Acme letsencrypt проблемы при продлении серта с мультидоменом.
-
В Domain SAN list указано 2 домена bla.com b *.bla.com
[Mon Mar 28 12:19:47 MSK 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory [Mon Mar 28 12:19:47 MSK 2022] Multi domain='DNS:bla.com,DNS:*.bla.com' [Mon Mar 28 12:19:47 MSK 2022] Getting domain auth token for each domain [Mon Mar 28 12:19:51 MSK 2022] Getting webroot for domain='bla.com' [Mon Mar 28 12:19:51 MSK 2022] Getting webroot for domain='*.bla.com' [Mon Mar 28 12:19:51 MSK 2022] Adding txt value: XXXXXXXXX for domain: _acme-challenge.bla.com [Mon Mar 28 12:19:51 MSK 2022] Adding TXT record to _acme-challenge.bla.com [Mon Mar 28 12:19:51 MSK 2022] The txt record is added: Success. [Mon Mar 28 12:19:51 MSK 2022] Let's check each DNS record now. Sleep 20 seconds first. [Mon Mar 28 12:20:11 MSK 2022] You can use '--dnssleep' to disable public dns checks. [Mon Mar 28 12:20:11 MSK 2022] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck [Mon Mar 28 12:20:11 MSK 2022] Checking bla.com for _acme-challenge.bla.com [Mon Mar 28 12:20:12 MSK 2022] Not valid yet, let's wait 10 seconds and check next one. [Mon Mar 28 12:20:23 MSK 2022] Let's wait 10 seconds and check again. [Mon Mar 28 12:20:33 MSK 2022] You can use '--dnssleep' to disable public dns checks. [Mon Mar 28 12:20:33 MSK 2022] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck [Mon Mar 28 12:20:33 MSK 2022] Checking bla.com for _acme-challenge.bla.com [Mon Mar 28 12:20:33 MSK 2022] Not valid yet, let's wait 10 seconds and check next one. [Mon Mar 28 12:20:43 MSK 2022] Let's wait 10 seconds and check again. [Mon Mar 28 12:20:53 MSK 2022] You can use '--dnssleep' to disable public dns checks. [Mon Mar 28 12:20:53 MSK 2022] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck [Mon Mar 28 12:20:54 MSK 2022] Checking bla.com for _acme-challenge.bla.com [Mon Mar 28 12:20:54 MSK 2022] Not valid yet, let's wait 10 seconds and check next one. [Mon Mar 28 12:21:04 MSK 2022] Let's wait 10 seconds and check again. [Mon Mar 28 12:21:14 MSK 2022] You can use '--dnssleep' to disable public dns checks. [Mon Mar 28 12:21:14 MSK 2022] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck [Mon Mar 28 12:21:14 MSK 2022] Checking bla.com for _acme-challenge.bla.com [Mon Mar 28 12:21:15 MSK 2022] Domain bla.com '_acme-challenge.bla.com' success. [Mon Mar 28 12:21:15 MSK 2022] All success, let's return [Mon Mar 28 12:21:15 MSK 2022] bla.com is already verified, skip dns-01. [Mon Mar 28 12:21:15 MSK 2022] Verifying: *.bla.com [Mon Mar 28 12:21:15 MSK 2022] Pending, The CA is processing your order, please just wait. (1/30) [Mon Mar 28 12:21:18 MSK 2022] Removing DNS records. [Mon Mar 28 12:21:18 MSK 2022] Removing txt: XXXXXXXXX for domain: _acme-challenge.bla.com [Mon Mar 28 12:21:18 MSK 2022] Deleting resource record _acme-challenge.bla.com [Mon Mar 28 12:21:19 MSK 2022] Removed: Success [Mon Mar 28 12:21:18 MSK 2022] *.bla.com:Verify error:During secondary validation: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.bla.com - check that a DNS record exists for this domain
Странно вдвойне. Сейчас оставил только bla.com и опять та же ошибка. На DNS (reg.ru) записи появляются,
-
@sirota Сегодня убрал мультидомайн оставив одну корневую запись и все взлетело. Почему вчера не взлетало с одной запись, и почему до этого получалось получать серт на мультидомайн... ума не приложу. В логах полнейшая ересть, при чем даже если делать получение руками.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.