我有一台 Ubuntu 14.04 Trust 服务器,其中有一个使用 Apache 2.4 服务的 Django 应用。我已使用 SSL 证书设置了 Let's Encrypt。证书已安装,但将在 17 天后过期。/root/certbot-auto renew --apache出现以下错误,并且证书未续订:
我在这台机器上有 3 个网站(site1.org、、 ) www.site2.com,site3.ie并使用 lets 加密,其中只有其中一个坏了?
# /root/certbot-auto renew --apache
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/site1.org.conf
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/www.site2.com.conf
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/site3.ie.conf
------------------------------------------------------------------------------
2016-09-27 10:13:38,702:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/site3.ie.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(('There has been an error in parsing the file (%s): %s', u'/etc/apache2/sites-available/certbot.log', u'Syntax error'),). Skipping.
The following certs are not due for renewal yet:
/etc/letsencrypt/live/site1.org/fullchain.pem (skipped)
/etc/letsencrypt/live/www.site2.com/fullchain.pem (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/site3.ie/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
错误日志中提到的文件:
# cat /etc/apache2/sites-available/certbot.log
Traceback (most recent call last):
File "/home/rory/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 703, in main
args = cli.prepare_and_parse_args(plugins, cli_args)
File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py", line 858, in prepare_and_parse_args
return helpful.parse_args()
File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py", line 362, in parse_args
parsed_args = self.parser.parse_args(self.args)
File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/configargparse.py", line 216, in parse_args
env_vars = env_vars)
File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/configargparse.py", line 349, in parse_known_args
self, args=args, namespace=namespace)
File "/usr/lib/python2.7/argparse.py", line 1722, in parse_known_args
namespace, args = self._parse_known_args(args, namespace)
File "/usr/lib/python2.7/argparse.py", line 1928, in _parse_known_args
start_index = consume_optional(start_index)
File "/usr/lib/python2.7/argparse.py", line 1868, in consume_optional
take_action(action, args, option_string)
File "/usr/lib/python2.7/argparse.py", line 1796, in take_action
action(self, namespace, argument_values, option_string)
File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py", line 988, in __call__
add_domains(namespace, domain)
File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py", line 1008, in add_domains
domain = util.enforce_domain_sanity(domain.strip())
File "/home/rory/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/util.py", line 433, in enforce_domain_sanity
.format(domain))
ConfigurationError: Requested domain site1.org www.site3.org is not a FQDN
有趣的是它无法续订site3.ie,但错误消息是关于的site1.org。看起来它以某种方式site1.org wwww.site1.org在字符串中同时包含两个域(),而它只需要一个域??
我曾尝试进行 grep /etc/letsencrypt,但没有看到任何明显的内容。
我今天下载了 certbot-auto
# /root/certbot-auto --version
letsencrypt 0.8.1
我怎样才能解决这个问题?
答案1
我已经解决了这个问题。
如果你仔细看,你会发现它certbot-auto正在抱怨文件/etc/apache2/sites-available/certbot.log。为什么里面有一个certbot.log文件/etc/apache2/sites-available/?我不知道。但它不应该在那里。我认为 certbot 正在尝试将该文件解析为 apache 配置文件,但失败了(因此出现该SyntaxError消息)。我把那个文件移开了,certbot auto 就可以正常工作了。
我在设置 certbot 并使用 2 个域运行时一定犯了一个错误。我推测我的 cwd 是错误的/etc/apache2/sites-available/,所以 certbotcertbot.log在那里放了一个文件。这导致 certbot 的进一步运行中断。
这是一个错误,certbot-auto因为任何非 apache 配置文件/etc/apache2/sites-available/都会破坏 certbot。
答案2
事实上,问题似乎出在 apache 配置上,而不是 letsencrypt 上。可能,您在 ServerName 行中有两个域。此外,错误显示“site1.org www.site3.org 不是 FQDN”如果您没有 ASCII 空格,但有一些具有相同外观的 unicode 符号,则可以将其读作一个“域”。