时间戳

首页 > 解决方案 > certbot 在命令行中工作,但在通过 django 调用脚本运行时失败

python - certbot 在命令行中工作,但在通过 django 调用脚本运行时失败

问题描述

所以我这几天一直在处理这个问题,并且已经用尽了我能想到的所有可能的事情。

为澄清起见,我正在运行

机器:Centos 7

网络服务器:Django

Python版本:3.6

我在 /usr/local/bin/activate_https_hostedvoice 有这个 shell 脚本

#!/bin/bash

echo "<REMOVE_FOR_SECURITY>" | sudo -S curl -i -XPOST "http://<REMOVED_FOR_SECURITY>/records/""$1""/""$2"""

sleep 10

NGINX_CONFIG_FILE=/etc/nginx/guiconf.d/guiserver.conf

sed -i "s/]/,'""$1""']/g" /var/lib/guiserver/astgui2/db_pass.py

echo "<REMOVE_FOR_SECURITY>" | su -c "/sbin/service guiserver reload" root

echo "" >> ${NGINX_CONFIG_FILE}

echo "server{" >> ${NGINX_CONFIG_FILE}

echo "server_name $1;" >> ${NGINX_CONFIG_FILE}

echo "client_max_body_size 4G;" >> ${NGINX_CONFIG_FILE}

echo "include guiconf.d/server_params;" >> ${NGINX_CONFIG_FILE}
echo "include guiconf.d/static_files;" >> ${NGINX_CONFIG_FILE}
echo "include guiconf.d/web_path;" >> ${NGINX_CONFIG_FILE}
echo "include guiconf.d/local_path;" >> ${NGINX_CONFIG_FILE}
echo "include guiconf.d/ws_path;" >> ${NGINX_CONFIG_FILE}

echo "}" >> ${NGINX_CONFIG_FILE}


echo "<REMOVE_FOR_SECURITY>" | su -c "systemctl reload nginx" root

echo "<REMOVE_FOR_SECURITY>" | su -c "systemctl stop iptables" root

echo "<REMOVE_FOR_SECURITY>" | su -c "certbot --nginx -d ""$1"" --agree-tos --email <REMOVED_FOR_SECURITY> -n" root

echo "<REMOVE_FOR_SECURITY>" | su -c "systemctl reload nginx" root

echo "<REMOVE_FOR_SECURITY>" | su -c "systemctl start iptables" root

echo "<REMOVE_FOR_SECURITY>" | su -c "/sbin/service guiserver reload" root

echo "<REMOVE_FOR_SECURITY>" | su -c 'echo "0 */12 * * * certbot --nginx renew -n" >> /var/spool/cron/root' root

echo "<REMOVE_FOR_SECURITY>" | su -c "rm -f /var/lib/guiserver/bin/https_config" root

echo "<REMOVE_FOR_SECURITY>" | su -c "echo ""$1"" >> /var/lib/guiserver/bin/https_config" root

这里发生的事情是首先我发送一个 curl 请求以将 A 记录添加到名称服务器。然后我为 nginx 添加适当的配置

然后我重新加载 nginx 并停止 iptables 以便 certbot 可以访问服务器

当我在命令行中运行此脚本时bash /usr/local/bin/activate_https_hostedvoice <some_domain> <some_ip>

脚本运行完美,A 记录可立即 ping 通。

但是,当我像这样通过 django 运行脚本时

os.system('echo "<REMOVE_FOR_SECURITY>" | su -c "bash /usr/local/bin/activate_https_hostedvoice ' + domain + ' ' + points_to + ' > /tmp/http_activate_log " root');

我可以看到 A 记录已添加到名称服务器并添加了 nginx 配置值但是当涉及到 certbot 这是我收到的输出

The following errors were reported by the server:

   Domain: <REMOVED_FOR_SECURITY>
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up A for <REMOVED_FOR_SECURITY>
   - check that a DNS record exists for this domain

脚本退出后,我尝试对 A 记录执行 ping 操作,但它在服务器上的几分钟内无法 ping,但如果我在本地计算机或另一台计算机上尝试并 ping 域,则它可以 ping

从命令行我已经背靠背运行了 30 多个测试,并且他们都成功完成了这个问题,只有当我从 django 调用脚本时才会出现这个问题,这对我来说毫无意义

关于问题的更新:

经过进一步测试,如果我运行curl -i -XPOST "http://<REMOVED_FOR_SECURITY>/records/<some_domain>/<some_ip>"

直接在命令行上然后它不能立即ping,所以我把它放在一个脚本中并运行bash /tmp/test <some_domain> <some_ip>

然后该域立即可以ping通

所以很自然地我把原来的脚本改成了 bash /tmp/test ""$1"" ""$2""

代替 echo "<REMOVE_FOR_SECURITY>" | sudo -S curl -i -XPOST "http://<REMOVED_FOR_SECURITY>/records/""$1""/""$2"""

但是我仍然遇到无法立即ping通的问题

谢谢约瑟夫

标签: pythondjangocentos7

解决方案

我尝试了这一步并成功了。一次只有一行。

sudo pip uninstall requests
sudo pip uninstall urllib3
sudo yum remove python-urllib3 -y
sudo yum remove python-requests -y
sudo yum install python-urllib3 -y
sudo yum install python-requests -y
sudo yum install certbot python2-certbot-nginx
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1

推荐阅读