Let's Encrypt总是姨妈

问答中心分类: OneinStackLet's Encrypt总是姨妈
minmemory asked 7 年 ago

一开始提示ascii的问题,我手工创建了 /usr/local/python/lib/python2.7/site-packages/sitecustomize.py 设定了utf8后又报其他的错...
An unexpected error occurred:
There were too many requests of a given type :: Error creating new authz :: Too many invalid authorizations recently.
Please see the logfiles in /var/log/letsencrypt for more details.
Error: Let's Encrypt SSL certificate installation failed!

5 Answers

Best Answer

oneinstack answered 7 年 ago
Too many invalid authorizations recently 授权次数太多,被let's服务器禁用了吧。

minmemory answered 7 年 ago
完整错误信息,域名以bar.foo代替

2017-07-04 08:57:30,707EBUG:certbot.main:certbot version: 0.15.0
2017-07-04 08:57:30,707EBUG:certbot.main:Arguments: ['--webroot', '--agree-tos', '--quiet', '--email', 'service@bar.foo', '-w', '/data/wwwroot/bar.foo', '-d', 'bar.foo', '-d', 'www.bar.foo']
2017-07-04 08:57:30,707EBUG:certbot.mainiscovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-07-04 08:57:30,720EBUG:certbot.log:Root logging level set at 30
2017-07-04 08:57:30,720:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-07-04 08:57:30,721EBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-07-04 08:57:30,725EBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fd0841bf890>
Prep: True
2017-07-04 08:57:30,726EBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fd0841bf890> and installer None
2017-07-04 08:57:30,730EBUG:certbot.mainicked account: <Account(RegistrationResource(body=Registration(status=None, contact=(u'mailto:service@bar.foo',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fd0838f4b90>>), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/18357612', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), 71eead837f9aaa9c213142a87d1cfa28, Meta(creation_host=u'localhost', creation_dt=datetime.datetime(2017, 7, 4, 8, 10, 17, tzinfo=<UTC>))>
2017-07-04 08:57:30,731EBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-07-04 08:57:30,733EBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-07-04 08:57:32,396EBUG:urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 352
2017-07-04 08:57:32,398EBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 352
Boulder-Request-Id: TPGyinS_Gw8gPBK61hBhBuw5GcjRQf8x2vJ4mebKLjE
Replay-Nonce: P4LvR2vIrJyq-Fpx-SdueIplDA6r5gYDzGu3RPma_UA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Tue, 04 Jul 2017 08:57:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 04 Jul 2017 08:57:31 GMT
Connection: keep-alive

{
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
2017-07-04 08:57:32,400:INFO:certbot.mainbtaining a new certificate
2017-07-04 08:57:32,400EBUG:acme.client:Requesting fresh nonce
2017-07-04 08:57:32,400EBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2017-07-04 08:57:32,608EBUG:urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0
2017-07-04 08:57:32,610EBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: CP7vXWVN_MPV77QCIAuj44173T-dNIefpJ9KARb5z4Q
Replay-Nonce: Wn7b7E3iuPiDPdvLHRe2d02MpUFwFzCKDS9bwnoq6cs
Expires: Tue, 04 Jul 2017 08:57:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 04 Jul 2017 08:57:32 GMT
Connection: keep-alive


