2. 使用交流
  3. 证书在线申请错误,域名解析正常 可以正常访问

证书在线申请错误,域名解析正常 可以正常访问

melodic 2020-3-23 909







有大佬知道怎么解决吗。防火墙也是正常的

收藏的用户(0 X
正在加载信息~
最新回复 (3)
  • 虚竹 2020-3-23
    引用 2

    连接Let's Encrypt服务器超时。

    可用 curl 命令先测试下连通性:
    curl -v https://acme-v02.api.letsencrypt.org/

  • melodic 2020-3-23
    引用 3

    通的

    * About to connect() to acme-v02.api.letsencrypt.org port 443 (#0)
*   Trying 172.65.32.248...
* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate:
*       subject: CN=acme-v01.api.letsencrypt.org
*       start date: Jan 12 18:06:08 2020 GMT
*       expire date: Apr 11 18:06:08 2020 GMT
*       common name: acme-v01.api.letsencrypt.org
*       issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: acme-v02.api.letsencrypt.org
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx
< Date: Mon, 23 Mar 2020 04:31:23 GMT
< Content-Type: text/html
< Content-Length: 2174
< Last-Modified: Mon, 25 Feb 2019 20:15:27 GMT
< Connection: keep-alive
< ETag: "5c744cdf-87e"
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=604800
< 
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="viewport" content=
  "width=device-width, initial-scale=1">

  <title>Boulder: The Let's Encrypt CA</title>
  <link href=
  "//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css"
  rel="stylesheet" type="text/css">
  <link href=
  "//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css"
  rel="stylesheet" type="text/css">
</head>

<body>
  <div class="container-fluid">
    <div class="row">
      <div class="col-xs-6 text-right">
        <p style="font-size: 90px;">
        <i class="fa fa-barcode"></i></p>
      </div>

      <div class="col-xs-6 text-left">
        <h1>Boulder<br>
        <small>The Let's Encrypt CA</small></h1>
      </div>
    </div>

    <div class="row">
      <div class="col-xs-8 col-xs-offset-2 text-center">
        <h3>This is an <a href="https://github.com/letsencrypt/acme-spec/">ACME</a> Certificate Authority running <a href="https://github.com/letsencrypt/boulder">Boulder</a>.</h3>
        <p>This is a <em>programmatic</em> endpoint, an API for a computer to talk to. You should probably be using a specialized client to utilize the service, and not your web browser. See <a href="https://letsencrypt.org/"><tt>https://letsencrypt.org/</tt></a> for help.</p>
        <p>If you're trying to use this service, note that the starting point, <em>the directory</em>, is available at this URL: <a href="https://acme-v02.api.letsencrypt.org/directory"><tt>https://acme-v02.api.letsencrypt.org/directory</a></tt>.</p>
      </div>
    </div>
    <div class="row">
      <div class="col-xs-4 col-xs-offset-2 text-center">
        <p><a href="https://letsencrypt.status.io" title="Twitter">
          <i class="fa fa-area-chart"></i>
          Service Status (letsencrypt.status.io)
        </a></p>
      </div>
      <div class="col-xs-4 text-center">
        <p><a href="https://twitter.com/letsencrypt" title="Twitter">
          <i class="fa fa-twitter"></i>
          Check with us on Twitter
        </a></p>
      </div>
    </div> <!-- row -->
  </div>


</body>
</html>
* Connection #0 to host acme-v02.api.letsencrypt.org left intact
  • 虚竹 2020-3-23
    引用 4
    如果你服务器连接let's encrypt是通的,而你自己又可以用http://正常访问要创建SSL证书的域名,那唯一的解释就是就是机房拦截了let's encrypt过来的验证请求。
返回
发新帖