0
自分のボルダーサーバーをインストールして内部権限証明書を発行しようとしました。 ドッカーでボルダーサーバーをhttps://github.com/letsencrypt/boulderに設定しました。 問題証明書の別のサーバー上のacme.sh。acme.shのチャレンジエラーと自分自身のボルダーサーバー
残念ながら、acme.shは私に、このエラーを与える、と私は間違っている可能性が何か分からない:
デバッグacme.shから:ボルダーサーバー上の
[email protected]:~$ .acme.sh/acme.sh --issue -d suitecrm.office.mojeip.cz --home /home/letsencrypt/.acme.sh -w /home/letsencrypt/webroot --server http://boulder.office.mojeip.cz:4000/directory --renew --force --log --debug 2
[Thu Nov 9 13:07:42 UTC 2017] Lets find script dir.
[Thu Nov 9 13:07:42 UTC 2017] _SCRIPT_='.acme.sh/acme.sh'
[Thu Nov 9 13:07:42 UTC 2017] _script='/home/letsencrypt/.acme.sh/acme.sh'
[Thu Nov 9 13:07:42 UTC 2017] _script_home='/home/letsencrypt/.acme.sh'
[Thu Nov 9 13:07:42 UTC 2017] Using config home:/home/letsencrypt/.acme.sh
[Thu Nov 9 13:07:42 UTC 2017] LE_WORKING_DIR='/home/letsencrypt/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.7.4
[Thu Nov 9 13:07:42 UTC 2017] Using server: http://boulder.office.mojeip.cz:4000/directory
[Thu Nov 9 13:07:42 UTC 2017] Using config home:/home/letsencrypt/.acme.sh
[Thu Nov 9 13:07:42 UTC 2017] ACME_DIRECTORY='http://boulder.office.mojeip.cz:4000/directory'
[Thu Nov 9 13:07:42 UTC 2017] _ACME_SERVER_HOST='boulder.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] DOMAIN_PATH='/home/letsencrypt/.acme.sh/suitecrm.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] Renew: 'suitecrm.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] Using config home:/home/letsencrypt/.acme.sh
[Thu Nov 9 13:07:42 UTC 2017] ACME_DIRECTORY='http://boulder.office.mojeip.cz:4000/directory'
[Thu Nov 9 13:07:42 UTC 2017] _ACME_SERVER_HOST='boulder.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] Using ACME_DIRECTORY: http://boulder.office.mojeip.cz:4000/directory
[Thu Nov 9 13:07:42 UTC 2017] _init api for server: http://boulder.office.mojeip.cz:4000/directory
[Thu Nov 9 13:07:42 UTC 2017] GET
[Thu Nov 9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz:4000/directory'
[Thu Nov 9 13:07:42 UTC 2017] timeout
[Thu Nov 9 13:07:42 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header --trace-ascii /tmp/tmp.O7gBfsu6LG '
[Thu Nov 9 13:07:42 UTC 2017] ret='0'
[Thu Nov 9 13:07:42 UTC 2017] response='{
"36iqcXcTwfE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"key-change": "http://boulder.office.mojeip.cz:4000/acme/key-change",
"meta": {
"terms-of-service": "http://boulder:4000/terms/v1"
},
"new-authz": "http://boulder.office.mojeip.cz:4000/acme/new-authz",
"new-cert": "http://boulder.office.mojeip.cz:4000/acme/new-cert",
"new-reg": "http://boulder.office.mojeip.cz:4000/acme/new-reg",
"revoke-cert": "http://boulder.office.mojeip.cz:4000/acme/revoke-cert"
}'
[Thu Nov 9 13:07:42 UTC 2017] ACME_KEY_CHANGE='http://boulder.office.mojeip.cz:4000/acme/key-change'
[Thu Nov 9 13:07:42 UTC 2017] ACME_NEW_AUTHZ='http://boulder.office.mojeip.cz:4000/acme/new-authz'
[Thu Nov 9 13:07:42 UTC 2017] ACME_NEW_ORDER='http://boulder.office.mojeip.cz:4000/acme/new-cert'
[Thu Nov 9 13:07:42 UTC 2017] ACME_NEW_ACCOUNT='http://boulder.office.mojeip.cz:4000/acme/new-reg'
[Thu Nov 9 13:07:42 UTC 2017] ACME_REVOKE_CERT='http://boulder.office.mojeip.cz:4000/acme/revoke-cert'
[Thu Nov 9 13:07:42 UTC 2017] Le_NextRenewTime
[Thu Nov 9 13:07:42 UTC 2017] _on_before_issue
[Thu Nov 9 13:07:42 UTC 2017] '/home/letsencrypt/webroot' does not contain 'no'
[Thu Nov 9 13:07:42 UTC 2017] Le_LocalAddress
[Thu Nov 9 13:07:42 UTC 2017] Check for domain='suitecrm.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] _currentRoot='/home/letsencrypt/webroot'
[Thu Nov 9 13:07:42 UTC 2017] '/home/letsencrypt/webroot' does not contain 'apache'
[Thu Nov 9 13:07:42 UTC 2017] _saved_account_key_hash='6sRegKo+srPDgaOnCejKyf7wkccpEtngrddGwl0xyho='
[Thu Nov 9 13:07:42 UTC 2017] _saved_account_key_hash is not changed, skip register account.
