我有一个通过 DNS 质询获得的 Let's Encrypt 通配符证书。与此同时,我将 webapp 和证书迁移到了新服务器,更新该证书失败。
$ certbot renew --preferred-challenges dns --standalone
Processing /etc/letsencrypt/renewal/dedacted.de-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer nginx
Renewing an existing certificate
Performing the following challenges:
Attempting to renew cert (dedacted.de-0001) from /etc/letsencrypt/renewal/dedacted.de-0001.conf produced an unexpected error: None of the preferred challenges are supported by the selected plugin. Skipping.
这些是配置文件:
# renew_before_expiry = 30 days
version = 0.40.0
archive_dir = /etc/letsencrypt/archive/dedacted.de-0001
cert = /etc/letsencrypt/live/dedacted.de-0001/cert.pem
privkey = /etc/letsencrypt/live/dedacted.de-0001/privkey.pem
chain = /etc/letsencrypt/live/dedacted.de-0001/chain.pem
fullchain = /etc/letsencrypt/live/dedacted.de-0001/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = dedacted
authenticator = nginx
server = https://acme-v02.api.letsencrypt.org/directory
installer = nginx
我为更新命令尝试了不同的选项,但没有成功。
这是最后的调试日志:
2021-12-14 11:10:00,631:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 14 Dec 2021 10:10:00 GMT
Content-Type: application/json
Content-Length: 384
Connection: keep-alive
Boulder-Requester: 110278569
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: dedacted
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "dedacted.de"
},
"status": "pending",
"expires": "2021-12-20T14:57:56Z",
"challenges": [
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/dedacted/dedacted",
"token": "dedacted"
}
],
"wildcard": true
}
2021-12-14 11:10:00,632:DEBUG:acme.client:Storing nonce: dedacted
2021-12-14 11:10:00,632:INFO:certbot.auth_handler:Performing the following challenges:
2021-12-14 11:10:00,632:WARNING:certbot.renewal:Attempting to renew cert (dedacted.de-0001) from /etc/letsencrypt/renewal/dedacted.de-0001.conf produced an unexpected error: None of the preferred challenges are supported by the selected plugin. Skipping.
2021-12-14 11:10:00,635:DEBUG:certbot.renewal:Traceback was:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 462, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1208, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 320, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 396, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 62, in handle_authorizations
achalls = self._choose_challenges(authzrs)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 206, in _choose_challenges
self._get_chall_pref(authzr.body.identifier.value),
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 229, in _get_chall_pref
raise errors.AuthorizationError(
certbot.errors.AuthorizationError: None of the preferred challenges are supported by the selected plugin
我是否错过了安装一些支持通配符证书的东西,或者做了一些改变并且不再像以前那样支持它?