acme.sh使用某云dns申请Let'sEncrypt证书时遇到的大坑
这几天一直在折腾acme.sh使用某云dns申请Let'sEncrypt证书
通宵熬夜几天都没有成功,其中测试过无数次都是出现了下面的错误
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[Fri Jul 17 19:29:44 CST 2020] Multi domain='DNS:vpslala.com,DNS:www.vpslala.com'
[Fri Jul 17 19:29:44 CST 2020] Getting domain auth token for each domain
[Fri Jul 17 19:29:50 CST 2020] Getting webroot for domain='vpslala.com'
[Fri Jul 17 19:29:50 CST 2020] Getting webroot for domain='www.vpslala.com'
[Fri Jul 17 19:29:50 CST 2020] Adding txt value: nXWMkEl9t_e9hAej_FbE for domain: _acme-challenge.vpslala.com
[Fri Jul 17 19:29:52 CST 2020] The txt record is added: Success.
[Fri Jul 17 19:29:52 CST 2020] Adding txt value: x34vN7x9xWk-C1ayD9vcfbc for domain: _acme-challenge.www.vpslala.com
[Fri Jul 17 19:29:55 CST 2020] The txt record is added: Success.
[Fri Jul 17 19:29:55 CST 2020] Let's check each DNS record now. Sleep 20 seconds first.
[Fri Jul 17 19:30:16 CST 2020] Checking vpslala.com for _acme-challenge.vpslala.com
[Fri Jul 17 19:30:20 CST 2020] Not valid yet, let's wait 10 seconds and check next one.
[Fri Jul 17 19:30:32 CST 2020] Checking www.vpslala.com for _acme-challenge.www.vpslala.com
[Fri Jul 17 19:30:36 CST 2020] Not valid yet, let's wait 10 seconds and check next one.
[Fri Jul 17 19:30:48 CST 2020] Let's wait 10 seconds and check again.
[Fri Jul 17 19:30:59 CST 2020] Checking vpslala.com for _acme-challenge.vpslala.com
[Fri Jul 17 19:31:02 CST 2020] Not valid yet, let's wait 10 seconds and check next one.
[Fri Jul 17 19:31:14 CST 2020] Checking www.vpslala.com for _acme-challenge.www.vpslala.com
[Fri Jul 17 19:31:17 CST 2020] Not valid yet, let's wait 10 seconds and check next one.
[Fri Jul 17 19:31:30 CST 2020] Let's wait 10 seconds and check again.
[Fri Jul 17 19:31:41 CST 2020] Checking vpslala.com for _acme-challenge.vpslala.com
[Fri Jul 17 19:31:45 CST 2020] Not valid yet, let's wait 10 seconds and check next one.
[Fri Jul 17 19:31:56 CST 2020] Checking www.vpslala.com for _acme-challenge.www.vpslala.com
[Fri Jul 17 19:31:59 CST 2020] Not valid yet, let's wait 10 seconds and check next one.
[Fri Jul 17 19:32:11 CST 2020] Let's wait 10 seconds and check again.
[Fri Jul 17 19:32:22 CST 2020] Checking vpslala.com for _acme-challenge.vpslala.com
[Fri Jul 17 19:32:25 CST 2020] Not valid yet, let's wait 10 seconds and check next one.
烦透了,当你遇到重复的错误而又没有解决问题时真的烦透了
后来通过测试同样实在某云的其中一个域名使用acme.sh申请Let'sEncrypt证书
是没有问题的,测试好几次都成功了,那么唯独为什么就是这个域名不行了
后来看了一下两个域名的不同之处。。。
恍然大悟,,,MD,该死的域名DNSSEC
马上关闭域名DNSSEC,成功的使用某云dns申请Let'sEncrypt证书。。。
域名DNSSEC 域名系统安全扩展(DNS Security Extensions),简称域名DNSSEC。开启域名DNSSEC,可有效防止DNS欺骗和缓存污染等攻击。它是通过数字签名来保证DNS应答报文的真实性和完整性,能够保护用户不被重定向到非预期地址,从而提高用户对互联网的信任,并保护您的核心业务。
不太明白,使用cloudflare的dns并开启域名DNSSEC,并使用acme.sh 的dns api申请证书是没问题的
而使用某云的dns并开启域名DNSSEC就死活申请不了Let'sEncrypt证书
---------------------------------------------------------------------------------
最新修改,目前问题已经解决,需要手动添加CAA指向
非常感谢某云的客服热心帮助解决问题,同时也为某云的服务水准大大的点赞。。。谢谢他们。
💘 相关文章
- Use acme.sh Let's Encrypt Let's wait 10 seconds and check again
- 解決使用acme.sh申请zerossl证书出现timeout的解决方法
- acme.sh The domain is not a cert name解决方法
- 在openlitespeed下配置acme.sh脚本证书折腾了两天
- 原來DNS也會導致網絡的延遲增高
- 轉載:MikroTik RouterOS利用DNS配合防火牆攔截廣告
- acme.sh Not valid yet, let's wait 10 seconds and check next one的解决方法
- 警惕,不要再用某个老牌的Dns服务器了
- dns服务器添加CAA验证配置过程
- 快速刷新各系统的DNS缓存