在免费SSL证书更新报告发现错误,可以用本文的办法解决,官方技术翻译
故障现象:
Nonce is empty. Exiting. dig output of acme-v01.api.letsencrypt.org
When creating a certificate, if you get the error:
Getting challenge for server.yourhost.com from acme-server...
Nonce is empty. Exiting. dig output of acme-v01.api.letsencrypt.org:
api.letsencrypt.org.edgekey.net.
e981.dscb.akamaiedge.net.
1.2.3.4
Full nonce request output:
报告显示这可能是由于
"FULL_NONCE="`${CURL} ${CURL_OPTIONS} --silent -I ${API}/directory`": /usr/local/bin/curl --connect-timeout 15 -k -I https://acme-v01.api.letsencrypt.org/directory
引发错误
curl: (43) CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!
这可能意味着您的curl版本比较旧,应该进行更新。 您可以使用custombuild做到这一点:
cd /usr/local/directadmin/custombuild
./build update
./build curl
由于类似的报告与针对基于RPM的curl库的CustomBuild curl链接有关,例如:
[root@server scripts]# /usr/local/bin/curl --connect-timeout 15 -k -I https://acme-v01.api.letsencrypt.org/directory
curl: (48) An unknown option was passed in to libcurl
[root@server scripts]# ldd /usr/local/bin/curl | grep curl
libcurl.so.4 => /lib64/libcurl.so.4 (0x00007fdd1411a000)
where it should be /usr/local/lib/libcurl.so.4.
为了解决这个问题,remove the libcurl-devel rpm, re-compile curl and run ldconfig
rpm -e libcurl-devel
cd /usr/local/directadmin/custombuild
./build curl
ldconfig
并确认:
[root@server custombuild]# ldd /usr/local/bin/curl | grep curl
libcurl.so.4 => /usr/local/lib/libcurl.so.4 (0x00007f17c3cd5000)
Edit
/etc/ld.so.conf
并更改路径的顺序,因此/usr/local/lib更高,因此文件如下所示:
/usr/local/lib/
include /etc/ld.so.conf.d/*.conf
保存,然后运行
ldconfig
我们尚未对此进行测试,因为它可能会影响系统二进制文件使用的库。 在注销当前ssh会话之前,请确保对所有内容进行全面测试,尤其是sshd(重新启动sshd
服务器并测试登录名)。