ssl сервисов alma9.3
Re: ssl сервисов alma9.3
Ошибка генерации сертификата. Серверный хостнейм должен быть привязан к айпи сервера!
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
Keeping the existing certificate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal; no action taken.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
80 и 443 открыты
Присутствует cloudflare.
Хостнейм = имя сайта mydomen.su
Привязан для управления cloudflare через панель (соединение есть, api работает)
На время генерации cloudflare стоит в паузе.Нечего не проксируется
/etc/letsencrypt дублей нет.
Виртуальная машина с панелью за nat, все прописано в соответствие с viewtopic.php?f=9&t=4144 (все работает)
/etc/NetworkManager/system-connections/enp0s3.nmconnection (конфиг)
[connection]
id=enp0s3
uuid=25f6f36b-ed1b-35f1-90a2-707695ef941d
type=ethernet
autoconnect-priority=-999
interface-name=enp0s3
timestamp=1704208728
[ethernet]
[ipv4]
address1=192.168.1.135/24,192.168.1.1
dns-search=mydomen.su;
method=manual
[ipv6]
addr-gen-mode=eui64
method=disabled
[proxy]
///////////////log
2024-01-05 22:03:57,977:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer <certbot._internal.cli.cli_utils._Default object at 0x7f0529f42b20>
2024-01-05 22:03:58,037:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2024-01-05 22:03:58,266:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2024-01-05 22:03:58,268:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/mydomen.su/cert1.pem is signed by the certificate's issuer.
2024-01-05 22:03:58,269:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/mydomen.su/cert1.pem is: OCSPCertStatus.GOOD
2024-01-05 22:03:58,274:INFO:certbot._internal.renewal:Cert not yet due for renewal
2024-01-05 22:03:58,274:INFO:certbot._internal.main:Keeping the existing certificate
2024-01-05 22:03:58,274:DEBUG:certbot.display.util:Notifying user: Certificate not yet due for renewal; no action taken.
Есть мысли как починить?
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
Keeping the existing certificate
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal; no action taken.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
80 и 443 открыты
Присутствует cloudflare.
Хостнейм = имя сайта mydomen.su
Привязан для управления cloudflare через панель (соединение есть, api работает)
На время генерации cloudflare стоит в паузе.Нечего не проксируется
/etc/letsencrypt дублей нет.
Виртуальная машина с панелью за nat, все прописано в соответствие с viewtopic.php?f=9&t=4144 (все работает)
/etc/NetworkManager/system-connections/enp0s3.nmconnection (конфиг)
[connection]
id=enp0s3
uuid=25f6f36b-ed1b-35f1-90a2-707695ef941d
type=ethernet
autoconnect-priority=-999
interface-name=enp0s3
timestamp=1704208728
[ethernet]
[ipv4]
address1=192.168.1.135/24,192.168.1.1
dns-search=mydomen.su;
method=manual
[ipv6]
addr-gen-mode=eui64
method=disabled
[proxy]
///////////////log
2024-01-05 22:03:57,977:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer <certbot._internal.cli.cli_utils._Default object at 0x7f0529f42b20>
2024-01-05 22:03:58,037:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2024-01-05 22:03:58,266:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2024-01-05 22:03:58,268:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/mydomen.su/cert1.pem is signed by the certificate's issuer.
2024-01-05 22:03:58,269:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/mydomen.su/cert1.pem is: OCSPCertStatus.GOOD
2024-01-05 22:03:58,274:INFO:certbot._internal.renewal:Cert not yet due for renewal
2024-01-05 22:03:58,274:INFO:certbot._internal.main:Keeping the existing certificate
2024-01-05 22:03:58,274:DEBUG:certbot.display.util:Notifying user: Certificate not yet due for renewal; no action taken.
Есть мысли как починить?
Re: ssl сервисов alma9.3
Cертификат не может быть сгенерирован при блокировке по geoip
Re: ssl сервисов alma9.3
Получается , что из рф не сгенерируешь?
Я правильно понял.?
Я правильно понял.?
Re: ssl сервисов alma9.3
Если letcenscript сервис не увидит отданный контент, генерация не возможна.
Re: ssl сервисов alma9.3
я не понял, извините.
Что нужно сделать?
Что нужно сделать?
Re: ssl сервисов alma9.3
Вы не пишите ваш домен, чтобы проверить
Re: ssl сервисов alma9.3
Проверьте tucky.su
Последний раз редактировалось pomoyka Сб фев 10, 2024 1:00 pm, всего редактировалось 1 раз.
Re: ssl сервисов alma9.3
В данный момент, включено проскированние. Серт летсен не генерируется с включенным проксированием.
