在免費(fèi)SSL證書更新報(bào)告發(fā)現(xiàn)錯(cuò)誤,可以用本文的辦法解決,官方技術(shù)翻譯
故障現(xiàn)象:
Nonce is empty. Exiting. dig output of acme-v01.api.letsencrypt.org
故障現(xiàn)象:
Nonce is empty. Exiting. dig output of acme-v01.api.letsencrypt.org
When creating a certificate, if you get the error:
Getting challenge for server.yourhost.com from acme-server...
Nonce is empty. Exiting. dig output of acme-v01.api.letsencrypt.org:
api.letsencrypt.org.edgekey.net.
e981.dscb.akamaiedge.net.
1.2.3.4
Full nonce request output:
報(bào)告顯示這可能是由于
"FULL_NONCE="`${CURL} ${CURL_OPTIONS} --silent -I ${API}/directory`": /usr/local/bin/curl --connect-timeout 15 -k -I https://acme-v01.api.letsencrypt.org/directory
引發(fā)錯(cuò)誤
curl: (43) CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!
這可能意味著您的curl版本比較舊,應(yīng)該進(jìn)行更新。 您可以使用custombuild做到這一點(diǎn):
cd /usr/local/directadmin/custombuild
./build update
./build curl
由于類似的報(bào)告與針對(duì)基于RPM的curl庫(kù)的CustomBuild curl鏈接有關(guān),例如:
[root@server scripts]# /usr/local/bin/curl --connect-timeout 15 -k -I https://acme-v01.api.letsencrypt.org/directory
curl: (48) An unknown option was passed in to libcurl
[root@server scripts]# ldd /usr/local/bin/curl | grep curl
? ? ? ?libcurl.so.4 => /lib64/libcurl.so.4 (0x00007fdd1411a000)
where it should be /usr/local/lib/libcurl.so.4.
為了解決這個(gè)問題,remove the libcurl-devel rpm, re-compile curl and run ldconfig
rpm -e libcurl-devel
cd /usr/local/directadmin/custombuild
./build curl
ldconfig
并確認(rèn):
[root@server custombuild]# ldd /usr/local/bin/curl | grep curl
? ? ? ?libcurl.so.4 => /usr/local/lib/libcurl.so.4 (0x00007f17c3cd5000)
報(bào)告的Debian / Ubuntu解決方案
Edit
/etc/ld.so.conf
并更改路徑的順序,因此/usr/local/lib更高,因此文件如下所示:
/usr/local/lib/
include /etc/ld.so.conf.d/*.conf
保存,然后運(yùn)行
ldconfig
我們尚未對(duì)此進(jìn)行測(cè)試,因?yàn)樗赡軙?huì)影響系統(tǒng)二進(jìn)制文件使用的庫(kù)。 在注銷當(dāng)前ssh會(huì)話之前,請(qǐng)確保對(duì)所有內(nèi)容進(jìn)行全面測(cè)試,尤其是sshd(重新啟動(dòng)sshd服務(wù)器并測(cè)試登錄名)。
