (Default rewrite: other): wordpress You choose rewrite=wordpress Allow Nginx/Tengine/OpenResty access_log? [y/n]: y You access log file=/data/wwwlogs/www.crifan.com_nginx.log nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful Reload Nginx...... ####################################################################### # OneinStack for CentOS/RedHat 6+ Debian 7+ and Ubuntu 12+ # # For more information please visit https://oneinstack.com # ####################################################################### Your domain: www.crifan.com Virtualhost conf: /usr/local/nginx/conf/vhost/www.crifan.com.conf Directory of: /data/wwwroot/www.crifan.com Rewrite rule: /usr/local/nginx/conf/rewrite/wordpress.conf Let's Encrypt SSL Certificate:/usr/local/nginx/conf/ssl/www.crifan.com.crt SSL Private Key: /usr/local/nginx/conf/ssl/www.crifan.com.key </code>
【总结】
此处用OneinStack去运行vhost.sh添加域名设置的话:
需要先确保已更新为最新DNS配置,把域名解析到当前服务器的IP了,比如:
<code>ping www.crifan.com </code>
输出是最新此处腾讯云香港服务器的IP:150.109.113.228
然后才能正常的使用Let’s Encrypt去生成ssl证书,才能正常添加域名的。
转载请注明:在路上 » 【已解决】OneinStack添加虚拟主机的Let’s Encrypt的ssl证书出错:Let’s Encrypt Verify error! DNS problem: NXDOMAIN looking up A for