Покажите весь лог /var/log/letsencrypt/
Покажите весь лог /var/log/letsencrypt/
Re: ssl сервисов alma9.3
"Серт летсен не генерируется с включенным проксированием." -это я в курсе
На время генерации cloudflare отключался
2024-01-08 20:17:05,208:DEBUG:certbot._internal.main:certbot version: 1.14.0
2024-01-08 20:17:05,208:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2024-01-08 20:17:05,208:DEBUG:certbot._internal.main:Arguments: ['--register-unsafely-without-email', '--agree-tos', '--webroot-path', '/var/www/html', '--webroot', '-n', '-d', 'Kentucky.su']
2024-01-08 20:17:05,208:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-cloudflare,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-01-08 20:17:05,225:DEBUG:certbot._internal.log:Root logging level set at 20
2024-01-08 20:17:05,225:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2024-01-08 20:17:05,226:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2024-01-08 20:17:05,229:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fd1f3206130>
Prep: True
2024-01-08 20:17:05,230:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fd1f3206130> and installer None
2024-01-08 20:17:05,230:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2024-01-08 20:17:05,281:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/ac ... 1421342886', new_authzr_uri=None, terms_of_service=None), 9fd34596e2e591d30cf8d5f74010cdce, Meta(creation_dt=datetime.datetime(2023, 11, 18, 18, 52, 33, tzinfo=<UTC>), creation_host='Kentucky.su', register_to_eff=None))>
2024-01-08 20:17:05,282:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-01-08 20:17:05,283:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-01-08 20:17:05,998:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2024-01-08 20:17:05,999:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 08 Jan 2024 17:17:05 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"WOmLs1D5qBE": "https://community.letsencrypt.org/t/add ... tory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA ... 1-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/dr ... newalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-01-08 20:17:06,043:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer <certbot._internal.cli.cli_utils._Default object at 0x7fd1f2cb7a90>
2024-01-08 20:17:06,109:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2024-01-08 20:17:06,760:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2024-01-08 20:17:06,762:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/kentucky.su/cert1.pem is signed by the certificate's issuer.
2024-01-08 20:17:06,764:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/kentucky.su/cert1.pem is: OCSPCertStatus.GOOD
2024-01-08 20:17:06,769:INFO:certbot._internal.renewal:Cert not yet due for renewal
2024-01-08 20:17:06,769:INFO:certbot._internal.main:Keeping the existing certificate
2024-01-08 20:17:06,769:DEBUG:certbot.display.util:Notifying user: Certificate not yet due for renewal; no action taken.
На время генерации cloudflare отключался
2024-01-08 20:17:05,208:DEBUG:certbot._internal.main:certbot version: 1.14.0
2024-01-08 20:17:05,208:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2024-01-08 20:17:05,208:DEBUG:certbot._internal.main:Arguments: ['--register-unsafely-without-email', '--agree-tos', '--webroot-path', '/var/www/html', '--webroot', '-n', '-d', 'Kentucky.su']
2024-01-08 20:17:05,208:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#dns-cloudflare,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-01-08 20:17:05,225:DEBUG:certbot._internal.log:Root logging level set at 20
2024-01-08 20:17:05,225:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2024-01-08 20:17:05,226:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2024-01-08 20:17:05,229:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fd1f3206130>
Prep: True
2024-01-08 20:17:05,230:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fd1f3206130> and installer None
2024-01-08 20:17:05,230:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2024-01-08 20:17:05,281:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/ac ... 1421342886', new_authzr_uri=None, terms_of_service=None), 9fd34596e2e591d30cf8d5f74010cdce, Meta(creation_dt=datetime.datetime(2023, 11, 18, 18, 52, 33, tzinfo=<UTC>), creation_host='Kentucky.su', register_to_eff=None))>
2024-01-08 20:17:05,282:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-01-08 20:17:05,283:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-01-08 20:17:05,998:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2024-01-08 20:17:05,999:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 08 Jan 2024 17:17:05 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"WOmLs1D5qBE": "https://community.letsencrypt.org/t/add ... tory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA ... 1-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/dr ... newalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-01-08 20:17:06,043:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer <certbot._internal.cli.cli_utils._Default object at 0x7fd1f2cb7a90>
2024-01-08 20:17:06,109:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2024-01-08 20:17:06,760:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2024-01-08 20:17:06,762:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/kentucky.su/cert1.pem is signed by the certificate's issuer.
2024-01-08 20:17:06,764:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/kentucky.su/cert1.pem is: OCSPCertStatus.GOOD
2024-01-08 20:17:06,769:INFO:certbot._internal.renewal:Cert not yet due for renewal
2024-01-08 20:17:06,769:INFO:certbot._internal.main:Keeping the existing certificate
2024-01-08 20:17:06,769:DEBUG:certbot.display.util:Notifying user: Certificate not yet due for renewal; no action taken.
Re: ssl сервисов alma9.3
еще такой вопрос.
Hostname сервера = домен одного из сайтов? к примеру mydomen.ru
т.е хостнейм должен указывать на один из присутствующих сайтов в панеле?
Hostname сервера = домен одного из сайтов? к примеру mydomen.ru
т.е хостнейм должен указывать на один из присутствующих сайтов в панеле?