使用 RamNode 的交钥匙 Linux 发行版,我注意到我的网站证书已过期,并且 https 链接被标记为“继续”对话框。进一步研究这个问题,Turnkey Linux 使用 confconsole 和 Let's Encrypt 来请求新证书。多个 [virtual] 域要求用户手动使用 cronjob 每天在 /etc/cron.daily/confconsole-dehydrad 下调用的 dehydrad-wrapper,但会导致错误:
/var/log/confconsole/letsencrypt.log
[2019-03-09 05:35:04] dehydrated-wrapper: FATAL: An unexpected service is listening on port 80: nginx:
[2019-03-09 05:35:04] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
Restarting SSL tunnels: [stopped: /etc/stunnel/stunnel.conf] [Started: /etc/stunnel/stunnel.conf] stunnel.
[2019-03-09 05:35:09] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.
[2019-03-09 05:35:09] cron: ERROR: dehydrated-wrapper exited with a non-zero exit code.
[2019-03-10 05:35:04] cron: /etc/ssl/private/cert.pem has expired or will do so within 30 days. Attempting renewal.
解决方案:更新 /usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrad-wrapper
代替:
netstat -ltpn | grep ":80 " | head -1 | cut -d/ -f2 | sed -e 's [[:space:]].*$||'
和:
netstat -ltpn | grep ":80 " | head -1 | cut -d/ -f2 \
| sed -e 's|[[:space:]].*$||; s|[^a-zA-Z0-9]||'
就像在这个提交中一样https://github.com/turnkeylinux/confconsole/commit/d1e61c4767c2148663429d63bc3a42925af8cbcd
然后再次手动运行 cronjob 或等待明天:/etc/cron.daily/confconsole-dehydrad
[2019-03-31 19:26:45] confconsole.hook.sh: SUCCESS: Cert request successful. Writing cert.pem & cert.key for DOMAIN1 to /etc/ssl/private
[2019-03-31 19:26:52] confconsole.hook.sh: SUCCESS: Cert request successful. Writing cert.pem & cert.key for DOMAIN2 to /etc/ssl/private
[2019-03-31 19:26:59] confconsole.hook.sh: SUCCESS: Cert request successful. Writing cert.pem & cert.key for DOMAIN3 to /etc/ssl/private
谢谢你,我希望它可以节省你一些时间