无法获取域的 ACME 证书\"mydomain.com,www.mydomain.com\"
Unable to obtain ACME certificate for domains \"mydomain.com,www.mydomain.com\"
我正在启动一个带有 cookiecutter-django 的项目,部署 docker,由于某些原因,traefik 无法获得 letsencrypt 证书,这是错误:
traefik_1 | time="2022-01-29T03:23:51Z" level=error msg="Unable to obtain ACME certificate for domains \"somedomain.com,www.somedomain.com\": unable to generate a certificate for the domains [somedomain.com www.somedomain.com]: error: one or more domains had a problem:\n[somedomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://somedomain.com/.well-known/acme-challenge/XsBT222XeYdWT04Gdekbvla26NgRLbDh1890UQ_QHuM [2607:f1c0:100f:f000::290]: 204, url: \n[www.somedomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://www.somedomain.com/.well-known/acme-challenge/AcnM8qIjv-RFpBKxDfkXzUfuSG2fRk-rjhrisHUlcTE [2607:f1c0:100f:f000::290]: 204, url: \n" providerName=letsencrypt.acme routerName=web-secure-router@file rule="Host(`somedomain.com`) || Host(`www.somedomain.com`)"
我也试过让我们加密暂存端点,错误是一样的:caServer:https://acme-staging-v02.api.letsencrypt.org/directory
traefik_1 | time="2022-01-29T03:51:26Z" level=info msg="Starting provider *acme.Provider {\"email\":\"my@email.com\",\"caServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",\"storage\":\"/etc/traefik/acme/acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"},\"ResolverName\":\"letsencrypt\",\"store\":{},\"ChallengeStore\":{}}"
traefik_1 | time="2022-01-29T03:51:26Z" level=info msg="Testing certificate renew..." providerName=letsencrypt.acme
traefik_1 | time="2022-01-29T03:51:26Z" level=info msg="Starting provider *traefik.Provider {}"
traefik_1 | time="2022-01-29T03:51:47Z" level=info msg=Register... providerName=letsencrypt.acme
traefik_1 | time="2022-01-29T04:55:48Z" level=error msg="Unable to obtain ACME certificate for domains \"somedomain.com\": unable to generate a certificate for the domains [somedomain.com]: error: one or more domains had a problem:\n[somedomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://somedomain.com/.well-known/acme-challenge/gaF6RncNKy17seTRhr944DQlFwBLUAFoL2MnNCJo1YY [2607:f1c0:100f:f000::290]: 204, url: \n" routerName=flower-router@file providerName=letsencrypt.acme rule="Host(`somedomain.com`)"
traefik_1 | time="2022-01-29T04:55:57Z" level=error msg="Unable to obtain ACME certificate for domains \"somedomain.com,www.somedomain.com\": unable to generate a certificate for the domains [www.somedomain.com]: error: one or more domains had a problem:\n[somedomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://somedomain.com/.well-known/acme-challenge/gaF6RncNKy17seTRhr944DQlFwBLUAFoL2MnNCJo1YY [2607:f1c0:100f:f000::290]: 204, url: \n[www.somedomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://www.somedomain.com/.well-known/acme-challenge/AsukH8wIdJthZeFMFpbulQvVKDprMrIObVmo9yRTpzo [2607:f1c0:100f:f000::290]: 204, url: \n" providerName=letsencrypt.acme routerName=web-secure-router@file rule="Host(`somedomain.com`) || Host(`www.somedomain.com`)"
我找不到任何关于错误的信息,我已经尝试设置非 tls 配置 here which it links here
我可以通过在浏览器上添加例外来使用域名访问我的应用程序。
你的AAAA记录正确吗?
Let's Encrypt 似乎在质询文件上返回了 204。通常的错误是将 AAAA 记录发送到与 A 记录不同的服务器,而 traefik 仅在 A 记录服务器上提供挑战文件。
我正在启动一个带有 cookiecutter-django 的项目,部署 docker,由于某些原因,traefik 无法获得 letsencrypt 证书,这是错误:
traefik_1 | time="2022-01-29T03:23:51Z" level=error msg="Unable to obtain ACME certificate for domains \"somedomain.com,www.somedomain.com\": unable to generate a certificate for the domains [somedomain.com www.somedomain.com]: error: one or more domains had a problem:\n[somedomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://somedomain.com/.well-known/acme-challenge/XsBT222XeYdWT04Gdekbvla26NgRLbDh1890UQ_QHuM [2607:f1c0:100f:f000::290]: 204, url: \n[www.somedomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://www.somedomain.com/.well-known/acme-challenge/AcnM8qIjv-RFpBKxDfkXzUfuSG2fRk-rjhrisHUlcTE [2607:f1c0:100f:f000::290]: 204, url: \n" providerName=letsencrypt.acme routerName=web-secure-router@file rule="Host(`somedomain.com`) || Host(`www.somedomain.com`)"
我也试过让我们加密暂存端点,错误是一样的:caServer:https://acme-staging-v02.api.letsencrypt.org/directory
traefik_1 | time="2022-01-29T03:51:26Z" level=info msg="Starting provider *acme.Provider {\"email\":\"my@email.com\",\"caServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",\"storage\":\"/etc/traefik/acme/acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"},\"ResolverName\":\"letsencrypt\",\"store\":{},\"ChallengeStore\":{}}"
traefik_1 | time="2022-01-29T03:51:26Z" level=info msg="Testing certificate renew..." providerName=letsencrypt.acme
traefik_1 | time="2022-01-29T03:51:26Z" level=info msg="Starting provider *traefik.Provider {}"
traefik_1 | time="2022-01-29T03:51:47Z" level=info msg=Register... providerName=letsencrypt.acme
traefik_1 | time="2022-01-29T04:55:48Z" level=error msg="Unable to obtain ACME certificate for domains \"somedomain.com\": unable to generate a certificate for the domains [somedomain.com]: error: one or more domains had a problem:\n[somedomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://somedomain.com/.well-known/acme-challenge/gaF6RncNKy17seTRhr944DQlFwBLUAFoL2MnNCJo1YY [2607:f1c0:100f:f000::290]: 204, url: \n" routerName=flower-router@file providerName=letsencrypt.acme rule="Host(`somedomain.com`)"
traefik_1 | time="2022-01-29T04:55:57Z" level=error msg="Unable to obtain ACME certificate for domains \"somedomain.com,www.somedomain.com\": unable to generate a certificate for the domains [www.somedomain.com]: error: one or more domains had a problem:\n[somedomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://somedomain.com/.well-known/acme-challenge/gaF6RncNKy17seTRhr944DQlFwBLUAFoL2MnNCJo1YY [2607:f1c0:100f:f000::290]: 204, url: \n[www.somedomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://www.somedomain.com/.well-known/acme-challenge/AsukH8wIdJthZeFMFpbulQvVKDprMrIObVmo9yRTpzo [2607:f1c0:100f:f000::290]: 204, url: \n" providerName=letsencrypt.acme routerName=web-secure-router@file rule="Host(`somedomain.com`) || Host(`www.somedomain.com`)"
我找不到任何关于错误的信息,我已经尝试设置非 tls 配置 here which it links here
我可以通过在浏览器上添加例外来使用域名访问我的应用程序。
你的AAAA记录正确吗?
Let's Encrypt 似乎在质询文件上返回了 204。通常的错误是将 AAAA 记录发送到与 A 记录不同的服务器,而 traefik 仅在 A 记录服务器上提供挑战文件。