[Thu Nov 9 13:07:42 UTC 2017] Read key length:
[Thu Nov 9 13:07:42 UTC 2017] _createcsr
[Thu Nov 9 13:07:42 UTC 2017] domain='suitecrm.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] domainlist
[Thu Nov 9 13:07:42 UTC 2017] csrkey='/home/letsencrypt/.acme.sh/suitecrm.office.mojeip.cz/suitecrm.office.mojeip.cz.key'
[Thu Nov 9 13:07:42 UTC 2017] csr='/home/letsencrypt/.acme.sh/suitecrm.office.mojeip.cz/suitecrm.office.mojeip.cz.csr'
[Thu Nov 9 13:07:42 UTC 2017] csrconf='/home/letsencrypt/.acme.sh/suitecrm.office.mojeip.cz/suitecrm.office.mojeip.cz.csr.conf'
[Thu Nov 9 13:07:42 UTC 2017] Single domain='suitecrm.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] _is_idn_d='suitecrm.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] _idn_temp
[Thu Nov 9 13:07:42 UTC 2017] _csr_cn='suitecrm.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] Getting domain auth token for each domain
[Thu Nov 9 13:07:42 UTC 2017] Getting webroot for domain='suitecrm.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] _w='/home/letsencrypt/webroot'
[Thu Nov 9 13:07:42 UTC 2017] _currentRoot='/home/letsencrypt/webroot'
[Thu Nov 9 13:07:42 UTC 2017] Getting new-authz for domain='suitecrm.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] _init api for server: http://boulder.office.mojeip.cz:4000/directory
[Thu Nov 9 13:07:42 UTC 2017] ACME_KEY_CHANGE='http://boulder.office.mojeip.cz:4000/acme/key-change'
[Thu Nov 9 13:07:42 UTC 2017] ACME_NEW_AUTHZ='http://boulder.office.mojeip.cz:4000/acme/new-authz'
[Thu Nov 9 13:07:42 UTC 2017] ACME_NEW_ORDER='http://boulder.office.mojeip.cz:4000/acme/new-cert'
[Thu Nov 9 13:07:42 UTC 2017] ACME_NEW_ACCOUNT='http://boulder.office.mojeip.cz:4000/acme/new-reg'
[Thu Nov 9 13:07:42 UTC 2017] ACME_REVOKE_CERT='http://boulder.office.mojeip.cz:4000/acme/revoke-cert'
[Thu Nov 9 13:07:42 UTC 2017] Try new-authz for the 0 time.
