神奇的赵贰
1
无法申请SSL证书, 日志如下:
2024/01/31 00:48:28 开始申请证书,域名 [***] 申请方式 [DNS 自动] DNS 账号 [DNSPod] 厂商 [DnsPod]
2024/01/31 00:48:28 [INFO] [*] acme: Obtaining bundled SAN certificate
2024/01/31 00:48:29 [INFO] [*] AuthURL: ***
2024/01/31 00:48:29 [INFO] [*] acme: Could not find solver for: tls-alpn-01
2024/01/31 00:48:29 [INFO] [*] acme: Could not find solver for: http-01
2024/01/31 00:48:29 [INFO] [*] acme: use dns-01 solver
2024/01/31 00:48:29 [INFO] [*] acme: Preparing to solve DNS-01
没错,日志就卡在这里不动了。ACME账号类型都试了,DNS账户试了DNSPOD和CloudFlare,验证方式HTTP,DNS都试了(手动解析会卡在”正在获取 DNS 解析值,请稍后 …“),都不行。日志里的AuthURL我在ssh里用curl访问是可以访问到的。
PS:我重装系统试了宝塔的证书申请,可以正常申请到。
1panel版本:1.9.4
尝试关闭 ipv6 或者申请证书时跳过 DNS 验证
神奇的赵贰
5
2024/01/31 14:06:07 开始申请证书,域名 [***] 申请方式 [DNS 自动] DNS 账号 [CloudFlare] 厂商 [CloudFlare]
2024/01/31 14:06:07 [INFO] [***] acme: Obtaining bundled SAN certificate
2024/01/31 14:06:08 [INFO] [***] AuthURL: ***
2024/01/31 14:06:08 [INFO] [***] acme: Could not find solver for: tls-alpn-01
2024/01/31 14:06:08 [INFO] [***] acme: Could not find solver for: http-01
2024/01/31 14:06:08 [INFO] [***] acme: use dns-01 solver
2024/01/31 14:06:08 [INFO] [***] acme: Preparing to solve DNS-01
一样,还是卡在这里
神奇的赵贰
6
2024/01/31 14:06:07 开始申请证书,域名 [***] 申请方式 [DNS 自动] DNS 账号 [CloudFlare] 厂商 [CloudFlare]
2024/01/31 14:06:07 [INFO] [***] acme: Obtaining bundled SAN certificate
2024/01/31 14:06:08 [INFO] [***] AuthURL: ***
2024/01/31 14:06:08 [INFO] [***] acme: Could not find solver for: tls-alpn-01
2024/01/31 14:06:08 [INFO] [***] acme: Could not find solver for: http-01
2024/01/31 14:06:08 [INFO] [***] acme: use dns-01 solver
2024/01/31 14:06:08 [INFO] [***] acme: Preparing to solve DNS-01
2024/01/31 14:46:06 [INFO] cloudflare: new record for ***.***.***.***, ID bd150c13731413f243bf13a007093a51
2024/01/31 14:46:06 [INFO] [***] acme: Trying to solve DNS-01
2024/01/31 14:46:06 [INFO] [***] acme: Cleaning DNS-01 challenge
2024/01/31 14:56:06 [INFO] [***] acme: Checking DNS record propagation using [8.8.8.8:53 1.1.1.1:53]
2024/01/31 14:56:06 [WARN] [***] acme: cleaning up failed: cloudflare: unknown record ID for '_acme-challenge.***.'
2024/01/31 14:56:07 [INFO] retry due to: acme: error: 400 :: POST :: *** :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: "fBfjtdZFv6O6mWL6BthVp6fQ39iv6vxJj7irI_2GqsjIa_YaZXg"
2024/01/31 14:56:08 [INFO] Deactivating auth: ***
2024/01/31 14:56:08 申请 [***] 证书失败, error: one or more domains had a problem:
[***] [***] acme: error presenting token: cloudflare: failed to create TXT record: Record already exists. (81057)
等了很久,这个最后失败了
1.你填的 key 是 global api key 还是 token ?
2.删除你的 DNS 配置中 生成的 TXT 配置
神奇的赵贰
8
token,删了TXT重试还是不行,DNS账号设置就是从另一台机器复制的,另一台机器可以正常申请
神奇的赵贰
12
我的Token又DNS编辑权限,我还试了DNSPod,也一样无法申请
你这样 你对比一下这两个 Token 是不是完全一致 看看是不是复制的时候少了个字母啥的
神奇的赵贰
14
token是一致的,不是token的问题,acme脚本能创建出txt记录,说明这块是正常的
那就只能是网络问题了
目前已知的就是如果机器开启了 ipv6 设置,那么无论有没有 ipv6 地址,申请证书的时候都会使用 ipv6 去请求接口
其他的目前还没有碰到