证书在线申请错误,域名解析正常 可以正常访问

melodic 7天前 38







有大佬知道怎么解决吗。防火墙也是正常的

最新回复 (3)
  • 虚竹 7天前
    引用 2

    连接Let's Encrypt服务器超时。

    可用 curl 命令先测试下连通性:
    curl -v https://acme-v02.api.letsencrypt.org/

  • melodic 7天前
    引用 3

    通的

    * About to connect() to acme-v02.api.letsencrypt.org port 443 (#0)
    *   Trying 172.65.32.248...
    * Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    * Server certificate:
    *       subject: CN=acme-v01.api.letsencrypt.org
    *       start date: Jan 12 18:06:08 2020 GMT
    *       expire date: Apr 11 18:06:08 2020 GMT
    *       common name: acme-v01.api.letsencrypt.org
    *       issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
    > GET / HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: acme-v02.api.letsencrypt.org
    > Accept: */*
    > 
    < HTTP/1.1 200 OK
    < Server: nginx
    < Date: Mon, 23 Mar 2020 04:31:23 GMT
    < Content-Type: text/html
    < Content-Length: 2174
    < Last-Modified: Mon, 25 Feb 2019 20:15:27 GMT
    < Connection: keep-alive
    < ETag: "5c744cdf-87e"
    < X-Frame-Options: DENY
    < Strict-Transport-Security: max-age=604800
    < 
    <!DOCTYPE html>
    <html lang="en">
    <head>
      <meta charset="utf-8">
      <meta http-equiv="X-UA-Compatible" content="IE=edge">
      <meta name="viewport" content=
      "width=device-width, initial-scale=1">
    
      <title>Boulder: The Let's Encrypt CA</title>
      <link href=
      "//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css"
      rel="stylesheet" type="text/css">
      <link href=
      "//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css"
      rel="stylesheet" type="text/css">
    </head>
    
    <body>
      <div class="container-fluid">
        <div class="row">
          <div class="col-xs-6 text-right">
            <p style="font-size: 90px;">
            <i class="fa fa-barcode"></i></p>
          </div>
    
          <div class="col-xs-6 text-left">
            <h1>Boulder<br>
            <small>The Let's Encrypt CA</small></h1>
          </div>
        </div>
    
        <div class="row">
          <div class="col-xs-8 col-xs-offset-2 text-center">
            <h3>This is an <a href="https://github.com/letsencrypt/acme-spec/">ACME</a> Certificate Authority running <a href="https://github.com/letsencrypt/boulder">Boulder</a>.</h3>
            <p>This is a <em>programmatic</em> endpoint, an API for a computer to talk to. You should probably be using a specialized client to utilize the service, and not your web browser. See <a href="https://letsencrypt.org/"><tt>https://letsencrypt.org/</tt></a> for help.</p>
            <p>If you're trying to use this service, note that the starting point, <em>the directory</em>, is available at this URL: <a href="https://acme-v02.api.letsencrypt.org/directory"><tt>https://acme-v02.api.letsencrypt.org/directory</a></tt>.</p>
          </div>
        </div>
        <div class="row">
          <div class="col-xs-4 col-xs-offset-2 text-center">
            <p><a href="https://letsencrypt.status.io" title="Twitter">
              <i class="fa fa-area-chart"></i>
              Service Status (letsencrypt.status.io)
            </a></p>
          </div>
          <div class="col-xs-4 text-center">
            <p><a href="https://twitter.com/letsencrypt" title="Twitter">
              <i class="fa fa-twitter"></i>
              Check with us on Twitter
            </a></p>
          </div>
        </div> <!-- row -->
      </div>
    
    
    </body>
    </html>
    * Connection #0 to host acme-v02.api.letsencrypt.org left intact
  • 虚竹 7天前
    引用 4
    如果你服务器连接let's encrypt是通的,而你自己又可以用http://正常访问要创建SSL证书的域名,那唯一的解释就是就是机房拦截了let's encrypt过来的验证请求。
返回
发新帖