Original link: https://www.ixiqin.com/2023/08/15/debug-under-unsuccessful-renewal-of-acme-sh/
My domain name certificate is currently basically 100% using acme.sh, a free bowl, the only problem is that it needs to be renewed. It may not be friendly to some scenarios involving CDN. However, my CDN often does not use the main domain name too much, so it is acceptable.
Recently, when renewing a domain name, an error occurred.
Renewal code:
"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"The error is as follows:
[Sun Aug 13 06:02:43 PM CST 2023] Renew: 'replace.com' [Sun Aug 13 06:02:43 PM CST 2023] Renew to Le_API=https://acme.zerossl.com/v2/DV90 [Sun Aug 13 06:02:43 PM CST 2023] Using CA: https://acme.zerossl.com/v2/DV90 [Sun Aug 13 06:02:44 PM CST 2023] Multi domain='DNS:replace.com,DNS:feishu.io' [Sun Aug 13 06:02:44 PM CST 2023] Getting domain auth token for each domain [Sun Aug 13 06:02:48 PM CST 2023] Getting webroot for domain='replace.com' [Sun Aug 13 06:02:48 PM CST 2023] Getting webroot for domain='feishu.io' [Sun Aug 13 06:02:48 PM CST 2023] Verifying: replace.com [Sun Aug 13 06:02:49 PM CST 2023] Processing, The CA is processing your order, please just wait. (1/30) [Sun Aug 13 06:02:53 PM CST 2023] replace.com:Verify error:"error":{ [Sun Aug 13 06:02:53 PM CST 2023] Please add '--debug' or '--log' to check more details. [Sun Aug 13 06:02:53 PM CST 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Sun Aug 13 06:02:55 PM CST 2023] Error renew replace.com.
After a problem occurs, you can view the response log by adding --debug to the command. The debug command is as follows:
"/root/.acme.sh"/acme.sh --cron --debug --home "/root/.acme.sh"In the new output, it shows where I am stuck
[Sun Aug 13 06:04:49 PM CST 2023] replace.com:Verify error:"error":{ [Sun Aug 13 06:04:49 PM CST 2023] Debug: get token url. [Sun Aug 13 06:04:49 PM CST 2023] GET [Sun Aug 13 06:04:49 PM CST 2023] url='http://replace.com/.well-known/acme-challenge/rm-enWjHphDeyjXtfXu2mi1V-D6cZY8EHAe_Gi7TmC4' [Sun Aug 13 06:04:49 PM CST 2023] timeout=1 [Sun Aug 13 06:04:49 PM CST 2023] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L --connect-timeout 1' <html> <head><title>404 Not Found</title></head> <body> <center><h1>404 Not Found</h1></center> <hr><center>nginx</center> </body> </html> [Sun Aug 13 06:04:49 PM CST 2023] ret='0'
The error report of acme.sh is very clear. My error report is because the verification file in /.well-known/ in my file directory cannot be found, so I report an error. Then I just need to check my Nginx configuration. Here, because my Nginx configuration root directory is not in the directory specified by default (because Docker is used, nginx is just a proxy), so I need to modify it to the real webroot.
Modify Le_Webroot configuration in ~/.acme.sh/replace.com/replace.com.conf to the real webroot, and then re-sign, the domain name is successfully signed.
This article is reproduced from: https://www.ixiqin.com/2023/08/15/debug-under-unsuccessful-renewal-of-acme-sh/
This site is only for collection, and the copyright belongs to the original author.