论坛证书过期了,电脑没法访问

如题。而且火狐说论坛不允许非https访问…

1 个赞

@guanghui.qu

现在用Chromium上论坛中

already fixed…

4 个赞

刷了一天都上不去

一天手机和电脑都打不开论坛,现在终于打开了,原来是https原因,看来QQ群还是有用处,QQ基本没有过打不开的情况

没办法预警网站证书快过期了? Let’s Encrypt 证书有效期 90 天,过期前 30 天就能更新了,所以一个网站的证书有效期少于一个月的话就说明自动更新出了问题。

Caddy 自动更新证书。

自动更新肯定是设置了,只是可能不太靠谱,失败了也没提醒。

GitHub Action 支持 Cron job,我写了个脚本每天检查一次 Emacs China 的证书,如果快到期了,有效期少于 14 天,Action 就会失败,我就会收到邮件提醒。


https://elpa.zilongshanren.com 的证书还有十一天就到期了: /cc @zilongshanren

$ DATE=gdate ./cert-expire-alert.sh elpa.zilongshanren.com
ERROR Expire after 11.95 days, Jun 13 17:37:48 2020 GMT
2 个赞

阿里云的 renew 一直失败,你有空可以登上去看看是神马原因吗?

我试了下 /opt/letsencrypt/certbot-auto renew 报错 renew 失败:

Attempting to renew cert (elpa.zilongshanren.com) from /etc/letsencrypt/renewal/elpa.zilongshanren.com.conf produced an unexpected error: [Errno 28] No space left on device. Skipping.

完整输出
[email protected]:~# /opt/letsencrypt/certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/elpa.emacs-china.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OCSP check failed for /etc/letsencrypt/archive/elpa.emacs-china.org/cert18.pem (are we offline?)
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/ocsp.py", line 187, in _check_ocsp_cryptography
    timeout=timeout)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/api.py", line 116, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/adapters.py", line 504, in send
    raise ConnectTimeout(e, request=request)
ConnectTimeout: HTTPConnectionPool(host='ocsp.int-x3.letsencrypt.org', port=80): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f6c15d58d50>, 'Connection to ocsp.int-x3.letsencrypt.org timed out. (connect timeout=10)'))
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/elpa.zilongshanren.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OCSP check failed for /etc/letsencrypt/archive/elpa.zilongshanren.com/cert20.pem (are we offline?)
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/ocsp.py", line 187, in _check_ocsp_cryptography
    timeout=timeout)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/api.py", line 116, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/adapters.py", line 504, in send
    raise ConnectTimeout(e, request=request)
ConnectTimeout: HTTPConnectionPool(host='ocsp.int-x3.letsencrypt.org', port=80): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f6c124b95d0>, 'Connection to ocsp.int-x3.letsencrypt.org timed out. (connect timeout=10)'))
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for elpa.zilongshanren.com
Cleaning up challenges
Encountered exception during recovery:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/error_handler.py", line 125, in _call_registered
    self.funcs[-1]()
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 243, in _cleanup_challenges
    self.auth.cleanup(achalls)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/_internal/plugins/webroot.py", line 225, in cleanup
    self.performed[root_path].remove(achall)
KeyError: KeyAuthorizationAnnotatedChallenge(challb=ChallengeBody(chall=HTTP01(token='r\x1a\x9c\xad\x1c\xb4\x96\x00F\xe8\x84\xdf\xbe\xf0+\x90\xe0R\xb4\xbbFv\xe8\xa0*\xdc\xe7\xaem1\x81Z'), status=Status(pending), uri=u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/4935633621/JBX2TQ', validated=None, _url=u'https://acme-v02.api.letsencrypt.org/acme/chall-v3/4935633621/JBX2TQ', error=None), domain=u'elpa.zilongshanren.com', account_key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey object at 0x7f6c15d58d50>)>))
Attempting to renew cert (elpa.zilongshanren.com) from /etc/letsencrypt/renewal/elpa.zilongshanren.com.conf produced an unexpected error: [Errno 28] No space left on device. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/git.emacs-china.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OCSP check failed for /etc/letsencrypt/archive/git.emacs-china.org/cert17.pem (are we offline?)
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/ocsp.py", line 187, in _check_ocsp_cryptography
    timeout=timeout)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/api.py", line 116, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/adapters.py", line 504, in send
    raise ConnectTimeout(e, request=request)
ConnectTimeout: HTTPConnectionPool(host='ocsp.int-x3.letsencrypt.org', port=80): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f6c12453b10>, 'Connection to ocsp.int-x3.letsencrypt.org timed out. (connect timeout=10)'))
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/zilongshanren.com-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
OCSP check failed for /etc/letsencrypt/archive/zilongshanren.com-0001/cert2.pem (are we offline?)
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/ocsp.py", line 187, in _check_ocsp_cryptography
    timeout=timeout)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/api.py", line 116, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/requests/adapters.py", line 504, in send
    raise ConnectTimeout(e, request=request)
ConnectTimeout: HTTPConnectionPool(host='ocsp.int-x3.letsencrypt.org', port=80): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f6c15d585d0>, 'Connection to ocsp.int-x3.letsencrypt.org timed out. (connect timeout=10)'))
Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/elpa.zilongshanren.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/elpa.emacs-china.org/fullchain.pem expires on 2020-08-20 (skipped)
  /etc/letsencrypt/live/git.emacs-china.org/fullchain.pem expires on 2020-08-20 (skipped)
  /etc/letsencrypt/live/zilongshanren.com-0001/fullchain.pem expires on 2020-08-20 (skipped)
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/elpa.zilongshanren.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
[email protected]:~#

发现有 /mnt 满了,原来是我的锅,这个目录放着 Emacs China Elpa 的 HTTP 数据,不知道为什么当初我用了这个 /mnt,结果这个目录挂载一个只有 10 GB 的分区:

[email protected]:~# df -h
Filesystem      Size  Used Avail Use% Mounted on
udev            485M  4.0K  485M   1% /dev
tmpfs           100M  624K   99M   1% /run
/dev/vda1        40G   25G   13G  68% /
none            4.0K     0  4.0K   0% /sys/fs/cgroup
none            5.0M     0  5.0M   0% /run/lock
none            497M     0  497M   0% /run/shm
none            100M     0  100M   0% /run/user
/dev/vdb1       9.8G  9.8G     0 100% /mnt

ELPA 本身估计就几个 GB(少于 5 GB),之所以上面用了 10 GB,主要是因为我保存了 MELPA 的旧版本,结果本来 MELPA 本身就 400 MB,旧版本一天天积累起来把空间用完了。

刚刚我已经把旧版本都删了,重新成功更新了证书

$ DATE=gdate ./cert-expire-alert.sh elpa.zilongshanren.com
OK Expire after 89.95 days, Aug 31 04:07:41 2020 GMT
3 个赞