求助,架设 tls+cloudflare cdn+v2, caddy 工作不正常...
qazwsxkevin · 2020-03-03 11:19:22 +08:00 · 3331 次点击这是一个创建于 1708 天前的主题,其中的信息可能已经有所发展或是发生改变。
按照这个攻略来做的,
https://www.bandwh.com/kxsw/30.html
以前试着成功过一台服务器,今天用新的域名,在新的另外一台服务器(另外一个 vps 提供商)上操作,结果一直是不成功,看日志提示如下,提示说是连不上 8.8.8.8 ? 但应该不是的,搞不清楚,还请各位高手帮我看看问题所在? 谢谢!!(部分内容做了处理)
[root@testServer /tmp]$cat /etc/caddy/caddy.conf
test.test.com
{
tls [email protected]
log /var/log/caddy.log
proxy / localhost:10000 {
websocket
header_upstream -Origin
}
}
[root@testServer /tmp]$
[root@testServer /tmp]$cat /usr/local/caddy/Caddyfile
test.test.com
{
log /var/log/caddy.log
proxy /localhost:10000 {
websocket
header_upstream -Origin
}
}
[root@testServer /tmp]$cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
[root@testServer /tmp]$
[root@testServer /tmp]$
[root@testServer /tmp]$
[root@testServer /tmp]$cat /etc/sysconfig/network-scripts/ifcfg-eth0
# XenSystem Ethernet
DEVICE=eth0
BOOTPROTO=static
IPADDR=x.x.x.x
NETMASK=255.255.255.192
GATEWAY=x.x.x.129
onboot=YES
DNS1=8.8.8.8
[root@testServer /tmp]$
[root@testServer /tmp]$
[root@testServer /tmp]$service caddy start
[root@testServer /root]$service caddy start
[信息] Caddy 启动成功 !
[root@testServer /tmp]$
[root@testServer /tmp]$cat ./caddy.log
Activating privacy features... 2020/03/03 09:34:41 get Agreement URL: Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 8.8.8.8:53: dial udp 8.8.8.8:53: connect: network is unreachable
Activating privacy features...
Your sites will be served over HTTPS automatically using Let's Encrypt.
By continuing, you agree to the Let's Encrypt Subscriber Agreement at:
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Please enter your email address to signify agreement and to be notified
in case of issues. You can leave it blank, but we don't recommend it.
Email address: 2020/03/03 10:38:44 [INFO] [test.test.com] acme: Obtaining bundled SAN certificate
2020/03/03 10:38:45 [INFO] [test.test.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8888888888
2020/03/03 10:38:45 [INFO] [test.test.com] acme: use tls-alpn-01 solver
2020/03/03 10:38:45 [INFO] [test.test.com] acme: Trying to solve TLS-ALPN-01
2020/03/03 10:38:54 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8888888888
2020/03/03 10:38:54 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8888888888
2020/03/03 10:38:55 [INFO] [test.test.com] acme: Obtaining bundled SAN certificate
2020/03/03 10:38:56 [INFO] [test.test.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7777777777
2020/03/03 10:38:56 [INFO] [test.test.com] acme: use tls-alpn-01 solver
2020/03/03 10:38:56 [INFO] [test.test.com] acme: Trying to solve TLS-ALPN-01
2020/03/03 10:38:57 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7777777777
2020/03/03 10:38:57 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7777777777
2020/03/03 10:38:58 [INFO] [test.test.com] acme: Obtaining bundled SAN certificate
2020/03/03 10:38:59 [INFO] [test.test.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3121973774
2020/03/03 10:38:59 [INFO] [test.test.com] acme: use tls-alpn-01 solver
2020/03/03 10:38:59 [INFO] [test.test.com] acme: Trying to solve TLS-ALPN-01
2020/03/03 10:39:00 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3121977777
2020/03/03 10:39:00 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3121973774
2020/03/03 10:39:01 [INFO] [test.test.com] acme: Obtaining bundled SAN certificate
2020/03/03 10:39:02 [INFO] [test.test.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3121974306
2020/03/03 10:39:02 [INFO] [test.test.com] acme: Could not find solver for: tls-alpn-01
2020/03/03 10:39:02 [INFO] [test.test.com] acme: use http-01 solver
2020/03/03 10:39:02 [INFO] [test.test.com] acme: Trying to solve HTTP-01
2020/03/03 10:39:07 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3121974777
2020/03/03 10:39:07 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3121977777
2020/03/03 10:39:08 [INFO] [test.test.com] acme: Obtaining bundled SAN certificate
2020/03/03 10:39:08 [INFO] [test.test.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/312777777
2020/03/03 10:39:08 [INFO] [test.test.com] acme: Could not find solver for: tls-alpn-01
2020/03/03 10:39:08 [INFO] [test.test.com] acme: use http-01 solver
2020/03/03 10:39:08 [INFO] [test.test.com] acme: Trying to solve HTTP-01
2020/03/03 10:39:09 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/31666666
2020/03/03 10:39:09 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/3177777777
2020/03/03 10:39:10 [INFO] [test.test.com] acme: Obtaining bundled SAN certificate
2020/03/03 10:39:12 failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url:
8 条回复 • 2020-03-03 17:44:42 +08:00
 |
1
fzinfz 2020-03-03 12:48:08 +08:00 via iPhone
too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
|
 |
2
jy02201949 2020-03-03 13:04:35 +08:00
用 caddy 自动申请证书就容易出这个问题
|
 |
3
11dad 2020-03-03 13:10:08 +08:00
手动配置吧 配 v2 的时候选不自动
|
 |
4
qazwsxkevin OP |
 |
5
Yourshell 2020-03-03 17:11:44 +08:00 via iPhone
套 cf 用它提供的证书就好了
|
|
6
qazwsxkevin OP @Yourshell 噢,根据你线索找到了,cf 的确是有这个自带的 ssl 操作,请教个问题,在 caddy 本身的配置,应该如何使用这个 SSL 证书?
|
|
7
Yourshell 2020-03-03 17:33:02 +08:00
|
 |
8
jim9606 2020-03-03 17:44:42 +08:00
建议你测试时用另一个二级域名或者换用 staging CA 测试,确认工作正常再换用正式 CA ( https://letsencrypt.org/docs/staging-environment/),caddy 配置有一个选项可以改 CA ( https://caddyserver.com/v1/docs/tls )
caddy 的自动重试确实很容易触发 limit,所以一发现 error 就马上 stop 检查日志 我很奇怪的是为啥你的 vps 是在系统里手动设置 ip 和 dns 的,通常不是都用 dhcp 的吗? |
Select Language