[Thu Nov 9 13:07:42 UTC 2017] _is_idn_d='suitecrm.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] _idn_temp
[Thu Nov 9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz:4000/acme/new-authz'
[Thu Nov 9 13:07:42 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "suitecrm.office.mojeip.cz"}}'
[Thu Nov 9 13:07:42 UTC 2017] RSA key
[Thu Nov 9 13:07:42 UTC 2017] Get nonce. ACME_DIRECTORY='http://boulder.office.mojeip.cz:4000/directory'
[Thu Nov 9 13:07:42 UTC 2017] GET
[Thu Nov 9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz:4000/directory'
[Thu Nov 9 13:07:42 UTC 2017] timeout
[Thu Nov 9 13:07:42 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header --trace-ascii /tmp/tmp.g5Cb3ROx3f '
[Thu Nov 9 13:07:42 UTC 2017] ret='0'
[Thu Nov 9 13:07:42 UTC 2017] _headers='HTTP/1.1 200 OK
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Replay-Nonce: OrPVpfcC3bi2zbnIhpJYWL9g7GBiYs2k76RLlnSeakM
Date: Thu, 09 Nov 2017 13:07:42 GMT
Content-Length: 510
'
[Thu Nov 9 13:07:42 UTC 2017] _CACHED_NONCE='OrPVpfcC3bi2zbnIhpJYWL9g7GBiYs2k76RLlnSeakM'
[Thu Nov 9 13:07:42 UTC 2017] nonce='OrPVpfcC3bi2zbnIhpJYWL9g7GBiYs2k76RLlnSeakM'
[Thu Nov 9 13:07:42 UTC 2017] POST
[Thu Nov 9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz:4000/acme/new-authz'
[Thu Nov 9 13:07:42 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uKV5BlCeMeXa69r3leWJkO3-_XsbnkK87DRh_qPFjJOm4jYXTObgMt4FtCqwQl8cgcYoYmXm7zDLaK-zP2tgykVV_5CrzVpgbpZxVo9lmE_DXujdfNb24yIPQi34NEzTUQIrtghPIxIHPw9Tdq0faWNjQztN0c69as2XolTO1TyQ949SOl8GT4eU6wbWyg14vQGL2linu7bE9Gnmws7kXL6ABeK4BwxzHU4lrjZ7ZoDPVRzWIpazcoHlBMcOEj8C7dhmIvduP_slB2GzYi-hwhtVvao8FDJmQNGhMyohnYk_v7PjJgxNMKz1H7-KgDpvEBpwKC98Ot34B83mK5wvxw"}}, "protected": "eyJub25jZSI6ICJPclBWcGZjQzNiaTJ6Ym5JaHBKWVdMOWc3R0JpWXMyazc2UkxsblNlYWtNIiwgInVybCI6ICJodHRwOi8vYm91bGRlci5vZmZpY2UubmljLmN6OjQwMDAvYWNtZS9uZXctYXV0aHoiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICJ1S1Y1QmxDZU1lWGE2OXIzbGVXSmtPMy1fWHNibmtLODdEUmhfcVBGakpPbTRqWVhUT2JnTXQ0RnRDcXdRbDhjZ2NZb1ltWG03ekRMYUstelAydGd5a1ZWXzVDcnpWcGdicFp4Vm85bG1FX0RYdWpkZk5iMjR5SVBRaTM0TkV6VFVRSXJ0Z2hQSXhJSFB3OVRkcTBmYVdOalF6dE4wYzY5YXMyWG9sVE8xVHlROTQ5U09sOEdUNGVVNndiV3lnMTR2UUdMMmxpbnU3YkU5R25td3M3a1hMNkFCZUs0Qnd4ekhVNGxyalo3Wm9EUFZSeldJcGF6Y29IbEJNY09FajhDN2RobUl2ZHVQX3NsQjJHellpLWh3aHRWdmFvOEZESm1RTkdoTXlvaG5Za192N1BqSmd4Tk1LejFINy1LZ0RwdkVCcHdLQzk4T3QzNEI4M21LNXd2eHcifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAic3VpdGVjcm0ub2ZmaWNlLm5pYy5jeiJ9fQ", "signature": "TTb0-ghjFif0Up03XNilRA3KR49TSCongQSBw2ewFUucXipah9Pa5RI_kDD0sE0rYiiCW75Og7fpzwOX6rRn6TAJeYrY_hmyOhaqW3szQjeocH365WxdmFTJbmV9M9LgAVRubB2rQcLFxAwg0IGbbEhOKTVV-zvmS39ZA_2XvcmJR6nkrPgzfxzGcSTz1aFlTZH8GKCwBXBy6K8FULZ4wUnOb7C2LV_oqpAyDwEez1oj4s_nCmGM-CxCopgeNgcpY_yZymz7WVvHQLo082iUTBzzoZrbipQiDGUIjVio29io93b-ZDzFPZu-3nqq__TdYh20ZupCyK952A9629aMOg"}'
[Thu Nov 9 13:07:42 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header --trace-ascii /tmp/tmp.2WomWqkuZB '
[Thu Nov 9 13:07:42 UTC 2017] _ret='0'
[Thu Nov 9 13:07:42 UTC 2017] original='{
"identifier": {
"type": "dns",
"value": "suitecrm.office.mojeip.cz"
},
"status": "pending",
"expires": "2017-11-16T09:38:04Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"uri": "http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/7",
