我是 kong 的新手。现在我正在尝试在 acme 插件的帮助下自动创建和更新 SSL 证书。根据他们的官方文档,我遵循了所有步骤,但现在它说
2022/01/07 12:23:44 [warn] 32#0: *2043 [kong] handler.lua:100 [acme] can't load cert and key from storage: failed to get from node cache: connection refused, context: ssl_certificate_by_lua*, client: 13.229.141.97, server: 0.0.0.0:8443
2022/01/07 12:23:44 [info] 32#0: *2042 SSL_do_handshake() failed (SSL: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:SSL alert number 48) while SSL handshaking, client: 13.229.141.97, server: 0.0.0.0:8443
- name: acme
config:
account_email: myemail@gmail.com
domains:
- "example.mydomain.net"
tos_accepted: true
renew_threshold_days: 30
storage: redis
storage_config:
redis:
auth: "password123"
host: "127.0.0.1"
port: 6379
database: 0
我还创建了服务和路线
- name: acme-dummy
url: http://127.0.0.1:65535
routes:
- name: acme-dummy
protocols:
- http
paths:
- /.well-known/acme-challenge
在 docker-compose 文件中添加了以下行
KONG_LUA_SSL_TRUSTED_CERTIFICATE=system