无法使用 LetsEncrypt 验证网站答案

【问题标题】：Can't verify site with LetsEncrypt无法使用 LetsEncrypt 验证网站
【发布时间】：2017-09-11 16:10:06
【问题描述】：

我一直在尝试为使用 LetsEncrypt 的网站获取 SSL 证书，“免费、自动化和开放的证书颁发机构 (CA)，为公众利益而运行”强>。有一个 ACME shell 脚本旨在使使用 LetsEncrypts API 的过程更容易接收 SSL 证书。他们的一种方法要求您输入您的域名和应用程序的 webroot。

acme.sh --issue -d example.com -w /home/wwwroot/example.com

但是，当我尝试输入此命令时，它说它无法验证域。我在脚本命令中添加了一个 --debug 标志，并收到了这个，但不确定问题出在哪里。

[Mon Sep 11 05:05:01 UTC 2017] Using config home:/home/doc4design/.acme.sh
[Mon Sep 11 05:05:01 UTC 2017] DOMAIN_PATH='/home/doc4design/.acme.sh/doc4design.com'
[Mon Sep 11 05:05:01 UTC 2017] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Mon Sep 11 05:05:01 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Mon Sep 11 05:05:01 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Mon Sep 11 05:05:01 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:01 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Mon Sep 11 05:05:01 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Mon Sep 11 05:05:01 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Mon Sep 11 05:05:01 UTC 2017] Le_NextRenewTime
[Mon Sep 11 05:05:01 UTC 2017] _on_before_issue
[Mon Sep 11 05:05:01 UTC 2017] Le_LocalAddress
[Mon Sep 11 05:05:01 UTC 2017] Check for domain='doc4design.com'
[Mon Sep 11 05:05:02 UTC 2017] _currentRoot='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:02 UTC 2017] _saved_account_key_hash is not changed, skip register account.
[Mon Sep 11 05:05:02 UTC 2017] Read key length:
[Mon Sep 11 05:05:02 UTC 2017] _createcsr
[Mon Sep 11 05:05:02 UTC 2017] Single domain='doc4design.com'
[Mon Sep 11 05:05:02 UTC 2017] Getting domain auth token for each domain
[Mon Sep 11 05:05:02 UTC 2017] Getting webroot for domain='doc4design.com'
[Mon Sep 11 05:05:02 UTC 2017] _w='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:02 UTC 2017] _currentRoot='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:02 UTC 2017] Getting new-authz for domain='doc4design.com'
[Mon Sep 11 05:05:02 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Mon Sep 11 05:05:02 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Mon Sep 11 05:05:02 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Mon Sep 11 05:05:02 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Mon Sep 11 05:05:02 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Mon Sep 11 05:05:02 UTC 2017] Try new-authz for the 0 time.
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "doc4design.com"}}'
[Mon Sep 11 05:05:02 UTC 2017] RSA key
[Mon Sep 11 05:05:02 UTC 2017] GET
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Mon Sep 11 05:05:02 UTC 2017] timeout
[Mon Sep 11 05:05:02 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:02 UTC 2017] ret='0'
[Mon Sep 11 05:05:02 UTC 2017] POST
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:03 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] code='201'
[Mon Sep 11 05:05:03 UTC 2017] The new-authz request is ok.
[Mon Sep 11 05:05:03 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012","token":"jSwY3$
[Mon Sep 11 05:05:03 UTC 2017] token='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c'
[Mon Sep 11 05:05:03 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] keyauthorization='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM'
[Mon Sep 11 05:05:03 UTC 2017] dvlist='doc4design.com#jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM#https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i$
[Mon Sep 11 05:05:03 UTC 2017] vlist='doc4design.com#jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM#https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3$
[Mon Sep 11 05:05:03 UTC 2017] ok, let's start to verify
[Mon Sep 11 05:05:03 UTC 2017] Verifying:doc4design.com
[Mon Sep 11 05:05:03 UTC 2017] d='doc4design.com'
[Mon Sep 11 05:05:03 UTC 2017] keyauthorization='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM'
[Mon Sep 11 05:05:03 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] _currentRoot='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:02 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Mon Sep 11 05:05:02 UTC 2017] Try new-authz for the 0 time.
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "doc4design.com"}}'
[Mon Sep 11 05:05:02 UTC 2017] RSA key
[Mon Sep 11 05:05:02 UTC 2017] GET
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Mon Sep 11 05:05:02 UTC 2017] timeout
[Mon Sep 11 05:05:02 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:02 UTC 2017] ret='0'
[Mon Sep 11 05:05:02 UTC 2017] POST
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:03 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] code='201'
[Mon Sep 11 05:05:03 UTC 2017] The new-authz request is ok.
[Mon Sep 11 05:05:03 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012","token":"jSwY3$
[Mon Sep 11 05:05:03 UTC 2017] token='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c'
[Mon Sep 11 05:05:03 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] keyauthorization='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM'
[Mon Sep 11 05:05:03 UTC 2017] dvlist='doc4design.com#jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM#https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i$
[Mon Sep 11 05:05:03 UTC 2017] vlist='doc4design.com#jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM#https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3$
[Mon Sep 11 05:05:03 UTC 2017] ok, let's start to verify
[Mon Sep 11 05:05:03 UTC 2017] Verifying:doc4design.com
[Mon Sep 11 05:05:03 UTC 2017] d='doc4design.com'
[Mon Sep 11 05:05:03 UTC 2017] keyauthorization='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM'
[Mon Sep 11 05:05:03 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] _currentRoot='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:03 UTC 2017] wellknown_path='/home/doc4design/webapps/django_2016/doc4_2016/.well-known/acme-challenge'
[Mon Sep 11 05:05:03 UTC 2017] writing token:jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c to /home/doc4design/webapps/django_2016/doc4_2016/.well-known/acme-challenge/jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8C$
[Mon Sep 11 05:05:03 UTC 2017] Changing owner/group of .well-known to doc4design:doc4design
[Mon Sep 11 05:05:03 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM"}'
[Mon Sep 11 05:05:03 UTC 2017] POST
[Mon Sep 11 05:05:03 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:03 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] code='202'
[Mon Sep 11 05:05:03 UTC 2017] sleep 2 secs to verify
[Mon Sep 11 05:05:05 UTC 2017] checking
[Mon Sep 11 05:05:05 UTC 2017] GET
[Mon Sep 11 05:05:05 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:05 UTC 2017] timeout
[Mon Sep 11 05:05:05 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:06 UTC 2017] ret='0'
[Mon Sep 11 05:05:06 UTC 2017] doc4design.com:Verify error:Invalid response from http://doc4design.com/.well-known/acme-challenge/jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c:
[Mon Sep 11 05:05:06 UTC 2017] pid
[Mon Sep 11 05:05:06 UTC 2017] No need to restore nginx, skip.
[Mon Sep 11 05:05:06 UTC 2017] _clearupdns
[Mon Sep 11 05:05:06 UTC 2017] skip dns.
[Mon Sep 11 05:05:06 UTC 2017] _on_issue_err
[Mon Sep 11 05:05:06 UTC 2017] Please check log file for more details: /home/doc4design/.acme.sh/acme.sh.log
[Mon Sep 11 05:05:06 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:06 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM"}'
[Mon Sep 11 05:05:06 UTC 2017] POST
[Mon Sep 11 05:05:06 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:06 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:06 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] Changing owner/group of .well-known to doc4design:doc4design
[Mon Sep 11 05:05:03 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM"}'
[Mon Sep 11 05:05:03 UTC 2017] POST
[Mon Sep 11 05:05:03 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:03 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] code='202'
[Mon Sep 11 05:05:03 UTC 2017] sleep 2 secs to verify
[Mon Sep 11 05:05:05 UTC 2017] checking
[Mon Sep 11 05:05:05 UTC 2017] GET
[Mon Sep 11 05:05:05 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:05 UTC 2017] timeout
[Mon Sep 11 05:05:05 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:06 UTC 2017] ret='0'
[Mon Sep 11 05:05:06 UTC 2017] doc4design.com:Verify error:Invalid response from http://doc4design.com/.well-known/acme-challenge/jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c:
[Mon Sep 11 05:05:06 UTC 2017] pid
[Mon Sep 11 05:05:06 UTC 2017] No need to restore nginx, skip.
[Mon Sep 11 05:05:06 UTC 2017] _clearupdns
[Mon Sep 11 05:05:06 UTC 2017] skip dns.
[Mon Sep 11 05:05:06 UTC 2017] _on_issue_err
[Mon Sep 11 05:05:06 UTC 2017] Please check log file for more details: /home/doc4design/.acme.sh/acme.sh.log
[Mon Sep 11 05:05:06 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:06 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM"}'
[Mon Sep 11 05:05:06 UTC 2017] POST
[Mon Sep 11 05:05:06 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:06 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:06 UTC 2017] _ret='0'
[Mon Sep 11 05:05:06 UTC 2017] code='400'

