ssl - 错误交钥匙 linux confconsole dehydrated .well-known/acme-challenge 404 NOT FOUND

问题描述

使用 RamNode 的交钥匙 Linux 发行版，我注意到我的网站证书已过期，并且 https 链接被标记为“继续”对话框。进一步研究这个问题，Turnkey Linux 使用 confconsole 和 Let's Encrypt 来请求新证书。多个 [virtual] 域要求用户手动使用 cronjob 每天在 /etc/cron.daily/confconsole-dehydrad 下调用的 dehydrad-wrapper，但会导致错误：

/var/log/confconsole/letsencrypt.log

[2019-03-09 05:35:04] dehydrated-wrapper: FATAL: An unexpected service is listening on port 80: nginx:
[2019-03-09 05:35:04] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
Restarting SSL tunnels: [stopped: /etc/stunnel/stunnel.conf] [Started: /etc/stunnel/stunnel.conf] stunnel.
[2019-03-09 05:35:09] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
[2019-03-09 05:35:09] cron: ERROR: dehydrated-wrapper exited with a non-zero exit code.
[2019-03-10 05:35:04] cron: /etc/ssl/private/cert.pem has expired or will do so within 30 days. Attempting renewal.

解决方案：更新 /usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrad-wrapper

代替：

netstat -ltpn | grep ":80 " | head -1 | cut -d/ -f2 | sed -e 's [[:space:]].*$||'

和：

netstat -ltpn | grep ":80 " | head -1 | cut -d/ -f2 \
   | sed -e 's|[[:space:]].*$||; s|[^a-zA-Z0-9]||'

就像在这个提交中一样https://github.com/turnkeylinux/confconsole/commit/d1e61c4767c2148663429d63bc3a42925af8cbcd

然后再次手动运行 cronjob 或等待明天：/etc/cron.daily/confconsole-dehydrad

[2019-03-31 19:26:45] confconsole.hook.sh: SUCCESS: Cert request successful. Writing cert.pem & cert.key for DOMAIN1 to /etc/ssl/private
[2019-03-31 19:26:52] confconsole.hook.sh: SUCCESS: Cert request successful. Writing cert.pem & cert.key for DOMAIN2 to /etc/ssl/private
[2019-03-31 19:26:59] confconsole.hook.sh: SUCCESS: Cert request successful. Writing cert.pem & cert.key for DOMAIN3 to /etc/ssl/private

谢谢你，我希望它可以节省你一些时间

相关链接：https ://github.com/turnkeylinux/tracker/issues/976

标签： sslnginxcertificatelets-encryptturnkeylinux.org