Я пытался получить сертификат SSL для сайта, используя LetsEncrypt, «бесплатный, автоматизированный и открытый центр сертификации (ЦС), работающий на благо общества». Существует сценарий оболочки ACME, который призван упростить процесс использования LetsEncrypts API для получения сертификата SSL. Один из их методов требует, чтобы вы указали свое доменное имя и корневой веб-каталог вашего приложения.
acme.sh --issue -d example.com -w /home/wwwroot/example.com
Однако, когда я пытаюсь ввести эту команду, она говорит, что не удалось проверить домен. Я добавил к команде скрипта флаг --debug и получил его, но не уверен, в чем проблема.
[Mon Sep 11 05:05:01 UTC 2017] Using config home:/home/doc4design/.acme.sh
[Mon Sep 11 05:05:01 UTC 2017] DOMAIN_PATH='/home/doc4design/.acme.sh/doc4design.com'
[Mon Sep 11 05:05:01 UTC 2017] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Mon Sep 11 05:05:01 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Mon Sep 11 05:05:01 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Mon Sep 11 05:05:01 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:01 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Mon Sep 11 05:05:01 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Mon Sep 11 05:05:01 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Mon Sep 11 05:05:01 UTC 2017] Le_NextRenewTime
[Mon Sep 11 05:05:01 UTC 2017] _on_before_issue
[Mon Sep 11 05:05:01 UTC 2017] Le_LocalAddress
[Mon Sep 11 05:05:01 UTC 2017] Check for domain='doc4design.com'
[Mon Sep 11 05:05:02 UTC 2017] _currentRoot='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:02 UTC 2017] _saved_account_key_hash is not changed, skip register account.
[Mon Sep 11 05:05:02 UTC 2017] Read key length:
[Mon Sep 11 05:05:02 UTC 2017] _createcsr
[Mon Sep 11 05:05:02 UTC 2017] Single domain='doc4design.com'
[Mon Sep 11 05:05:02 UTC 2017] Getting domain auth token for each domain
[Mon Sep 11 05:05:02 UTC 2017] Getting webroot for domain='doc4design.com'
[Mon Sep 11 05:05:02 UTC 2017] _w='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:02 UTC 2017] _currentRoot='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:02 UTC 2017] Getting new-authz for domain='doc4design.com'
[Mon Sep 11 05:05:02 UTC 2017] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Mon Sep 11 05:05:02 UTC 2017] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Mon Sep 11 05:05:02 UTC 2017] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Mon Sep 11 05:05:02 UTC 2017] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Mon Sep 11 05:05:02 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Mon Sep 11 05:05:02 UTC 2017] Try new-authz for the 0 time.
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "doc4design.com"}}'
[Mon Sep 11 05:05:02 UTC 2017] RSA key
[Mon Sep 11 05:05:02 UTC 2017] GET
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Mon Sep 11 05:05:02 UTC 2017] timeout
[Mon Sep 11 05:05:02 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:02 UTC 2017] ret='0'
[Mon Sep 11 05:05:02 UTC 2017] POST
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:03 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] code='201'
[Mon Sep 11 05:05:03 UTC 2017] The new-authz request is ok.
[Mon Sep 11 05:05:03 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012","token":"jSwY3$
[Mon Sep 11 05:05:03 UTC 2017] token='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c'
[Mon Sep 11 05:05:03 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] keyauthorization='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM'
[Mon Sep 11 05:05:03 UTC 2017] dvlist='doc4design.com#jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM#https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i$
[Mon Sep 11 05:05:03 UTC 2017] vlist='doc4design.com#jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM#https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3$
[Mon Sep 11 05:05:03 UTC 2017] ok, let's start to verify
[Mon Sep 11 05:05:03 UTC 2017] Verifying:doc4design.com
[Mon Sep 11 05:05:03 UTC 2017] d='doc4design.com'
[Mon Sep 11 05:05:03 UTC 2017] keyauthorization='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM'
[Mon Sep 11 05:05:03 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] _currentRoot='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:02 UTC 2017] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Mon Sep 11 05:05:02 UTC 2017] Try new-authz for the 0 time.
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "doc4design.com"}}'
[Mon Sep 11 05:05:02 UTC 2017] RSA key
[Mon Sep 11 05:05:02 UTC 2017] GET
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/directory'
[Mon Sep 11 05:05:02 UTC 2017] timeout
[Mon Sep 11 05:05:02 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:02 UTC 2017] ret='0'
[Mon Sep 11 05:05:02 UTC 2017] POST
[Mon Sep 11 05:05:02 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Mon Sep 11 05:05:02 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:03 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] code='201'
[Mon Sep 11 05:05:03 UTC 2017] The new-authz request is ok.