"token": "Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo"
},
{
"type": "http-01",
"status": "pending",
"uri": "http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8",
"token": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/9",
"token": "ckfZdVql-_SAX7zF5JkEoRqYbkGDy12pwBe2gj066aE"
}
],
"combinations": [
[
1
],
[
0
],
[
2
]
]
}'
[Thu Nov 9 13:07:42 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
HTTP/1.1 201 Created
Boulder-Requester: 2
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Link: <http://boulder.office.mojeip.cz:4000/acme/new-cert>;rel="next"
Location: http://boulder.office.mojeip.cz:4000/acme/authz/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs
Replay-Nonce: sheBkr-biOxnzow70bnB8rMgEwxdh9gtTxpo8Vtdruk
Date: Thu, 09 Nov 2017 13:07:42 GMT
Content-Length: 964
'
[Thu Nov 9 13:07:42 UTC 2017] response='{"identifier":{"type":"dns","value":"suitecrm.office.mojeip.cz"},"status":"pending","expires":"2017-11-16T09:38:04Z","challenges":[{"type":"dns-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/7","token":"Ac_6ziNyuvskTZn_kqNC6hpYW_KBE34adHt2QmGQyYo"},{"type":"http-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"},{"type":"tls-sni-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/9","token":"ckfZdVql-_SAX7zF5JkEoRqYbkGDy12pwBe2gj066aE"}],"combinations":[[1],[0],[2]]}'
[Thu Nov 9 13:07:42 UTC 2017] code='201'
[Thu Nov 9 13:07:42 UTC 2017] The new-authz request is ok.
[Thu Nov 9 13:07:42 UTC 2017] entry='"type":"http-01","status":"pending","uri":"http://boulder.office.mojeip.cz:4000/acme/challenge/g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs/8","token":"lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk"'
[Thu Nov 9 13:07:42 UTC 2017] token='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk'
[Thu Nov 9 13:07:42 UTC 2017] uri='http://boulder.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] keyauthorization='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Thu Nov 9 13:07:42 UTC 2017] dvlist='suitecrm.office.mojeip.cz#lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM#http://boulder.office.mojeip.cz#http-01#/home/letsencrypt/webroot'
[Thu Nov 9 13:07:42 UTC 2017] vlist='suitecrm.office.mojeip.cz#lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM#http://boulder.office.mojeip.cz#http-01#/home/letsencrypt/webroot,'
[Thu Nov 9 13:07:42 UTC 2017] ok, let's start to verify
[Thu Nov 9 13:07:42 UTC 2017] Verifying:suitecrm.office.mojeip.cz
[Thu Nov 9 13:07:42 UTC 2017] d='suitecrm.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] keyauthorization='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Thu Nov 9 13:07:42 UTC 2017] uri='http://boulder.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] _currentRoot='/home/letsencrypt/webroot'
[Thu Nov 9 13:07:42 UTC 2017] wellknown_path='/home/letsencrypt/webroot/.well-known/acme-challenge'
[Thu Nov 9 13:07:42 UTC 2017] writing token:lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk to /home/letsencrypt/webroot/.well-known/acme-challenge/lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk
[Thu Nov 9 13:07:42 UTC 2017] Changing owner/group of .well-known to letsencrypt:letsencrypt
[Thu Nov 9 13:07:42 UTC 2017] tigger domain validation.
