用Certbot部署Let's Encrypt遇到的常见问题

相关部署:

文章搜集在Lets Encrypt部署时常见的问题,持续更新。

一 在使用Certbot命令时出现错误

Traceback (most recent call last):
  File "/usr/bin/certbot", line 9, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 570, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2687, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2341, in load
    return self.resolve()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2347, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 18, in <module>
    from certbot import account
  File "/usr/lib/python2.7/site-packages/certbot/account.py", line 18, in <module>
    from acme import messages
  File "/usr/lib/python2.7/site-packages/acme/messages.py", line 11, in <module>
    from acme import challenges
  File "/usr/lib/python2.7/site-packages/acme/challenges.py", line 12, in <module>
    import requests
  File "/usr/lib/python2.7/site-packages/requests/__init__.py", line 58, in <module>
    from . import utils
  File "/usr/lib/python2.7/site-packages/requests/utils.py", line 32, in <module>
    from .exceptions import InvalidURL
  File "/usr/lib/python2.7/site-packages/requests/exceptions.py", line 10, in <module>
    from .packages.urllib3.exceptions import HTTPError as BaseHTTPError
  File "/usr/lib/python2.7/site-packages/requests/packages/__init__.py", line 95, in load_module
    raise ImportError("No module named '%s'" % (name,))
ImportError: No module named 'requests.packages.urllib3'

看最后一行已经提醒的很明显了,缺失了python-urllib3包,由于版本过低引起的问题,可通过升级pip来解决这个问题:

pip install --upgrade pip

如果依旧得不到解决,可以使用命令

pip install --upgrade --force-reinstall 'requests==2.6.0' urllib3

重新安装。

二 站点在线验证失败

certbot --nginx -d yourdomain.com 命令会在线验证网站内容,如果在使用此命令过程中验证失败很可能是因为你的网站无法访问,下面为验证成功的提示:

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for yourdomain.com
http-01 challenge for www.yourdomain.com
Waiting for verification...
Cleaning up challenges

20191118更新补充

一个使用了腾讯云的站点(笔者在《》一文中有提过选择腾讯云内容分发的原因:腾讯云CDN没有额外收取https费用),这个站点不管是crontab自动更新,还是用/usr/sbin/certbot renew手动更新在执行证书的时候都在验证站点的时候出错:

Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/www.xxx.com/fullchain.pem (failure)

解决方法:

使用了CDN的情况在线验证失败需要将CNAME记录删除并添加A记录指向IP地址来实现更新,待证书续期成功后再绑回CDN的CNAME记录即可。

三 Challenge failed for yourdomain.com 错误

今天在添加一个用了阿里CDN的网站部署SSL的时候出现出错:

certbot --nginx -d www.gxxwj.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.gxxwj.com
Waiting for verification...
Challenge failed for domain www.gxxwj.com
http-01 challenge for www.gxxwj.com
Cleaning up challenges
Some challenges have failed.

网站是可以正常访问的,但是在部署SSL的时候就是无法通过验证,由于阿里CDN都是用CNAME转发到xxxx.w.kunlungr.com这个地址了,后来把A记录用IP地址解析后即可正常验证通过了。

Read Comments

  • 无处不难3 months ago0

    大佬我在用Certbot部署Let's Encrypt的时候也遇到了 Challenge failed for yourdomain.com 错误,遂找到了你这篇教程,我是用的freenom免费域名直接A记录IP地址解析的,过不了验证怎么办?

    • Julian2 months ago0

      你在服务器上用CURL先看看能不能正常访问站点?这个错误的引起原因是网站无法正常访问,检查一下DNS缓存确保网站能正常访问。

Post Comment