一、Acme.sh 自动续期失败的症状
问题描述如下,续期的时候,提示如下错误:
root@dc:~# "/data/acme.sh"/acme.sh --cron --home "/data/acme.sh" > /dev/null
[Sun Nov 10 23:52:17 CST 2020] Error, can not get domain token entry example.com
[Sun Nov 10 23:52:17 CST 2020] Please check log file for more details: /data/acme.sh/acme.sh.log
[Sun Nov 10 23:52:17 CST 2020] Error renew example.com.
经过查看 log,错误日志如下:
[Sun Nov 10 23:52:14 CST 2020] GET
[Sun Nov 10 23:52:14 CST 2020] url='https://acme-v01.api.letsencrypt.org/directory'
[Sun Nov 10 23:52:14 CST 2020] timeout=
[Sun Nov 10 23:52:15 CST 2020] _CURL='curl -L --silent --dump-header /data/acme.sh/http.header -g '
[Sun Nov 10 23:52:15 CST 2020] ret='0'
[Sun Nov 10 23:52:15 CST 2020] Could not get nonce, let's try again.
[Sun Nov 10 23:52:17 CST 2020] The new-authz request is ok.
[Sun Nov 10 23:52:17 CST 2020] entry
[Sun Nov 10 23:52:17 CST 2020] Error, can not get domain token entry example.com
[Sun Nov 10 23:52:17 CST 2020] pid
[Sun Nov 10 23:52:17 CST 2020] No need to restore nginx, skip.
[Sun Nov 10 23:52:17 CST 2020] _clearupdns
[Sun Nov 10 23:52:17 CST 2020] skip dns.
[Sun Nov 10 23:52:17 CST 2020] _on_issue_err
[Sun Nov 10 23:52:17 CST 2020] Please check log file for more details: /data/acme.sh/acme.sh.log
[Sun Nov 10 23:52:17 CST 2020] Return code: 1
[Sun Nov 10 23:52:17 CST 2020] Error renew example.com.
[Sun Nov 10 23:52:17 CST 2020] ===End cron===
二、Acme.sh 自动续期失败的解决方法
网上搜了一堆文章之后,都没解决问题,最后在这篇文章中找到了问题所在:
https://community.letsencrypt.org/t/unable-to-issue-or-renew-certificates/102948
Your server is able to connect Letsencrypt, so that isn’t the problem.
But you use acme.sh. There are changes. First step: Update your acme.sh.
Yep, the nonce-problem:
Could not get nonce, let's try again.
An update is required.
所以,问题原因就是 acme.sh 版本太低,解决方法很简单,升级 acme.sh 即可:
升级 acme.sh 到最新版 :
acme.sh --upgrade
如果你不想手动升级, 可以开启自动升级:
acme.sh --upgrade --auto-upgrade
之后, acme.sh 就会自动保持更新了.
你也可以随时关闭自动更新:
acme.sh --upgrade --auto-upgrade 0
参考:https://github.com/Neilpang/acme.sh