无法申请SSL证书

1Panel
1

无法申请SSL证书, 日志如下:

2024/01/31 00:48:28 开始申请证书,域名 [***] 申请方式 [DNS 自动] DNS 账号 [DNSPod] 厂商 [DnsPod]
2024/01/31 00:48:28 [INFO] [*] acme: Obtaining bundled SAN certificate
2024/01/31 00:48:29 [INFO] [*] AuthURL: ***
2024/01/31 00:48:29 [INFO] [*] acme: Could not find solver for: tls-alpn-01
2024/01/31 00:48:29 [INFO] [*] acme: Could not find solver for: http-01
2024/01/31 00:48:29 [INFO] [*] acme: use dns-01 solver
2024/01/31 00:48:29 [INFO] [*] acme: Preparing to solve DNS-01

没错,日志就卡在这里不动了。ACME账号类型都试了,DNS账户试了DNSPOD和CloudFlare,验证方式HTTP,DNS都试了(手动解析会卡在”正在获取 DNS 解析值,请稍后 …“),都不行。日志里的AuthURL我在ssh里用curl访问是可以访问到的。

PS:我重装系统试了宝塔的证书申请,可以正常申请到。

1panel版本:1.9.4

2

尝试关闭 ipv6 或者申请证书时跳过 DNS 验证

3

还是不行

4

选择 跳过 DNS 验证 之后的日志发一下

5 
2024/01/31 14:06:07 开始申请证书,域名 [***] 申请方式 [DNS 自动] DNS 账号 [CloudFlare] 厂商 [CloudFlare]
2024/01/31 14:06:07 [INFO] [***] acme: Obtaining bundled SAN certificate
2024/01/31 14:06:08 [INFO] [***] AuthURL: ***
2024/01/31 14:06:08 [INFO] [***] acme: Could not find solver for: tls-alpn-01
2024/01/31 14:06:08 [INFO] [***] acme: Could not find solver for: http-01
2024/01/31 14:06:08 [INFO] [***] acme: use dns-01 solver
2024/01/31 14:06:08 [INFO] [***] acme: Preparing to solve DNS-01

一样,还是卡在这里

6 
2024/01/31 14:06:07 开始申请证书,域名 [***] 申请方式 [DNS 自动] DNS 账号 [CloudFlare] 厂商 [CloudFlare]
2024/01/31 14:06:07 [INFO] [***] acme: Obtaining bundled SAN certificate
2024/01/31 14:06:08 [INFO] [***] AuthURL: ***
2024/01/31 14:06:08 [INFO] [***] acme: Could not find solver for: tls-alpn-01
2024/01/31 14:06:08 [INFO] [***] acme: Could not find solver for: http-01
2024/01/31 14:06:08 [INFO] [***] acme: use dns-01 solver
2024/01/31 14:06:08 [INFO] [***] acme: Preparing to solve DNS-01
2024/01/31 14:46:06 [INFO] cloudflare: new record for ***.***.***.***, ID bd150c13731413f243bf13a007093a51
2024/01/31 14:46:06 [INFO] [***] acme: Trying to solve DNS-01
2024/01/31 14:46:06 [INFO] [***] acme: Cleaning DNS-01 challenge
2024/01/31 14:56:06 [INFO] [***] acme: Checking DNS record propagation using [8.8.8.8:53 1.1.1.1:53]
2024/01/31 14:56:06 [WARN] [***] acme: cleaning up failed: cloudflare: unknown record ID for '_acme-challenge.***.' 
2024/01/31 14:56:07 [INFO] retry due to: acme: error: 400 :: POST :: *** :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: "fBfjtdZFv6O6mWL6BthVp6fQ39iv6vxJj7irI_2GqsjIa_YaZXg"
2024/01/31 14:56:08 [INFO] Deactivating auth: ***
2024/01/31 14:56:08 申请  [***] 证书失败, error: one or more domains had a problem:
[***] [***] acme: error presenting token: cloudflare: failed to create TXT record: Record already exists. (81057)

等了很久,这个最后失败了

7

1.你填的 key 是 global api key 还是 token ?
2.删除你的 DNS 配置中 生成的 TXT 配置

8

token,删了TXT重试还是不行,DNS账号设置就是从另一台机器复制的,另一台机器可以正常申请

9

另一台机器也是 1Panel 吗

10

或者你看一下这个v1.9 版本CloudFlare 证书申请失败的解决方案

11

是的,另一台也是1panel

12

我的Token又DNS编辑权限,我还试了DNSPod,也一样无法申请

13

你这样 你对比一下这两个 Token 是不是完全一致 看看是不是复制的时候少了个字母啥的

14

token是一致的,不是token的问题,acme脚本能创建出txt记录,说明这块是正常的

15

那就只能是网络问题了
目前已知的就是如果机器开启了 ipv6 设置,那么无论有没有 ipv6 地址,申请证书的时候都会使用 ipv6 去请求接口
其他的目前还没有碰到