Phpseclib 在 certbot 工作时提前执行
Phpseclib early execution while certbot working
我正在使用 phpseclib 为我的域实施证书。
证书实施的典型流程如下:
[root@centos web]# sudo certbot --nginx -d somedomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for somedomain.com
Waiting for verification...
Cleaning up challenges
Resetting dropped connection: acme-v02.api.letsencrypt.org
Deploying Certificate to VirtualHost /home/admin/conf/web/somedomain.com.nginx.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /home/admin/conf/web/somedomain.com.nginx.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://somedomain.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=somedomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/somedomain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/somedomain.com/privkey.pem
Your cert will expire on 2019-11-23. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
相同命令的 PHP 脚本如下所示:
<?php
$hostname = '192.168.1.1'; //my hosting ip
$username = 'root';
$password = 'somesecret'; //password
include('Net/SSH2.php');
$ssh = new Net_SSH2($hostname);
if (!$ssh->login($username, $password)) {
exit('Login Failed');
}
echo $ssh->exec("sudo certbot --nginx -d somedomain.com");
我得到的输出:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Process finished with exit code 0
问题是脚本应该等待特定问题 ("Select the appropriate number [1-2] then [enter] (press 'c' to cancel):") 然后输入 2...
我尝试使用 ssh->write() 和 ssh->read() 但输出是一样的。
<?php
$hostname = '192.168.1.1'; //my hosting ip
$username = 'root';
$password = 'somesecret'; //password
include('Net/SSH2.php');
$ssh = new Net_SSH2($hostname);
if (!$ssh->login($username, $password)) {
exit('Login Failed');
}
$ssh->write("sudo certbot --nginx -d somedomain.com");
echo $ssh->read("Select the appropriate number [1-2] then [enter] (press 'c' to cancel):");
结果:
Last failed login: Sun Aug 25 21:04:23 CEST 2019 from 192.168.1.1 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Sun Aug 25 21:03:39 2019 from 192.168.1.1
sudo certbot --nginx -d somedomain.com[root@centos web]# sudo certbot --nginx -d somedomain.com
Process finished with exit code 0
请告知继续搜索的位置。
即使是最新的 pastebin.com link 也不包含 完整 SSH 日志,但无论如何。包含的内容足以了解发生了什么:
<- NET_SSH2_MSG_CHANNEL_DATA (since last: 2.5204, network: 0.0001s)
00000000 00:00:00:02:00:00:00:3a:53:61:76:69:6e:67:20:64 .......:Saving d
00000010 65:62:75:67:20:6c:6f:67:20:74:6f:20:2f:76:61:72 ebug log to /var
00000020 2f:6c:6f:67:2f:6c:65:74:73:65:6e:63:72:79:70:74 /log/letsencrypt
00000030 2f:6c:65:74:73:65:6e:63:72:79:70:74:2e:6c:6f:67 /letsencrypt.log
00000040 0d:0a ..
-> NET_SSH2_MSG_CHANNEL_EOF (since last: 7.4256, network: 0.0001s)
00000000 00:00:00:00 ....
phpseclib 的默认超时时间为 10 秒。 "Saving debug log" 消息需要 2.5 秒才能显示,下一行...我知道通常需要多长时间才能显示,但 phpseclib 在 ~7.5 秒后放弃。 7.5s+2.5s 是 10s,这是超时,因此 phpseclib 关闭连接的原因。
我猜 certbot 命令需要一段时间才能 运行。
我的建议是执行以下操作之一:
- 使用 nohup
- 通过
$ssh->setTimeout(0); 禁用超时
我正在使用 phpseclib 为我的域实施证书。
证书实施的典型流程如下:
[root@centos web]# sudo certbot --nginx -d somedomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for somedomain.com
Waiting for verification...
Cleaning up challenges
Resetting dropped connection: acme-v02.api.letsencrypt.org
Deploying Certificate to VirtualHost /home/admin/conf/web/somedomain.com.nginx.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /home/admin/conf/web/somedomain.com.nginx.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://somedomain.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=somedomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/somedomain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/somedomain.com/privkey.pem
Your cert will expire on 2019-11-23. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
相同命令的 PHP 脚本如下所示:
<?php
$hostname = '192.168.1.1'; //my hosting ip
$username = 'root';
$password = 'somesecret'; //password
include('Net/SSH2.php');
$ssh = new Net_SSH2($hostname);
if (!$ssh->login($username, $password)) {
exit('Login Failed');
}
echo $ssh->exec("sudo certbot --nginx -d somedomain.com");
我得到的输出:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Process finished with exit code 0
问题是脚本应该等待特定问题 ("Select the appropriate number [1-2] then [enter] (press 'c' to cancel):") 然后输入 2...
我尝试使用 ssh->write() 和 ssh->read() 但输出是一样的。
<?php
$hostname = '192.168.1.1'; //my hosting ip
$username = 'root';
$password = 'somesecret'; //password
include('Net/SSH2.php');
$ssh = new Net_SSH2($hostname);
if (!$ssh->login($username, $password)) {
exit('Login Failed');
}
$ssh->write("sudo certbot --nginx -d somedomain.com");
echo $ssh->read("Select the appropriate number [1-2] then [enter] (press 'c' to cancel):");
结果:
Last failed login: Sun Aug 25 21:04:23 CEST 2019 from 192.168.1.1 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Sun Aug 25 21:03:39 2019 from 192.168.1.1
sudo certbot --nginx -d somedomain.com[root@centos web]# sudo certbot --nginx -d somedomain.com
Process finished with exit code 0
请告知继续搜索的位置。
即使是最新的 pastebin.com link 也不包含 完整 SSH 日志,但无论如何。包含的内容足以了解发生了什么:
<- NET_SSH2_MSG_CHANNEL_DATA (since last: 2.5204, network: 0.0001s)
00000000 00:00:00:02:00:00:00:3a:53:61:76:69:6e:67:20:64 .......:Saving d
00000010 65:62:75:67:20:6c:6f:67:20:74:6f:20:2f:76:61:72 ebug log to /var
00000020 2f:6c:6f:67:2f:6c:65:74:73:65:6e:63:72:79:70:74 /log/letsencrypt
00000030 2f:6c:65:74:73:65:6e:63:72:79:70:74:2e:6c:6f:67 /letsencrypt.log
00000040 0d:0a ..
-> NET_SSH2_MSG_CHANNEL_EOF (since last: 7.4256, network: 0.0001s)
00000000 00:00:00:00 ....
phpseclib 的默认超时时间为 10 秒。 "Saving debug log" 消息需要 2.5 秒才能显示,下一行...我知道通常需要多长时间才能显示,但 phpseclib 在 ~7.5 秒后放弃。 7.5s+2.5s 是 10s,这是超时,因此 phpseclib 关闭连接的原因。
我猜 certbot 命令需要一段时间才能 运行。
我的建议是执行以下操作之一:
- 使用 nohup
- 通过
$ssh->setTimeout(0);禁用超时