使用 Acme.sh 给 SSL 证书自动续期失败的解决方法

已关闭留言

今天发现有个网站使用 LNMP 的 Let’s Encrypt 一键 SSL 证书(其实是通过 acme.sh 安装的)的自动续期有问题,没有续上。登录上去之后查看了一下还是不行,于是搜索了一下解决方法。最后发现是因为 acme.sh 的版本太低导致了自动续期失败,所以本文分享一下这个自动续期失败的原因和解决方法。

文章目录
隐藏
一、Acme.sh 自动续期失败的症状
二、Acme.sh 自动续期失败的解决方法

一、Acme.sh 自动续期失败的症状

问题描述如下,续期的时候,提示如下错误:

root@dc:~# "/usr/local/acme.sh"/acme.sh --cron --home "/usr/local/acme.sh" > /dev/null
[Sun Nov 10 23:52:17 CST 2019] Error, can not get domain token entry example.com
[Sun Nov 10 23:52:17 CST 2019] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
[Sun Nov 10 23:52:17 CST 2019] Error renew example.com.

经过查看 log,错误日志如下:

[Sun Nov 10 23:52:14 CST 2019] GET
[Sun Nov 10 23:52:14 CST 2019] url='https://acme-v01.api.letsencrypt.org/directory'
[Sun Nov 10 23:52:14 CST 2019] timeout=
[Sun Nov 10 23:52:15 CST 2019] _CURL='curl -L --silent --dump-header /usr/local/acme.sh/http.header -g '
[Sun Nov 10 23:52:15 CST 2019] ret='0'
[Sun Nov 10 23:52:15 CST 2019] Could not get nonce, let's try again.
[Sun Nov 10 23:52:17 CST 2019] The new-authz request is ok.
[Sun Nov 10 23:52:17 CST 2019] entry
[Sun Nov 10 23:52:17 CST 2019] Error, can not get domain token entry example.com
[Sun Nov 10 23:52:17 CST 2019] pid
[Sun Nov 10 23:52:17 CST 2019] No need to restore nginx, skip.
[Sun Nov 10 23:52:17 CST 2019] _clearupdns
[Sun Nov 10 23:52:17 CST 2019] skip dns.
[Sun Nov 10 23:52:17 CST 2019] _on_issue_err
[Sun Nov 10 23:52:17 CST 2019] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
[Sun Nov 10 23:52:17 CST 2019] Return code: 1
[Sun Nov 10 23:52:17 CST 2019] Error renew example.com.
[Sun Nov 10 23:52:17 CST 2019] ===End cron===

二、Acme.sh 自动续期失败的解决方法

网上搜了一堆文章之后,都没解决问题,最后在这篇文章中找到了问题所在:

https://community.letsencrypt.org/t/unable-to-issue-or-renew-certificates/102948

Your server is able to connect Letsencrypt, so that isn’t the problem.

But you use acme.sh. There are changes. First step: Update your acme.sh.

Yep, the nonce-problem:

Could not get nonce, let's try again.

An update is required.

所以,问题原因就是 acme.sh 版本太低,解决方法很简单,升级 acme.sh 即可:

升级 acme.sh 到最新版 :

acme.sh --upgrade

如果你不想手动升级, 可以开启自动升级:

acme.sh  --upgrade  --auto-upgrade

之后, acme.sh 就会自动保持更新了.

你也可以随时关闭自动更新:

acme.sh --upgrade  --auto-upgrade  0

参考:https://github.com/Neilpang/acme.sh

至此,问题得到解决。