![Certbot 失败:ssl.SSLError:[X509] 未找到证书或 crl(_ssl.c:3732)](https://linux22.com/image/754823/Certbot%20%E5%A4%B1%E8%B4%A5%EF%BC%9Assl.SSLError%EF%BC%9A%5BX509%5D%20%E6%9C%AA%E6%89%BE%E5%88%B0%E8%AF%81%E4%B9%A6%E6%88%96%20crl%EF%BC%88_ssl.c%3A3732%EF%BC%89.png)
这是最近的Let's Encrypt 社区论坛主题这帮助我缓解了这个问题。我在这里添加它,因为它可能会影响更多用户。
我有一台服务器,目前有三个网站使用 Let's Encrypt。这些证书可以顺利续订。现在我想为第四个新网站生成证书。这是我得到的结果:
certbot --apache certonly -w /path/to/docroot/ -d subdomain.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
An unexpected error occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 313, in ssl_wrap_socket
context.load_verify_locations(ca_certs, ca_cert_dir)
ssl.SSLError: [X509] no certificate or crl found (_ssl.c:3732)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 601, in urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 852, in _validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 326, in connect
ssl_context=context)
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 315, in ssl_wrap_socket
raise SSLError(e)
urllib3.exceptions.SSLError: [X509] no certificate or crl found (_ssl.c:3732)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 440, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 398, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError(185090184, '[X509] no certificate or crl found (_ssl.c:3732)'),))
During handling of the above exception, another exception occurred:
requests.exceptions.SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError(185090184, '[X509] no certificate or crl found (_ssl.c:3732)'),))
Please see the logfiles in /var/log/letsencrypt for more details.
这是在 Ubuntu 18.04 上。我不确定发生了什么。
答案1
为了缓解,您基本上必须卸载“ca-certificates”以及“certbot”,然后重新安装它们。
情况:
certbot --apache certonly -w /path/to/docroot/ -d subdomain.example.com
--> 失败 :(
测试:
curl -I https://www.gnu.org/
--> 失败 :(
解决步骤一:
sudo apt remove ca-certificates
sudo apt install ca-certificates
测试:
curl -I https://www.gnu.org/
--> 有效 :)
解决方案第二步(Apache 用户):
sudo apt install certbot python3-certbot-apache
解决方案第二步(Nginx 用户):
sudo apt install certbot python3-certbot-nginx
结果:
certbot --apache certonly -w /path/to/docroot/ -d subdomain.example.com
--> 有效 :)
感谢 Let's Encrypt 社区的大力帮助!他们太棒了!