Posted in问题解决

自动证书生成因可信根证书损坏而失败

No Comments

症状

通过Let’s Encrypt请求新证书失败。

在日志文件中,可以看到类似的错误:

2024-07-02 10:29:54.556000+00:00 parallelws awingu-worker-smc.service[python:2075552]: Saving debug log to /opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/logs/letsencrypt.log 2024-07-02 10:29:54.557886+00:00 parallelws awingu-worker-smc.service[python:2075552]: Plugins selected: Authenticator webroot, Installer None 2024-07-02 10:29:54.558396+00:00 parallelws awingu-worker-smc.service[python:2075552]: Registering without email! 2024-07-02 10:29:54.851680+00:00 parallelws awingu-worker-smc.service[python:2075552]: An unexpected error occurred: 2024-07-02 10:29:54.852245+00:00 parallelws awingu-worker-smc.service[python:2075552]: OpenSSL.SSL.Error: [('PEM routines', 'get_header_and_data', 'bad end line'), ('x509 certificate routines', 'X509_load_cert_crl_file', 'PEM lib')] 2024-07-02 10:29:54.852245+00:00 parallelws awingu-worker-smc.service[python:2075552]: Please see the logfiles in /opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/logs for more details. 2024-07-02 10:29:54.914947+00:00 parallelws awingu-worker-smc.service[manage.py:1351020]: Failed to generate certificate Traceback (most recent call last): File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/certificates/tasks.py", line 37, in generate_certificate_appliance subprocess.check_call(cmd) File "/opt/awingu-python3/lib/python3.11/subprocess.py", line 413, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['certbot', 'certonly', '-n', '--webroot', '--webroot-path', '/var/www/letsencrypt/', '--register-unsafely-without-email', '--agree-tos', '-d', 'workspace.somedomain.org', '--cert-path', '/opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/cert', '--key-path', '/opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/key', '--fullchain-path', '/opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/fullchain', '--chain-path', '/opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/chain', '--config-dir', '/opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/config', '--work-dir', '/opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/work', '--logs-dir', '/opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/logs']' returned non-zero exit status 1. 2024-07-02 10:29:54.916044+00:00 parallelws awingu-worker-smc.service[manage.py:1351020]: Task certificates.tasks.generate_certificate_appliance failed Traceback (most recent call last): File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/certificates/tasks.py", line 37, in generate_certificate_appliance subprocess.check_call(cmd) File "/opt/awingu-python3/lib/python3.11/subprocess.py", line 413, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['certbot', 'certonly', '-n', '--webroot', '--webroot-path', '/var/www/letsencrypt/', '--register-unsafely-without-email', '--agree-tos', '-d', 'workspace.somedomain.org', '--cert-path', '/opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/cert', '--key-path', '/opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/key', '--fullchain-path', '/opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/fullchain', '--chain-path', '/opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/chain', '--config-dir', '/opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/config', '--work-dir', '/opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/work', '--logs-dir', '/opt/awingu/letsencrypt/6bf67693-66e4-4172-9fa8-515ebf03a947/logs']' returned non-zero exit status 1.

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/django_q/cluster.py", line 448, in worker res = f(task["args"], *task["kwargs"]) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/certificates/tasks.py", line 40, in generate_certificate_appliance raise CertificateError() certificates.tasks.CertificateError 2024-07-02 10:29:54.949327+00:00 parallelws awingu-worker-smc.service[manage.py:11167]: Failed [arizona-lactose-alpha-lemon] -

病因

解决

系统设置>全局>连接性中上传一个有效的“受信任roots”文件。

Comments

No comments yet. Why don’t you start the discussion?

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注