lnmp+ssl证书Let‘s Encrypt签发失败原因及解决方法

Starting create SSL Certificate use Let's Encrypt...
[Fri Jun 18 08:12:55 CST 2021] Using CA: https://acme.zerossl.com/v2/DV90
[Fri Jun 18 08:12:55 CST 2021] No EAB credentials found for ZeroSSL, let's get one
[Fri Jun 18 08:12:55 CST 2021] acme.sh is using ZeroSSL as default CA now.
[Fri Jun 18 08:12:55 CST 2021] Please update your account with an email address first.
[Fri Jun 18 08:12:55 CST 2021] acme.sh --register-account -m 该邮件地址已受到反垃圾邮件插件保护。要显示它需要在浏览器中启用 JavaScript。
[Fri Jun 18 08:12:55 CST 2021] See: https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA
[Fri Jun 18 08:12:55 CST 2021] Please check log file for more details: /usr/local/acme.sh/acme.sh.log
Let's Encrypt SSL Certificate create failed!
下面是日志
[Fri Jun 18 08:12:54 CST 2021] Running cmd: issue
[Fri Jun 18 08:12:54 CST 2021] _main_domain='www.l***.com'
[Fri Jun 18 08:12:54 CST 2021] _alt_domains='no'
[Fri Jun 18 08:12:54 CST 2021] Using config home:/usr/local/acme.sh
[Fri Jun 18 08:12:54 CST 2021] default_acme_server
[Fri Jun 18 08:12:54 CST 2021] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri Jun 18 08:12:54 CST 2021] DOMAIN_PATH='/usr/local/nginx/conf/ssl/www.l***.com'
[Fri Jun 18 08:12:54 CST 2021] Using ACME_DIRECTORY: https://acme.zerossl.com/v2/DV90
[Fri Jun 18 08:12:54 CST 2021] _init api for server: https://acme.zerossl.com/v2/DV90
[Fri Jun 18 08:12:54 CST 2021] GET
[Fri Jun 18 08:12:54 CST 2021] url='https://acme.zerossl.com/v2/DV90'
[Fri Jun 18 08:12:54 CST 2021] timeout=
[Fri Jun 18 08:12:54 CST 2021] _CURL='curl --silent --dump-header /usr/local/acme.sh/http.header  -L  -g '
[Fri Jun 18 08:12:55 CST 2021] ret='0'
[Fri Jun 18 08:12:55 CST 2021] ACME_KEY_CHANGE='https://acme.zerossl.com/v2/DV90/keyChange'
[Fri Jun 18 08:12:55 CST 2021] ACME_NEW_AUTHZ
[Fri Jun 18 08:12:55 CST 2021] ACME_NEW_ORDER='https://acme.zerossl.com/v2/DV90/newOrder'
[Fri Jun 18 08:12:55 CST 2021] ACME_NEW_ACCOUNT='https://acme.zerossl.com/v2/DV90/newAccount'
[Fri Jun 18 08:12:55 CST 2021] ACME_REVOKE_CERT='https://acme.zerossl.com/v2/DV90/revokeCert'
[Fri Jun 18 08:12:55 CST 2021] ACME_AGREEMENT='https://secure.trust-provider.com/repository/docs/Legacy/20201020_Certificate_Subscriber_Agreement_v_2_4_click.pdf'
[Fri Jun 18 08:12:55 CST 2021] ACME_NEW_NONCE='https://acme.zerossl.com/v2/DV90/newNonce'
[Fri Jun 18 08:12:55 CST 2021] Le_NextRenewTime
[Fri Jun 18 08:12:55 CST 2021] Using CA: https://acme.zerossl.com/v2/DV90
[Fri Jun 18 08:12:55 CST 2021] _on_before_issue
[Fri Jun 18 08:12:55 CST 2021] _chk_main_domain='www.***.com'
[Fri Jun 18 08:12:55 CST 2021] _chk_alt_domains
[Fri Jun 18 08:12:55 CST 2021] Le_LocalAddress
[Fri Jun 18 08:12:55 CST 2021] d='www.***.com'
[Fri Jun 18 08:12:55 CST 2021] Check for domain='www.***.com'
[Fri Jun 18 08:12:55 CST 2021] _currentRoot='/home/wwwroot/www.***.com'
[Fri Jun 18 08:12:55 CST 2021] d
[Fri Jun 18 08:12:55 CST 2021] config file is empty, can not read CA_KEY_HASH
[Fri Jun 18 08:12:55 CST 2021] Using config home:/usr/local/acme.sh
[Fri Jun 18 08:12:55 CST 2021] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Fri Jun 18 08:12:55 CST 2021] _init api for server: https://acme.zerossl.com/v2/DV90
[Fri Jun 18 08:12:55 CST 2021] RSA key
[Fri Jun 18 08:12:55 CST 2021] config file is empty, can not read CA_EAB_KEY_ID
[Fri Jun 18 08:12:55 CST 2021] config file is empty, can not read CA_EAB_HMAC_KEY
[Fri Jun 18 08:12:55 CST 2021] config file is empty, can not read CA_EMAIL
[Fri Jun 18 08:12:55 CST 2021] No EAB credentials found for ZeroSSL, let's get one
[Fri Jun 18 08:12:55 CST 2021] [1;32macme.sh is using ZeroSSL as default CA now.[0m
[Fri Jun 18 08:12:55 CST 2021] [1;32mPlease update your account with an email address first.[0m
[Fri Jun 18 08:12:55 CST 2021] [1;32macme.sh --register-account -m 该邮件地址已受到反垃圾邮件插件保护。要显示它需要在浏览器中启用 JavaScript。[0m
[Fri Jun 18 08:12:55 CST 2021] See: [1;32mhttps://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA[0m
[Fri Jun 18 08:12:55 CST 2021] _on_issue_err
[Fri Jun 18 08:12:55 CST 2021] Please check log file for more details: /usr/local/acme.sh/acme.sh.log

原因:由于acme.sh第3版后修改默认证书let’s encrypt为zerossl导致的。

方法一:

添加ssl证书前执行:export ACCOUNT_EMAIL=”你的邮箱该邮件地址已受到反垃圾邮件插件保护。要显示它需要在浏览器中启用 JavaScript。

方法二:

执行命令: /usr/local/acme.sh/acme.sh --set-default-ca --server letsencrypt

这样设置let’s encrypt为默认ssl证书就可以了。

 

计算机