ocehb: (Default)
[personal profile] ocehb
Если официальный lestencrypt'овский клиент не хочет обновлять сертификат
и падает с невнятной диагностикой

Domain: host.domain
Type:   unauthorized
Detail: Incorrect validation certificate for tls-sni-01 challenge. Requested c487b16848f81fd18948802e493f858e.
fa08f116e60cfe88bb05a96cb684c921.acme.invalid from <ip>:443. Received 2 certificate(s), first certificate had names "<names...>"

и в letsencrypt.log типа

2017-11-02 01:05:27,150:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/certbot/renewal.py", line 425, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/usr/lib/python3.6/site-packages/certbot/main.py", line 743, in renew_cert
    _get_and_save_cert(le_client, config, lineage=lineage)
  File "/usr/lib/python3.6/site-packages/certbot/main.py", line 80, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3.6/site-packages/certbot/renewal.py", line 297, in renew_cert
    new_certr, new_chain, new_key, _ = le_client.obtain_certificate(domains)
  File "/usr/lib/python3.6/site-packages/certbot/client.py", line 318, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 81, in get_authorizations
    self._respond(resp, best_effort)
  File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 138, in _respond
    self._poll_challenges(chall_update, best_effort)
  File "/usr/lib/python3.6/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)


то, если у вас стоит SELinux, следует сделать (если у вас nginx, для apache аналогично):

# chcon --reference=/var/log/nginx/ssl_error.log /var/lib/letsencrypt/error.log
# chcon --reference=/var/log/nginx/ssl_access.log /var/lib/letsencrypt/access.log


А так — работает нормально.

This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

Profile

ocehb: (Default)
ocehb

January 2021

S M T W T F S
     12
345 6789
10111213141516
17181920212223
24252627282930
31      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jun. 11th, 2025 11:43 pm
Powered by Dreamwidth Studios