熟悉 LetsEncrypt 的人能否解释一下为什么 LetsEncrypt 无法验证我的网站并为我颁发 SSL 证书？

【问题讨论】：

标签： django ssl lets-encrypt webfaction

【解决方案1】：

问题在这一行陈述：

[Mon Sep 11 05:05:06 UTC 2017] doc4design.com:Verify error:Invalid response from http://doc4design.com/.well-known/acme-challenge/jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c:

问题在于，无论出于何种原因，外部流量都无法访问位于http://doc4design.com/.well-known/acme-challenge/jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c 的文件，该文件可能位于/home/wwwroot/example.com/.well-known/acme-challenge/jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c 的文件系统中。

该文件需要可通过给定 URL 进行外部访问。

【讨论】：

【解决方案2】：

我在网络派中有这个。

我看到你也安装了 Django。

你有separate webapp to serve the static assets吗？

就我而言，我必须将 LetyEncrypt 生成的文件 放在 STATIC 资产所在的同一目录中。

我去年亲自为这个letsencrypt webfaction script安定下来的。

用于 WebFaction 主机的 LetsEncrypt 实用程序客户端

https://github.com/will-in-wi/letsencrypt-webfaction

我为 2 个域配置了它，上次我检查了 LetsEncrypt 证书是否自动更新。

【讨论】：

这也是原版letsencrypt thread at webfaction support:
我注意到它需要您安装并运行 Ruby。我的应用程序在 Django/Python 中。这会影响我的项目吗？
嗨，在letsencrypt-webfaction的github README中有2个选项： - 系统ruby（我用过这个） - RBEnv（如果你想自己安装ruby）只需输入ruby -v一个终端窗口，它需要是 2.3.x 版本
它应该对您的项目没有影响，但请按照自述文件中的说明进行操作（我也贡献了一些更新）。我使用 python 而不是 ruby，但还没有时间在 python 中编写自己的实现。 :) 只是好奇：你是如何部署 django 的？使用 webfaction 控制面板？我有 2 个不同的 django 安装（不同的 python 版本），加上一些静态站点，它们不混合。
我是欧洲时间，所以没能早点听到你的问题。

【解决方案3】：

您可以添加--debug 2 以获取更详细的调试信息： acme.sh --issue -d example.com -w /home/wwwroot/example.com --debug 2

从上面的日志，我猜它与ipv6有关。您的域已解析 ipv6 AAAA 记录。您的网站是否在 ipv6 上监听？

【讨论】：