当我使用此命令在 CentOS 7.6 上生成证书时:
acme.sh --issue --dns dns_cf -d poemhub.top -d *.poemhub.top -k ec-256
显示此错误:
[Sun Jul 11 23:09:28 CST 2021] Using CA: https://acme.zerossl.com/v2/DV90
[Sun Jul 11 23:09:29 CST 2021] Multi domain='DNS:poemhub.top,DNS:*.poemhub.top'
[Sun Jul 11 23:09:29 CST 2021] Getting domain auth token for each domain
[Sun Jul 11 23:09:30 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Sun Jul 11 23:09:31 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Sun Jul 11 23:09:31 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Sun Jul 11 23:09:31 CST 2021] Could not get nonce, let's try again.
[Sun Jul 11 23:09:34 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Sun Jul 11 23:09:35 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Sun Jul 11 23:09:35 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Sun Jul 11 23:09:35 CST 2021] Could not get nonce, let's try again.
[Sun Jul 11 23:09:39 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Sun Jul 11 23:09:39 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Sun Jul 11 23:09:39 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Sun Jul 11 23:09:39 CST 2021] Could not get nonce, let's try again.
[Sun Jul 11 23:09:44 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Sun Jul 11 23:09:44 CST 2021] Create new order error. Le_OrderFinalize not found.
[Sun Jul 11 23:09:44 CST 2021] Please add '--debug' or '--log' to check more details.
[Sun Jul 11 23:09:44 CST 2021] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
哪里出了问题,我应该做什么来解决它?我尝试升级最新版本的内容acme.sh:
[root@izbp19pke6x0v6ruecuy1yz poemhub.top_ecc]# acme.sh --upgrade
[Sun Jul 11 23:09:19 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35
[Sun Jul 11 23:09:21 CST 2021] Already uptodate!
[Sun Jul 11 23:09:21 CST 2021] Upgrade success!
答案1
您的curl 不正确支持SSL/TLS。
CURLE_SSL_CONNECT_ERROR (35)
SSL/TLS 握手过程中某处出现问题。您确实需要错误缓冲区并阅读其中的消息,因为它可以更准确地指出问题。可以是证书(文件格式、路径、权限)、密码等。
哪里出了问题,我应该做什么来解决它?
CentOS 7.6 是该发行版的一个非常旧的版本,也不受支持,并且很可能包含过时的 openssl/gnutls 库、curl 和 CA 存储的实现。您需要升级才能解决该问题。
请升级到 CentOS 7.9 或 RHEL 7.9,它们已经免费供个人使用相当长一段时间了。
答案2
今天我在安装了所有升级的 Debian 11 上遇到了同样的问题。它随机发生在不同的地方。我只是以很短的间隔一次又一次地重试。经过大约 5 次尝试,我可以获得证书。