[Thu Nov 9 13:07:42 UTC 2017] _t_url='http://boulder.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] _t_key_authz='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Thu Nov 9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM"}'
[Thu Nov 9 13:07:42 UTC 2017] Use cached jwk for file: /home/letsencrypt/.acme.sh/ca/boulder.office.mojeip.cz/account.key
[Thu Nov 9 13:07:42 UTC 2017] Use _CACHED_NONCE='sheBkr-biOxnzow70bnB8rMgEwxdh9gtTxpo8Vtdruk'
[Thu Nov 9 13:07:42 UTC 2017] nonce='sheBkr-biOxnzow70bnB8rMgEwxdh9gtTxpo8Vtdruk'
[Thu Nov 9 13:07:42 UTC 2017] POST
[Thu Nov 9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uKV5BlCeMeXa69r3leWJkO3-_XsbnkK87DRh_qPFjJOm4jYXTObgMt4FtCqwQl8cgcYoYmXm7zDLaK-zP2tgykVV_5CrzVpgbpZxVo9lmE_DXujdfNb24yIPQi34NEzTUQIrtghPIxIHPw9Tdq0faWNjQztN0c69as2XolTO1TyQ949SOl8GT4eU6wbWyg14vQGL2linu7bE9Gnmws7kXL6ABeK4BwxzHU4lrjZ7ZoDPVRzWIpazcoHlBMcOEj8C7dhmIvduP_slB2GzYi-hwhtVvao8FDJmQNGhMyohnYk_v7PjJgxNMKz1H7-KgDpvEBpwKC98Ot34B83mK5wvxw"}}, "protected": "eyJub25jZSI6ICJzaGVCa3ItYmlPeG56b3c3MGJuQjhyTWdFd3hkaDlndFR4cG84VnRkcnVrIiwgInVybCI6ICJodHRwOi8vYm91bGRlci5vZmZpY2UubmljLmN6IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidUtWNUJsQ2VNZVhhNjlyM2xlV0prTzMtX1hzYm5rSzg3RFJoX3FQRmpKT200allYVE9iZ010NEZ0Q3F3UWw4Y2djWW9ZbVhtN3pETGFLLXpQMnRneWtWVl81Q3J6VnBnYnBaeFZvOWxtRV9EWHVqZGZOYjI0eUlQUWkzNE5FelRVUUlydGdoUEl4SUhQdzlUZHEwZmFXTmpRenROMGM2OWFzMlhvbFRPMVR5UTk0OVNPbDhHVDRlVTZ3Yld5ZzE0dlFHTDJsaW51N2JFOUdubXdzN2tYTDZBQmVLNEJ3eHpIVTRscmpaN1pvRFBWUnpXSXBhemNvSGxCTWNPRWo4QzdkaG1JdmR1UF9zbEIyR3pZaS1od2h0VnZhbzhGREptUU5HaE15b2huWWtfdjdQakpneE5NS3oxSDctS2dEcHZFQnB3S0M5OE90MzRCODNtSzV3dnh3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJsVmhfRmFVcEJEbC01T2pySmFFMnNtOE1MNUJvWmZlSmJOeTdfMWlhQ0ZrLnB1WW9saW5FOGhZenItRThZM2Rwckg5ZWVJUEE1SnkwMFB0dTBkRUdQck0ifQ", "signature": "L3en-T8m3jGU2JKvm1Kks7KKdRkhf1fD-rOy_grtbZBmhb_gPHBvjadV4wlbDJxkVKIiczHEykfx50LhLIs6vYcUMRo52c6lGITEwRTGBeBgGl30umh7FC1iUVnRh4sqoJeQfI3DkO07bB4qdQaqstefI5MgRLsOJs82AkuQ0iv8P6s7AV5gq9yfDSaUtTrzIR_7BaCFEUbefzZc6ZXmaBQsdX0YRWGwGh0IPQKpzNEmgjpA_G_ZKMHZTXUzGAZ61TBl2iW7R6AMEI75JAkJkXxLhJPg_Xz7WrKy_CJ1EB0uNuAiVHZwc1w8XvXUw19o5T9fErT99QZBHVdLdwzT3g"}'
[Thu Nov 9 13:07:42 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header --trace-ascii /tmp/tmp.sTCSOrbo8o '
[Thu Nov 9 13:07:42 UTC 2017] _ret='0'
[Thu Nov 9 13:07:42 UTC 2017] original='<h1>This is server: boulder.office.mojeip.cz </h1>'
[Thu Nov 9 13:07:42 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Thu, 09 Nov 2017 13:07:42 GMT
Content-Type: text/html
Content-Length: 48
Last-Modified: Thu, 09 Nov 2017 09:28:34 GMT
Connection: keep-alive
ETag: "5a041fc2-30"
Accept-Ranges: bytes
'
[Thu Nov 9 13:07:42 UTC 2017] response='<h1>This is server: boulder.office.mojeip.cz </h1>'
[Thu Nov 9 13:07:42 UTC 2017] code='200'
[Thu Nov 9 13:07:42 UTC 2017] suitecrm.office.mojeip.cz:Challenge error: <h1>This is server: boulder.office.mojeip.cz </h1>
[Thu Nov 9 13:07:42 UTC 2017] Debugging, skip removing: /home/letsencrypt/webroot/.well-known/acme-challenge/lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk
[Thu Nov 9 13:07:42 UTC 2017] pid
[Thu Nov 9 13:07:42 UTC 2017] No need to restore nginx, skip.
