admin avatar

acme.sh使用某云dns申请Let'sEncrypt证书时遇到的大坑

🕧 by admin

这几天一直在折腾acme.sh使用某云dns申请Let'sEncrypt证书

通宵熬夜几天都没有成功,其中测试过无数次都是出现了下面的错误

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[Fri Jul 17 19:29:44 CST 2020] Multi domain='DNS:vpslala.com,DNS:www.vpslala.com'
[Fri Jul 17 19:29:44 CST 2020] Getting domain auth token for each domain
[Fri Jul 17 19:29:50 CST 2020] Getting webroot for domain='vpslala.com'
[Fri Jul 17 19:29:50 CST 2020] Getting webroot for domain='www.vpslala.com'
[Fri Jul 17 19:29:50 CST 2020] Adding txt value: nXWMkEl9t_e9hAej_FbE for domain:  _acme-challenge.vpslala.com
[Fri Jul 17 19:29:52 CST 2020] The txt record is added: Success.
[Fri Jul 17 19:29:52 CST 2020] Adding txt value: x34vN7x9xWk-C1ayD9vcfbc for domain:  _acme-challenge.www.vpslala.com
[Fri Jul 17 19:29:55 CST 2020] The txt record is added: Success.
[Fri Jul 17 19:29:55 CST 2020] Let's check each DNS record now. Sleep 20 seconds first.
[Fri Jul 17 19:30:16 CST 2020] Checking vpslala.com for _acme-challenge.vpslala.com
[Fri Jul 17 19:30:20 CST 2020] Not valid yet, let's wait 10 seconds and check next one.
[Fri Jul 17 19:30:32 CST 2020] Checking www.vpslala.com for _acme-challenge.www.vpslala.com
[Fri Jul 17 19:30:36 CST 2020] Not valid yet, let's wait 10 seconds and check next one.
[Fri Jul 17 19:30:48 CST 2020] Let's wait 10 seconds and check again.
[Fri Jul 17 19:30:59 CST 2020] Checking vpslala.com for _acme-challenge.vpslala.com
[Fri Jul 17 19:31:02 CST 2020] Not valid yet, let's wait 10 seconds and check next one.
[Fri Jul 17 19:31:14 CST 2020] Checking www.vpslala.com for _acme-challenge.www.vpslala.com
[Fri Jul 17 19:31:17 CST 2020] Not valid yet, let's wait 10 seconds and check next one.
[Fri Jul 17 19:31:30 CST 2020] Let's wait 10 seconds and check again.
[Fri Jul 17 19:31:41 CST 2020] Checking vpslala.com for _acme-challenge.vpslala.com
[Fri Jul 17 19:31:45 CST 2020] Not valid yet, let's wait 10 seconds and check next one.
[Fri Jul 17 19:31:56 CST 2020] Checking www.vpslala.com for _acme-challenge.www.vpslala.com
[Fri Jul 17 19:31:59 CST 2020] Not valid yet, let's wait 10 seconds and check next one.
[Fri Jul 17 19:32:11 CST 2020] Let's wait 10 seconds and check again.
[Fri Jul 17 19:32:22 CST 2020] Checking vpslala.com for _acme-challenge.vpslala.com
[Fri Jul 17 19:32:25 CST 2020] Not valid yet, let's wait 10 seconds and check next one.

烦透了,当你遇到重复的错误而又没有解决问题时真的烦透了

后来通过测试同样实在某云的其中一个域名使用acme.sh申请Let'sEncrypt证书

是没有问题的,测试好几次都成功了,那么唯独为什么就是这个域名不行了

后来看了一下两个域名的不同之处。。。

恍然大悟,,,MD,该死的域名DNSSEC

马上关闭域名DNSSEC,成功的使用某云dns申请Let'sEncrypt证书。。。

域名DNSSEC 域名系统安全扩展(DNS Security Extensions),简称域名DNSSEC。开启域名DNSSEC,可有效防止DNS欺骗和缓存污染等攻击。它是通过数字签名来保证DNS应答报文的真实性和完整性,能够保护用户不被重定向到非预期地址,从而提高用户对互联网的信任,并保护您的核心业务。

不太明白,使用cloudflare的dns并开启域名DNSSEC,并使用acme.sh 的dns api申请证书是没问题的

而使用某云的dns并开启域名DNSSEC就死活申请不了Let'sEncrypt证书

---------------------------------------------------------------------------------

最新修改,目前问题已经解决,需要手动添加CAA指向

非常感谢某云的客服热心帮助解决问题,同时也为某云的服务水准大大的点赞。。。谢谢他们。

💘 相关文章

写一条评论