0

我有一个用于运行 Caddy 服务器的 Caddy 配置文件。该文件如下:

# Learn how to configure the Mercure.rocks Hub on http s://mercure.rocks/docs/hub/config
{
    http_port 4133
    https_port 4134
    email o@o.com
    # Debug mode (disable it in production!)
    {$DEBUG:debug}
    # HTTP/3 support
    servers {
        protocol {
            experimental_http3
        }
    }
}

{$SERVER_NAME:mydomain.com}
log

route {
    redir / /.well-known/mercure/ui/
    encode zstd gzip
    mercure {
        # Transport to use (default to Bolt)
        transport_url bolt://mercure.db
        # Publisher JWT key
        publisher_jwt xxxxx
        # Subscriber JWT key
        subscriber_jwt xxxxx
        # Permissive configuration for the development environment
        cors_origins *
        publish_origins *
        demo
        anonymous
        subscriptions
        # Extra directives
        #{$MERCURE_EXTRA_DIRECTIVES}
    }

    respond /healthz 200

    respond "Not Found" 404
}

服务器运行,我可以将其视为调试:

2021/08/16 16:43:45.313 INFO    using provided configuration    {"config_file": "Caddyfile.dev", "config_adapter": ""}
2021/08/16 16:43:45.315 WARN    input is not formatted with 'caddy fmt' {"adapter": "caddyfile", "file": "Caddyfile.dev", "line": 3}
2021/08/16 16:43:45.317 INFO    admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/08/16 16:43:45.317 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00022c000"}
2021/08/16 16:43:45.317 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS        {"server_name": "srv0", "https_port": 4134}
2021/08/16 16:43:45.317 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2021/08/16 16:43:45.325 INFO    http    enabling experimental HTTP/3 listener   {"addr": ":4134"}
2021/08/16 16:43:45.325 DEBUG   http    starting server loop    {"address": "[::]:4134", "http3": true, "tls": true}
2021/08/16 16:43:45.325 INFO    tls     cleaning storage unit   {"description": "FileStorage:/root/.local/share/caddy"}
2021/08/16 16:43:45.325 DEBUG   http    starting server loop    {"address": "[::]:4133", "http3": false, "tls": false}
2021/08/16 16:43:45.325 INFO    http    enabling automatic TLS certificate management   {"domains": ["mydomain.com"]}
2021/08/16 16:43:45.325 INFO    tls     finished cleaning storage units
2021/08/16 16:43:45.325 INFO    autosaved config (load with --resume flag)      {"file": "/root/.config/caddy/autosave.json"}
2021/08/16 16:43:45.325 INFO    serving initial configuration
2021/08/16 16:43:45.326 INFO    tls.obtain      acquiring lock  {"identifier": "mydomain.com"}
2021/08/16 16:43:45.327 INFO    tls.obtain      lock acquired   {"identifier": "mydomain.com"}
2021/08/16 16:43:45.342 DEBUG   tls.obtain      trying issuer 1/2       {"issuer": "acme-v02.api.letsencrypt.org-directory"}
2021/08/16 16:43:45.342 INFO    tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["mydomain.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "okamal@payclix.com"}
2021/08/16 16:43:45.342 INFO    tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["mydomain.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "okamal@payclix.com"}
2021/08/16 16:43:45.721 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "GET", "url": "https://acme-v02.api.letsencrypt.org/directory", "headers": {"User-Agent":["Caddy/2.4.3 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["658"],"Content-Type":["application/json"],"Date":["Mon, 16 Aug 2021 16:43:45 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
2021/08/16 16:43:45.797 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "HEAD", "url": "https://acme-v02.api.letsencrypt.org/acme/new-nonce", "headers": {"User-Agent":["Caddy/2.4.3 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Cache-Control":["public, max-age=0, no-cache"],"Date":["Mon, 16 Aug 2021 16:43:45 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0001spwHpiV827tu4Z_BqglCiuqRS8QLNk-dSiHK6bZJzo4"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
2021/08/16 16:43:45.916 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme-v02.api.letsencrypt.org/acme/new-order", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.3 CertMagic acmez (linux; amd64)"]}, "status_code": 429, "response_headers": {"Boulder-Requester":["163828690"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["201"],"Content-Type":["application/problem+json"],"Date":["Mon, 16 Aug 2021 16:43:45 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0002SuojrOsc0yzZEKtp5DfglHA9l14FJH4CwYqwJMOFj0Y"],"Server":["nginx"]}}