[Thu Nov 9 13:07:42 UTC 2017] _clearupdns
[Thu Nov 9 13:07:42 UTC 2017] skip dns.
[Thu Nov 9 13:07:42 UTC 2017] _on_issue_err
[Thu Nov 9 13:07:42 UTC 2017] Please check log file for more details: /home/letsencrypt/.acme.sh/acme.sh.log
[Thu Nov 9 13:07:42 UTC 2017] _chk_vlist='suitecrm.office.mojeip.cz#lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM#http://boulder.office.mojeip.cz#http-01#/home/letsencrypt/webroot,'
[Thu Nov 9 13:07:42 UTC 2017] start to deactivate authz
[Thu Nov 9 13:07:42 UTC 2017] tigger domain validation.
[Thu Nov 9 13:07:42 UTC 2017] _t_url='http://boulder.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] _t_key_authz='lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM'
[Thu Nov 9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "lVh_FaUpBDl-5OjrJaE2sm8ML5BoZfeJbNy7_1iaCFk.puYolinE8hYzr-E8Y3dprH9eeIPA5Jy00Ptu0dEGPrM"}'
[Thu Nov 9 13:07:42 UTC 2017] Use cached jwk for file: /home/letsencrypt/.acme.sh/ca/boulder.office.mojeip.cz/account.key
[Thu Nov 9 13:07:42 UTC 2017] Get nonce. ACME_DIRECTORY='http://boulder.office.mojeip.cz:4000/directory'
[Thu Nov 9 13:07:42 UTC 2017] GET
[Thu Nov 9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz:4000/directory'
[Thu Nov 9 13:07:42 UTC 2017] timeout
[Thu Nov 9 13:07:42 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header --trace-ascii /tmp/tmp.wFz2IqISdA '
[Thu Nov 9 13:07:42 UTC 2017] ret='0'
[Thu Nov 9 13:07:42 UTC 2017] _headers='HTTP/1.1 200 OK
Cache-Control: public, max-age=0, no-cache
Content-Type: application/json
Replay-Nonce: lcwvWZqCg5QiOFij_0U5mf430ZSYXTy1VqNl6BF11GM
Date: Thu, 09 Nov 2017 13:07:42 GMT
Content-Length: 510
'
[Thu Nov 9 13:07:42 UTC 2017] _CACHED_NONCE='lcwvWZqCg5QiOFij_0U5mf430ZSYXTy1VqNl6BF11GM'
[Thu Nov 9 13:07:42 UTC 2017] nonce='lcwvWZqCg5QiOFij_0U5mf430ZSYXTy1VqNl6BF11GM'
[Thu Nov 9 13:07:42 UTC 2017] POST
[Thu Nov 9 13:07:42 UTC 2017] url='http://boulder.office.mojeip.cz'
[Thu Nov 9 13:07:42 UTC 2017] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "uKV5BlCeMeXa69r3leWJkO3-_XsbnkK87DRh_qPFjJOm4jYXTObgMt4FtCqwQl8cgcYoYmXm7zDLaK-zP2tgykVV_5CrzVpgbpZxVo9lmE_DXujdfNb24yIPQi34NEzTUQIrtghPIxIHPw9Tdq0faWNjQztN0c69as2XolTO1TyQ949SOl8GT4eU6wbWyg14vQGL2linu7bE9Gnmws7kXL6ABeK4BwxzHU4lrjZ7ZoDPVRzWIpazcoHlBMcOEj8C7dhmIvduP_slB2GzYi-hwhtVvao8FDJmQNGhMyohnYk_v7PjJgxNMKz1H7-KgDpvEBpwKC98Ot34B83mK5wvxw"}}, "protected": "eyJub25jZSI6ICJsY3d2V1pxQ2c1UWlPRmlqXzBVNW1mNDMwWlNZWFR5MVZxTmw2QkYxMUdNIiwgInVybCI6ICJodHRwOi8vYm91bGRlci5vZmZpY2UubmljLmN6IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAidUtWNUJsQ2VNZVhhNjlyM2xlV0prTzMtX1hzYm5rSzg3RFJoX3FQRmpKT200allYVE9iZ010NEZ0Q3F3UWw4Y2djWW9ZbVhtN3pETGFLLXpQMnRneWtWVl81Q3J6VnBnYnBaeFZvOWxtRV9EWHVqZGZOYjI0eUlQUWkzNE5FelRVUUlydGdoUEl4SUhQdzlUZHEwZmFXTmpRenROMGM2OWFzMlhvbFRPMVR5UTk0OVNPbDhHVDRlVTZ3Yld5ZzE0dlFHTDJsaW51N2JFOUdubXdzN2tYTDZBQmVLNEJ3eHpIVTRscmpaN1pvRFBWUnpXSXBhemNvSGxCTWNPRWo4QzdkaG1JdmR1UF9zbEIyR