2017-07-04 08:57:32,611EBUG:acme.client:Storing nonce: Wn7b7E3iuPiDPdvLHRe2d02MpUFwFzCKDS9bwnoq6cs
2017-07-04 08:57:32,611EBUG:acme.client:JWS payload:
{
"identifier": {
"type": "dns",
"value": "bar.foo"
},
"resource": "new-authz"
}
2017-07-04 08:57:32,616EBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
"protected": "eyJub25jZSI6ICJXbjdiN0UzaXVQaURQZHZMSFJlMmQwMk1wVUZ3RnpDS0RTOWJ3bm9xNmNzIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAieS1jcXQzVk9peVgtdkJ5Zm1GS21oV0NCc2ZoVVI1NFZrblB3Z1dxVWlkMzNsZDNaTXlScFRzQl9FN0VIc015U2xzMjdmdW9LZ2xCcnBydFZiR3l3bmhsYlRWdjhqWlNpN0FIN196MV9MeXVVV0czT0Y0dnFmZGxwb2tnSjd6dDZRU0xYN3UxQzd2dUx6OEQ5Ui14akpieFdYYVpTVHdndDFrZWY3QlBxNDRZWDlVQlBFMmtGUUw2YllINE5ZVjFaNmF0SUUtZHlVZXJyMVRYQWYxeHNKanUtVnU3VUstQjRrQklPUzhTMzI5SlA2RzExeXlIUUNrTHM4M2dEWVduRzBpTzJtZFRMSERLQjdlVHk0cE1VUlgtbk13SHNtU0ZvNzA5RVBZZnRDMGpaMHRJOWpFVGNMOUp1b2p0dVBvZUpiZ3JONTJpWlFQbkxOT21zS0x3ZF9RIn19",
"payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAiaW90LWd6LmNuIgogIH0sIAogICJyZXNvdXJjZSI6ICJuZXctYXV0aHoiCn0",
"signature": "SQzWEmXdakzhAEmXxyZzQCutv4KMfKK-Qz1_5HnsbJQBSBHmNxKvPzUgdtw1YCH0RK9la7RHPQQGqUdm0tjPBloN-xFMoqd281dDkgyaph4DqwLF3xuPU0BrrAhyjAcrTD5DFcwqVkW9Yt2YdbwDZJUnr9JZpDVwhr_ebyy22qA2wHPyS-hptWnNDxFc4CIrf-KHmBZO4mJWAL-hsxF9Jn9EMkG6pSz7GdRZzCoALCQZFiDN4z4atfC3Wr6K2L61wYXoZWCW5D8YU0ZWQn_9NzCOD3_tchxcxWHqm5dx1P06l1jyWJoywffvSkCpA_53iDPMAsNiV5YZIskvnA1mXA"
}
2017-07-04 08:57:32,832EBUG:urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 429 144
2017-07-04 08:57:32,834EBUG:acme.client:Received response:
HTTP 429
Server: nginx
Content-Type: application/problem+json
Content-Length: 144
Boulder-Request-Id: wBvkofes-4tuvRzfcgUNI4uApdiVmnzDFY6cC1subqE
Boulder-Requester: 18357612
Replay-Nonce: GN5nbiNBYZYwEpx8snpenJwrLkRzcSDkYCYdy2e-BVU
Expires: Tue, 04 Jul 2017 08:57:32 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 04 Jul 2017 08:57:32 GMT
Connection: close

{
"type": "urn:acme:error:rateLimited",
"detail": "Error creating new authz :: Too many invalid authorizations recently.",
"status": 429
}
2017-07-04 08:57:32,835EBUG:acme.client:Storing nonce: GN5nbiNBYZYwEpx8snpenJwrLkRzcSDkYCYdy2e-BVU
2017-07-04 08:57:32,835EBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/python/bin/certbot", line 11, in <module>
sys.exit(main())
File "/usr/local/python/lib/python2.7/site-packages/certbot/main.py", line 743, in main
return config.func(config, plugins)
File "/usr/local/python/lib/python2.7/site-packages/certbot/main.py", line 683, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/local/python/lib/python2.7/site-packages/certbot/main.py", line 82, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/local/python/lib/python2.7/site-packages/certbot/client.py", line 344, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/usr/local/python/lib/python2.7/site-packages/certbot/client.py", line 313, in obtain_certificate
self.config.allow_subset_of_names)
File "/usr/local/python/lib/python2.7/site-packages/certbot/auth_handler.py", line 66, in get_authorizations
self.authzr[domain] = self.acme.request_domain_challenges(domain)
File "/usr/local/python/lib/python2.7/site-packages/acme/client.py", line 212, in request_domain_challenges
typ=messages.IDENTIFIER_FQDN, value=domain), new_authzr_uri)
File "/usr/local/python/lib/python2.7/site-packages/acme/client.py", line 191, in request_challenges
response = self.net.post(self.directory.new_authz, new_authz)
File "/usr/local/python/lib/python2.7/site-packages/acme/client.py", line 677, in post
return self._post_once(*args, **kwargs)
File "/usr/local/python/lib/python2.7/site-packages/acme/client.py", line 690, in _post_once
return self._check_response(response, content_type=content_type)
File "/usr/local/python/lib/python2.7/site-packages/acme/client.py", line 577, in _check_response
raise messages.Error.from_json(jobj)
Error: urn:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new authz :: Too many invalid authorizations recently.

minmemory answered 7 年 ago
Please enter Administrator Email(example: admin@example.com): service@iot-gz.cn
Failed authorization procedure. iot-gz.cn (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://iot-gz.cn/.well-known/acme-challenge/3L2MpcJ807DY_dKtJKSecB5h8yLpHw_KVZ7WoCSzWiQ: "<!DOCTYPE html>
<html>
<head lang="en">
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chro", http://www.iot-gz.cn (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.iot-gz.cn/.well-known/acme-challenge/FuQSJslzw1z_kdbxGXoFhqTMXxw9qVIin-1rY-224mA: "<!DOCTYPE html>
<html>
<head lang="en">
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chro"
Error: Let's Encrypt SSL certificate installation failed!

Start your code here

minmemory answered 7 年 ago
雾草域名忘了替换....还好不是我的只是给一个项目弄
不过你们oneinstack还是不行啊,关键时刻掉链子,如果letsencrypt再姨妈就只能换回lnmp,org了

andy.zhang answered 7 年 ago
我估计是他的DNS的问题,阿里云的服务器的dns好像解析不了。我换成dnspod才成功的。