我必须更新电子邮件证书,但当我尝试手动更新时它不会更新。
root@ubuntu:/etc/postfix# certbot -d mail.gamesyap.com --manual --preferred-challenges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for mail.gamesyap.com
-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: y
-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.mail.gamesyap.com with the following value:
9He32h8kCKBOXp67WHh4e927qaSBeVoNxQXLTUqispA
Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mail.gamesyap.com (dns-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "hYExcCMnSyNbDeoO5-CM40CPD6BirJP_8yAKI29Chh8" found at _acme-challenge.mail.gamesyap.com
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mail.gamesyap.com
Type: unauthorized
Detail: Incorrect TXT record
"hYExcCMnSyNbDeoO5-CM40CPD6BirJP_8yAKI29Chh8" found at
_acme-challenge.mail.gamesyap.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
但证书更新不起作用。
有任何想法吗?
答案1
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mail.gamesyap.com
Type: unauthorized
Detail: Incorrect TXT record
"hYExcCMnSyNbDeoO5-CM40CPD6BirJP_8yAKI29Chh8" found at
_acme-challenge.mail.gamesyap.com
这部分说确切地错误是什么。
验证过程预期找到9He32h8kCKBOXp67WHh4e927qaSBeVoNxQXLTUqispA
,但实际上找到hYExcCMnSyNbDeoO5-CM40CPD6BirJP_8yAKI29Chh8
。您是否确实按照屏幕上的说明进行操作并更新了 TXT 记录?如果没有,那么这就是问题所在。
如果您按照屏幕上的说明更新了 TXT 记录,则您将其设置为错误的值,或者您的 DNS 提供商存在问题。
您可以使用以下方式手动验证记录dig
:
[~]$ dig +short txt _acme-challenge.mail.gamesyap.com
"hYExcCMnSyNbDeoO5-CM40CPD6BirJP_8yAKI29Chh8"
[~]$
dig
是软件包的一部分dnsutils
,可以使用sudo apt-get install dnsutils
请注意,每次运行 certbot 时,挑战代码都会是一个新的。