3pZaS1od2h0VnZhbzhGREptUU5HaE15b2huWWtfdjdQakpneE5NS3oxSDctS2dEcHZFQnB3S0M5OE90MzRCODNtSzV3dnh3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJsVmhfRmFVcEJEbC01T2pySmFFMnNtOE1MNUJvWmZlSmJOeTdfMWlhQ0ZrLnB1WW9saW5FOGhZenItRThZM2Rwckg5ZWVJUEE1SnkwMFB0dTBkRUdQck0ifQ", "signature": "mPhsVHif7ClJptITMmIv7fgLk09cx6nvG4xiLv5LCH3te2C6NCxf6WjhzqCPoEu8LqXThb0wlY8FDYlfr87R8JW4K7dcV18vlqNbXmfUa7Ahu8aFGtIx_sAn_5pQ50r8MKI6R0snWRKRG7r0Lgx4w0UyrhcT1z7P4bWF4QAyZc1HMVRwHdVf5TRBx9I1C-2qwInsFUfSWyHOICWzQ3nBSHXGfTIa9h7rItstHOGnxf3s8OUvkxtaBjgXkvqHAOGIs6URg8dW5wvMrDNufmOa_zSkkriL8lnl9CfAnMCFULHYqU5_eZ_mN_xIJZMVJFfIywWuRxEj3JKX73CF78OtnQ"}'
[Thu Nov 9 13:07:42 UTC 2017] _CURL='curl -L --silent --dump-header /home/letsencrypt/.acme.sh/http.header --trace-ascii /tmp/tmp.SOBuN1Ym4O '
[Thu Nov 9 13:07:42 UTC 2017] _ret='0'
[Thu Nov 9 13:07:42 UTC 2017] original='<h1>This is server: boulder.office.mojeip.cz </h1>'
[Thu Nov 9 13:07:42 UTC 2017] responseHeaders='HTTP/1.1 100 Continue
HTTP/1.1 200 OK
Server: nginx/1.10.3
Date: Thu, 09 Nov 2017 13:07:42 GMT
Content-Type: text/html
Content-Length: 48
Last-Modified: Thu, 09 Nov 2017 09:28:34 GMT
Connection: keep-alive
ETag: "5a041fc2-30"
Accept-Ranges: bytes
'
[Thu Nov 9 13:07:42 UTC 2017] response='<h1>This is server: boulder.office.mojeip.cz </h1>'
[Thu Nov 9 13:07:42 UTC 2017] code='200'
[Thu Nov 9 13:07:42 UTC 2017] '/home/letsencrypt/webroot' does not contain 'dns'
[Thu Nov 9 13:07:42 UTC 2017] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0f 25 May 2017
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
options:
-V print version and feature information to stdout, and exit
-h|-? print a help text describing command line options and addresses
-hh like -h, plus a list of all common address option names
-hhh like -hh, plus a list of all available address option names
-d increase verbosity (use up to 4 times; 2 are recommended)
-D analyze file descriptors before loop
-ly[facility] log to syslog, using facility (default is daemon)
-lf<logfile> log to file
-ls log to stderr (default if no other log)
-lm[facility] mixed log mode (stderr during initialization, then syslog)
-lp<progname> set the program name used for logging
-lu use microseconds for logging timestamps
-lh add hostname to log messages
-v verbose data traffic, text
-x verbose data traffic, hexadecimal
-b<size_t> set data buffer size (8192)
-s sloppy (continue on error)
-t<timeout> wait seconds before closing second channel
-T<timeout> total inactivity timeout in seconds
-u unidirectional mode (left to right)
-U unidirectional mode (right to left)
-g do not check option groups
-L <lockfile> try to obtain lock, or fail
-W <lockfile> try to obtain lock, or wait
-4 prefer IPv4 if version is not explicitly specified
-6 prefer IPv6 if version is not explicitly specified
コンソール:
をboulder_1 | I131626 boulder-wfe Successful request JSON={"Endpoint":"/directory","Method":"GET","ResponseNonce":"Zg32kE2Vnh1k_YNbDMf7z-EN_9xMSCwEI8QxHsGf25g","UserAgent":"acme.sh/2.7.4 (https://github.com/Neilpang/acme.sh)","Code":0}
boulder_1 | I131626 boulder-wfe Successful request JSON={"Endpoint":"/directory","Method":"HEAD","ResponseNonce":"nNQzqnkdfxiuh4qBnUq1kfgGvagj4z6mf19FZ96knnQ","UserAgent":"acme.sh/2.7.4 (https://github.com/Neilpang/acme.sh)","Code":0}
boulder_1 | I131626 boulder-wfe Successful request JSON={"Endpoint":"/acme/new-authz","Method":"POST","Requester":2,"Contacts":[],"RequestNonce":"nNQzqnkdfxiuh4qBnUq1kfgGvagj4z6mf19FZ96knnQ","ResponseNonce":"NQlEruE9KRKv6wDKlw3sMFI_rqGozSR1WbXGYX4zMPk","UserAgent":"acme.sh/2.7.4 (https://github.com/Neilpang/acme.sh)","Code":0,"Payload":"{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"suitecrm.office.nic.cz\"}}","Extra":{"AuthzID":"g_p52tFzTlJdur_jxKu8H3z0nZFFxlXDDXDnpISYOWs","Identifier":{"type":"dns","value":"suitecrm.office.nic.cz"}}}
boulder_1 | I131626 boulder-wfe Successful request JSON={"Endpoint":"/directory","Method":"HEAD","ResponseNonce":"BQ6DpsteiiKgadQ0SxjgWudtjT13X3EIMVksyxvG-e4","UserAgent":"acme.sh/2.7.4 (https://github.com/Neilpang/acme.sh)","Code":0}
編集:
こんにちは再び、 私はちょうど、テストacmetinyのために実行し、私はこれらのエラーを得た:
[email protected]:~/acmetiny/acme-tiny$ ./acme_tiny.py --account-key /home/letsencrypt/.acme.sh/suitecrm.office.mojeip.cz/suitecrm.office.mojeip.cz.key --csr /home/letsencrypt/.acme.sh/suitecrm.office.mojeip.cz/suitecrm.office.mojeip.cz.csr --acme-dir /home/letsencrypt/webroot/.well-known/acme-challenge/ --ca http://boulder.office.mojeip.cz:4000
Parsing account key...
Parsing CSR...
Registering account...
Registered!
Verifying suitecrm.office.mojeip.cz...
Traceback (most recent call last):
File "./acme_tiny.py", line 199, in <module>
main(sys.argv[1:])
File "./acme_tiny.py", line 195, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File "./acme_tiny.py", line 150, in get_crt
domain, challenge_status))
ValueError: suitecrm.office.mojeip.cz challenge did not pass: {u'status': u'invalid', u'validationRecord': [{u'addressesResolved': [u'172.17.0.1'], u'url': u'http://suitecrm.office.mojeip.cz:5002/.well-known/acme-challenge/F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM', u'hostname': u'suitecrm.office.mojeip.cz', u'addressesTried': [], u'addressUsed': u'172.17.0.1', u'port': u'5002'}], u'keyAuthorization': u'F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM.zuwKtqMhCyrE0K9UDAVN1xiHewv-ztzFgwUpUdttZtY', u'uri': u'http://boulder.office.mojeip.cz:4000/acme/challenge/Bnk3Lc9o44ZmYeqBBHBTRgm8q3vEaDthFmFq0ck1vfw/27', u'token': u'F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM', u'error': {u'status': 400, u'type': u'urn:acme:error:connection', u'detail': u'Fetching http://suitecrm.office.mojeip.cz:5002/.well-known/acme-challenge/F6p-IafxaP_QYj6Ve_NMVIZr7vev8wpHvjXtJ3qunpM: Connection refused'}, u'type': u'http-01'}
だから多分岩の側にいくつかの問題があります。しかし、私はまだそれに近い機能はありません。