acme/autocert: 无法满足域名的acme挑战:找不到可行的挑战类型。

huangapple go评论115阅读模式
英文:

acme/autocert: unable to satisfy acme challenges for domain: no viable challenge type found

问题

我正在尝试从Let's Encrypt获取TLS证书,以便通过HTTPS提供内容。

在我在GCP的VM实例上的服务器上运行代码并尝试从浏览器连接时,显示以下错误消息:
acme/autocert: 无法满足域名"www.mydomain.com"的"https://acme-v02.api.letsencrypt.org/acme/authz-v3/..."的要求:找不到可行的挑战类型

然后我按照终端中显示的acme-v02.api链接,显示如下:

{
  "identifier": {
    "type": "dns",
    "value": "www.mydomain.com"
  },
  "status": "deactivated",
  "expires": "2022-06-01T12:37:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/...",
      "token": "..."
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/...",
      "token": "..."
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/...",
      "token": "..."
    }
  ]
}

注意:我使用...来隐藏值,因为我认为这些信息对解决问题不是必要的。如果需要这些信息,请告诉我。

英文:

I trying to obtain a TLS certificate from Let's Encrypt in order to serve content over HTTPS.

After I run the code on the server in the VM instance on GCP, and tried to connect to it from my browser, the following error message is shown
acme/autocert: unable to satisfy "https://acme-v02.api.letsencrypt.org/acme/authz-v3/..." for domain "www.mydomain.com": no viable challenge type found

Then I followed the acme-v02.api link shown in the terminal, and the following is shown:

{
  "identifier": {
    "type": "dns",
    "value": "www.mydomain.com"
  },
  "status": "deactivated",
  "expires": "2022-06-01T12:37:05Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/...",
      "token": "..."
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/...",
      "token": "..."
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/...",
      "token": "..."
    }
  ]
}

Note: the ... is used to obscure the values as I don't think the information is necessary to solve the problem. Please let me know if they are needed.

答案1

得分: 1

直到我意识到我的 DNS 服务器没有为我的主机设置 CAA 记录 条目,我才解决了同样的问题。我记得去年我的设置是有效的,但可能是我犯了一个错误,或者我的 DNS 服务丢失了那个记录。无论原因如何,错误信息并没有提供太多帮助。此外,根据我在网上看到的信息,这个失败可能有很多其他原因,所以请对我的解决方案持保留态度。

英文:

I had the same problem until I realized my DNS server didn't have a CAA record entry for my host that would have allowed Let's Encrypt. I could have sworn I used to have it as my setup had worked last year. But either I made a mistake or my DNS service lost track of that record. Whatever the cause, the error message wasn't very helpful. Also, from what I see online, there are many other causes for this same failure so take my solution with a grain of salt.

答案2

得分: 0

问题是我错误地配置了从我的域名到我的服务器的重定向。

英文:

The problem was that I have configured a redirect from my domain name to my server by mistake.

huangapple
  • 本文由 发表于 2022年5月26日 00:28:54
  • 转载请务必保留本文链接:https://go.coder-hub.com/72381311.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定