V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
deasty
V2EX  ›  SSL

certbot 不好用了,请各位帮忙看看该如何解决

  •  
  •   deasty · 2020-02-01 00:02:13 +08:00 · 2890 次点击
    这是一个创建于 1765 天前的主题,其中的信息可能已经有所发展或是发生改变。
    最开始提升说要 Python3.5+,我装了个 Python3.8.1,再运行 certbot 就下面这样了。


    # ./certbot-auto --no-bootstrap
    WARNING: unable to check for updates.
    Creating virtual environment...
    Installing Python packages...
    Traceback (most recent call last):
    File "/usr/local/python381/lib/python3.8/urllib/request.py", line 1319, in do_open
    h.request(req.get_method(), req.selector, req.data, headers,
    File "/usr/local/python381/lib/python3.8/http/client.py", line 1230, in request
    self._send_request(method, url, body, headers, encode_chunked)
    File "/usr/local/python381/lib/python3.8/http/client.py", line 1276, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
    File "/usr/local/python381/lib/python3.8/http/client.py", line 1225, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
    File "/usr/local/python381/lib/python3.8/http/client.py", line 1004, in _send_output
    self.send(msg)
    File "/usr/local/python381/lib/python3.8/http/client.py", line 944, in send
    self.connect()
    File "/usr/local/python381/lib/python3.8/http/client.py", line 1399, in connect
    self.sock = self._context.wrap_socket(self.sock,
    File "/usr/local/python381/lib/python3.8/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
    File "/usr/local/python381/lib/python3.8/ssl.py", line 1040, in _create
    self.do_handshake()
    File "/usr/local/python381/lib/python3.8/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
    ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
    File "/tmp/tmp.X1baStRu9w/pipstrap.py", line 177, in <module>
    sys.exit(main())
    File "/tmp/tmp.X1baStRu9w/pipstrap.py", line 155, in main
    downloads = [hashed_download(index_base + '/packages/' + path,
    File "/tmp/tmp.X1baStRu9w/pipstrap.py", line 155, in <listcomp>
    downloads = [hashed_download(index_base + '/packages/' + path,
    File "/tmp/tmp.X1baStRu9w/pipstrap.py", line 117, in hashed_download
    response = opener(using_https=parsed_url.scheme == 'https').open(url)
    File "/usr/local/python381/lib/python3.8/urllib/request.py", line 525, in open
    response = self._open(req, data)
    File "/usr/local/python381/lib/python3.8/urllib/request.py", line 542, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
    File "/usr/local/python381/lib/python3.8/urllib/request.py", line 502, in _call_chain
    result = func(*args)
    File "/usr/local/python381/lib/python3.8/urllib/request.py", line 1362, in https_open
    return self.do_open( http.client.HTTPSConnection, req,
    File "/usr/local/python381/lib/python3.8/urllib/request.py", line 1322, in do_open
    raise URLError(err)
    urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)>
    9 条回复    2020-06-23 03:37:30 +08:00
    l12ab
        1
    l12ab  
       2020-02-01 00:03:08 +08:00
    wwqgtxx
        2
    wwqgtxx  
       2020-02-01 01:53:52 +08:00 via iPhone
    ca-certificates 装了没
    manami
        3
    manami  
       2020-02-01 01:55:16 +08:00 via Android
    前不久用了 acme.sh 发现真香
    mingmeng
        4
    mingmeng  
       2020-02-01 11:50:01 +08:00 via Android
    建议 acme.sh 简单易用
    uncat
        5
    uncat  
       2020-02-01 13:07:53 +08:00
    你最好看一下你的签发目录下的目录树. 字面意思是你的证书文件夹内签发者的证书缺失了.
    uncat
        6
    uncat  
       2020-02-01 13:08:58 +08:00
    另外. 推荐 lego 作为新的 Let's encrypt 客户端.
    uncat
        7
    uncat  
       2020-02-01 13:09:18 +08:00
    deasty
        8
    deasty  
    OP
       2020-02-02 13:09:31 +08:00 via iPhone
    @uncat 目录树没问题啊,我这个是最近一次更新证书成功后就不好使了。
    Livid
        9
    Livid  
    MOD
       2020-06-23 03:37:30 +08:00
    Certbot 经常用着用着就炸了。

    推荐 acme.sh
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2580 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 32ms · UTC 10:13 · PVG 18:13 · LAX 02:13 · JFK 05:13
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.