[Mon Sep 11 05:05:03 UTC 2017] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012","token":"jSwY3$
[Mon Sep 11 05:05:03 UTC 2017] token='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c'
[Mon Sep 11 05:05:03 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] keyauthorization='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM'
[Mon Sep 11 05:05:03 UTC 2017] dvlist='doc4design.com#jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM#https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i$
[Mon Sep 11 05:05:03 UTC 2017] vlist='doc4design.com#jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM#https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3$
[Mon Sep 11 05:05:03 UTC 2017] ok, let's start to verify
[Mon Sep 11 05:05:03 UTC 2017] Verifying:doc4design.com
[Mon Sep 11 05:05:03 UTC 2017] d='doc4design.com'
[Mon Sep 11 05:05:03 UTC 2017] keyauthorization='jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM'
[Mon Sep 11 05:05:03 UTC 2017] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] _currentRoot='/home/doc4design/webapps/django_2016/doc4_2016'
[Mon Sep 11 05:05:03 UTC 2017] wellknown_path='/home/doc4design/webapps/django_2016/doc4_2016/.well-known/acme-challenge'
[Mon Sep 11 05:05:03 UTC 2017] writing token:jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c to /home/doc4design/webapps/django_2016/doc4_2016/.well-known/acme-challenge/jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8C$
[Mon Sep 11 05:05:03 UTC 2017] Changing owner/group of .well-known to doc4design:doc4design
[Mon Sep 11 05:05:03 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM"}'
[Mon Sep 11 05:05:03 UTC 2017] POST
[Mon Sep 11 05:05:03 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:03 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] code='202'
[Mon Sep 11 05:05:03 UTC 2017] sleep 2 secs to verify
[Mon Sep 11 05:05:05 UTC 2017] checking
[Mon Sep 11 05:05:05 UTC 2017] GET
[Mon Sep 11 05:05:05 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:05 UTC 2017] timeout
[Mon Sep 11 05:05:05 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:06 UTC 2017] ret='0'
[Mon Sep 11 05:05:06 UTC 2017] doc4design.com:Verify error:Invalid response from http://doc4design.com/.well-known/acme-challenge/jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c:
[Mon Sep 11 05:05:06 UTC 2017] pid
[Mon Sep 11 05:05:06 UTC 2017] No need to restore nginx, skip.
[Mon Sep 11 05:05:06 UTC 2017] _clearupdns
[Mon Sep 11 05:05:06 UTC 2017] skip dns.
[Mon Sep 11 05:05:06 UTC 2017] _on_issue_err
[Mon Sep 11 05:05:06 UTC 2017] Please check log file for more details: /home/doc4design/.acme.sh/acme.sh.log
[Mon Sep 11 05:05:06 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:06 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM"}'
[Mon Sep 11 05:05:06 UTC 2017] POST
[Mon Sep 11 05:05:06 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:06 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:06 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] Changing owner/group of .well-known to doc4design:doc4design
[Mon Sep 11 05:05:03 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM"}'
[Mon Sep 11 05:05:03 UTC 2017] POST
[Mon Sep 11 05:05:03 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:03 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:03 UTC 2017] _ret='0'
[Mon Sep 11 05:05:03 UTC 2017] code='202'
[Mon Sep 11 05:05:03 UTC 2017] sleep 2 secs to verify
[Mon Sep 11 05:05:05 UTC 2017] checking
[Mon Sep 11 05:05:05 UTC 2017] GET
[Mon Sep 11 05:05:05 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:05 UTC 2017] timeout
[Mon Sep 11 05:05:05 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:06 UTC 2017] ret='0'
[Mon Sep 11 05:05:06 UTC 2017] doc4design.com:Verify error:Invalid response from http://doc4design.com/.well-known/acme-challenge/jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c:
[Mon Sep 11 05:05:06 UTC 2017] pid
[Mon Sep 11 05:05:06 UTC 2017] No need to restore nginx, skip.
[Mon Sep 11 05:05:06 UTC 2017] _clearupdns
[Mon Sep 11 05:05:06 UTC 2017] skip dns.
[Mon Sep 11 05:05:06 UTC 2017] _on_issue_err
[Mon Sep 11 05:05:06 UTC 2017] Please check log file for more details: /home/doc4design/.acme.sh/acme.sh.log
[Mon Sep 11 05:05:06 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:06 UTC 2017] payload='{"resource": "challenge", "keyAuthorization": "jSwY3zdodjpOfh1m6iz1SWNZFFSKnfqdkzj8Cc6Dl2c.KZ04ehApOrSMwkeVbG2UT-klFpwOPf_pDEdqVcHf4XM"}'
[Mon Sep 11 05:05:06 UTC 2017] POST
[Mon Sep 11 05:05:06 UTC 2017] url='https://acme-v01.api.letsencrypt.org/acme/challenge/7hHtQgJ6i3H5IplHkU8zq-2n6TVLuUuhN5K9M71nZ8I/1959333012'
[Mon Sep 11 05:05:06 UTC 2017] _CURL='curl -L --silent --dump-header /home/doc4design/.acme.sh/http.header '
[Mon Sep 11 05:05:06 UTC 2017] _ret='0'
[Mon Sep 11 05:05:06 UTC 2017] code='400'
Может ли кто-нибудь, кто знаком с LetsEncrypt, пролить свет на то, почему LetsEncrypt не может подтвердить мой сайт и выдать мне сертификат SSL?