2021/08/16 16:43:45.916 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "mydomain.com", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 429 urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/"}
2021/08/16 16:43:45.916 DEBUG   tls.obtain      trying issuer 2/2       {"issuer": "acme.zerossl.com-v2-DV90"}
2021/08/16 16:43:45.916 INFO    tls.issuance.acme       waiting on internal rate limiter        {"identifiers": ["mydomain.com"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "okamal@payclix.com"}
2021/08/16 16:43:45.916 INFO    tls.issuance.acme       done waiting on internal rate limiter   {"identifiers": ["mydomain.com"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "okamal@payclix.com"}
2021/08/16 16:43:46.041 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "GET", "url": "https://acme.zerossl.com/v2/DV90", "headers": {"User-Agent":["Caddy/2.4.3 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Mon, 16 Aug 2021 16:43:45 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/08/16 16:43:46.085 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "HEAD", "url": "https://acme.zerossl.com/v2/DV90/newNonce", "headers": {"User-Agent":["Caddy/2.4.3 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Mon, 16 Aug 2021 16:43:45 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["6TWEnhGlXyBcnS19DbsDasdWigQZsTQHMrFKQ9pr4o4"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/08/16 16:43:46.160 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/newOrder", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.3 CertMagic acmez (linux; amd64)"]}, "status_code": 201, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["283"],"Content-Type":["application/json"],"Date":["Mon, 16 Aug 2021 16:43:45 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/9h0UX8Yo34p_GGZaT_zWIQ"],"Replay-Nonce":["-NvTW4RchLS_pXnCMh0HrS67MCTvWTUG76gqnKM-A7g"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]}}
2021/08/16 16:43:46.212 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/we6-Zltjgw9VPYbSx0AF1Q", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.3 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["451"],"Content-Type":["application/json"],"Date":["Mon, 16 Aug 2021 16:43:46 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["FfegJK6gtDZEEFpf-GFvRRNJ9GduDyYiPZCTmMADJMw"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/08/16 16:43:46.212 DEBUG   tls.issuance.acme.acme_client   no solver configured    {"challenge_type": "dns-01"}
2021/08/16 16:43:46.212 INFO    tls.issuance.acme.acme_client   trying to solve challenge       {"identifier": "mydomain.com", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2021/08/16 16:43:46.293 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/chall/3hFG1IMiTMekeXpAKrW-oQ", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.3 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["164"],"Content-Type":["application/json"],"Date":["Mon, 16 Aug 2021 16:43:46 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\"","<https://acme.zerossl.com/v2/DV90/authz/we6-Zltjgw9VPYbSx0AF1Q>;rel=\"up\""],"Replay-Nonce":["SLSrlRBpsURZN5YncK0_z6oK64ddQdWDLY5uuNk4NC8"],"Retry-After":["10"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}
2021/08/16 16:43:46.293 DEBUG   tls.issuance.acme.acme_client   challenge accepted      {"identifier": "mydomain.com", "challenge_type": "http-01"}
2021/08/16 16:43:46.602 DEBUG   tls.issuance.acme.acme_client   http request    {"method": "POST", "url": "https://acme.zerossl.com/v2/DV90/authz/we6-Zltjgw9VPYbSx0AF1Q", "headers": {"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.3 CertMagic acmez (linux; amd64)"]}, "status_code": 200, "response_headers": {"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["454"],"Content-Type":["application/json"],"Date":["Mon, 16 Aug 2021 16:43:46 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["JrRWFqor2XunNEPssEjwQGpGQiB6a-jqlwpGj0owKhE"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]}}

我的问题是,当我转到 http s://mydomain.com:4134 时,它显示 SSL 错误:

This site can’t provide a secure connection 
mydomain.com sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR

上面的调试显示已安装证书(2021/08/16 16:43:46.293 DEBUG tls.issuance.acme.acme_client 挑战接受)那么为什么加载它仍然存在问题?

谢谢。

4

0 回答 0