Fatal编程技术网
  • nginx/
  • Letsencrypt证书过期NGinx续订疑难解答

Letsencrypt证书过期NGinx续订疑难解答

nginx dns

Letsencrypt证书过期NGinx续订疑难解答,nginx,dns,ssl-certificate,lets-encrypt,certbot,Nginx,Dns,Ssl Certificate,Lets Encrypt,Certbot,我在AWS上主持一个网站。我通过letsencrypt为我的域xxxxx.com以及www.xxxxx.com创建了SSL证书。(在这篇文章中,我为潜在的敏感信息添加了“xxxx”,但如果需要这些信息来帮助我,我可以提供) 大约一周前证书过期了。我正在尝试更新证书,这是我得到的: ubuntu:~$ sudo certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log Processing /etc/lets

我在AWS上主持一个网站。我通过letsencrypt为我的域xxxxx.com以及www.xxxxx.com创建了SSL证书。(在这篇文章中,我为潜在的敏感信息添加了“xxxx”,但如果需要这些信息来帮助我,我可以提供)

大约一周前证书过期了。我正在尝试更新证书,这是我得到的:

ubuntu:~$ sudo certbot renew

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/xxxxx.com.conf

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for xxxxx.com
tls-sni-01 challenge for www.xxxxx.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (xxxxx.com) from /etc/letsencrypt/renewal/xxxxx.com.conf produced an unexpected error: Failed authorization procedure. www.xxxxx.com (tls-sni-01): urn:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.xxxxx.com. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/xxxxx.com/fullchain.pem (failure)



All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/xxxxx.com/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.xxxxx.com
   Type:   None
   Detail: DNS problem: NXDOMAIN looking up A for www.xxxxx.com
最初的想法显然是我的A记录有问题。但执行dig命令会发现:

ubuntu:~$ dig xxxxx.com any

xxxxx.com.  60  IN  TXT "MS=msxxxxxx"
xxxxx.com.  60  IN  MX  0 xxxxx.mail.protection.outlook.com.
xxxxx.com.  60  IN  SOA ns-xxxx.awsdns-xx.org. awsdnshostmaster.amazon.com. x xxxx xxxx xxxxx xxxxx
xxxxx.com.  60  IN  NS  ns1.bdm.microsoftonline.com.
xxxxx.com.  60  IN  NS  ns2.bdm.microsoftonline.com.
xxxxx.com.  60  IN  NS  ns3.bdm.microsoftonline.com.
xxxxx.com.  60  IN  NS  ns4.bdm.microsoftonline.com.
xxxxx.com.  60  IN  A   xx.xx.xxx.xxx
以及:

因此,似乎有很多记录存在。是不是我的域名的www版本没有NS记录?我不知道如何解决这个问题。谢谢

您需要为www添加一个记录条目

www A xx.xxx.xx.xx
我认为这更适合服务器故障,因为这是服务器配置问题,而不是编程问题。但是,请先查看他们的帮助部分,如果有任何类似的问题,请进行搜索。好吧,您错过了www.xxxxx.com.thanking@DamirKasipovic的a区。你能详细说明一下吗?我该如何着手解决这个问题?通过(糟糕地)混淆名称,你会得到什么好处(除了没有那么好的答案)?不要使用
ANY
伪记录类型它肯定不会做你认为它会做的事情,它是一个糟糕且误导人的故障排除工具。使用
dig
时,请始终使用
@
指定要查询的名称服务器。你应该先查询权威的,然后才是递归的。不,CNAME是一种标准的DNS记录类型,它只有一种语法,它是两个名称之间的映射,而不是像你模糊的
x
似乎暗示的IP。是的,你正确地更正了答案。关于语法,我的意思是添加Cname记录的Ui可能会有所不同。 
www A xx.xxx.xx.xx