让我们加密邮件上的证书更新失败

让我们加密邮件上的证书更新失败

我必须更新电子邮件证书,但当我尝试手动更新时它不会更新。

root@ubuntu:/etc/postfix# certbot -d mail.gamesyap.com --manual --preferred-challenges dns certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for mail.gamesyap.com

-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: y

-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.mail.gamesyap.com with the following value:

9He32h8kCKBOXp67WHh4e927qaSBeVoNxQXLTUqispA

Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mail.gamesyap.com (dns-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect TXT record "hYExcCMnSyNbDeoO5-CM40CPD6BirJP_8yAKI29Chh8" found at _acme-challenge.mail.gamesyap.com

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mail.gamesyap.com
   Type:   unauthorized
   Detail: Incorrect TXT record
   "hYExcCMnSyNbDeoO5-CM40CPD6BirJP_8yAKI29Chh8" found at
   _acme-challenge.mail.gamesyap.com

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

但证书更新不起作用。

有任何想法吗?

答案1

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mail.gamesyap.com
   Type:   unauthorized
   Detail: Incorrect TXT record
   "hYExcCMnSyNbDeoO5-CM40CPD6BirJP_8yAKI29Chh8" found at
   _acme-challenge.mail.gamesyap.com

这部分说确切地错误是什么。

验证过程预期找到9He32h8kCKBOXp67WHh4e927qaSBeVoNxQXLTUqispA,但实际上找到hYExcCMnSyNbDeoO5-CM40CPD6BirJP_8yAKI29Chh8。您是否确实按照屏幕上的说明进行操作并更新了 TXT 记录?如果没有,那么这就是问题所在。

如果您按照屏幕上的说明更新了 TXT 记录,则您将其设置为错误的值,或者您的 DNS 提供商存在问题。

您可以使用以下方式手动验证记录dig

[~]$ dig +short txt _acme-challenge.mail.gamesyap.com
"hYExcCMnSyNbDeoO5-CM40CPD6BirJP_8yAKI29Chh8"
[~]$ 

dig是软件包的一部分dnsutils,可以使用sudo apt-get install dnsutils

请注意,每次运行 certbot 时,挑战代码都会是一个新的。

相关内容