今天突然收到一封SSL证书监控的告警邮件,翻开内容原来证书过期了。该网站的SSL证书是let’s encrypt免费证书,有效期3个月,但我已经使用acme脚本配置了自动更新,一年多运行下来也没有出现过问题。只能登录服务器查看原因了。发现日志中有类似“It seems the CA server is busy now, let’s wait and retry. Sleeping 1 seconds.”的错误,这个错误导致证书没有定时更新。
[Mon Jan 6 00:46:02 CST 2020] Renew: 'nbhao.org'
[Mon Jan 6 00:46:03 CST 2020] Multi domain='DNS:nbhao.org,DNS:*.nbhao.org'
[Mon Jan 6 00:46:03 CST 2020] Getting domain auth token for each domain
[Mon Jan 6 00:51:03 CST 2020] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Mon Jan 6 00:56:07 CST 2020] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Mon Jan 6 01:01:10 CST 2020] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Mon Jan 6 01:06:11 CST 2020] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Mon Jan 6 01:11:13 CST 2020] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Mon Jan 6 01:16:18 CST 2020] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Mon Jan 6 01:21:23 CST 2020] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.根据错误提示,字面上的意思是CA服务器连接出现了问题。但是let’s encrypt作为全球最知名的免费SSL证书,CA服务器应该不大可能出现问题,即使出现问题,应该也会抓紧恢复,不会那么多天过去还无法连接。最后去官方找到新闻,找资料,发现let’s encrypt升级了api的cdn。那么问题应该好办了,尝试升级acme脚本。
cd /root/jobs/acme
./acme.sh --upgrade升级成功
再次运行更新ssl证书的计划任务,问题解决。
为了防止这个问题再次出现,添加定时更新脚本的计划任务,再添加这个https网站的ssl证书监控。
如果有碰到相同问题无法解决,其他SSL证书的问题或购买,欢迎咨询。
参考文章:
《非80端口不支持Http验证域名签发let’s encrypt ssl证书》:http://blog.nbqykj.cn/?p=2633.html
《Zabbix 增加HTTPS网站SSL证书过期时间监控》:http://blog.nbqykj.cn/?p=3106.html
正文完
微信搜一搜“奇悦电脑科技”或扫描二维码关注我们
文章不错非常喜欢
买快递单号,上单号购买网 http://www.danhw.com