Discourse 重复安装过程中的密钥签发问题

prtyaa 2023-12-29 21:48:45  51122

分类专栏：资讯

近期因为对服务器的平台进行切换和升级，在数据备份恢复的时候出现了不少问题，因此就进行了不少次数的重复安装。

在后面几次重复安装后，发现界面无法访问，通过使用命令 ./launcher logs app 查看安装的日志后发现 Let’s Encrypt 已经不再签发密钥了。原因是这个域名申请的密钥次数太多了。

这个对Discourse 的初级或者试验用户来说不是非常友好，因为你会有签发密钥安装的限制。

日志内容如下：

[Sun 04 Oct 2020 04:52:57 AM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
Error loading file ca.cer
[Sun 04 Oct 2020 04:52:58 AM UTC] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Sun 04 Oct 2020 04:52:58 AM UTC] Single domain='www.ossez.com'
[Sun 04 Oct 2020 04:52:58 AM UTC] Getting domain auth token for each domain
[Sun 04 Oct 2020 04:52:58 AM UTC] Create new order error. Le_OrderFinalize not found. {
  "type": "urn:ietf:params:acme:error:rateLimited",
  "detail": "Error creating new order :: too many certificates already issued for exact set of domains: www.ossez.com: see https://letsencrypt.org/docs/rate-limits/",
  "status": 429
}
[Sun 04 Oct 2020 04:52:58 AM UTC] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Sun 04 Oct 2020 04:52:59 AM UTC] Installing key to:/shared/ssl/www.ossez.com_ecc.key
[Sun 04 Oct 2020 04:52:59 AM UTC] Installing full chain to:/shared/ssl/www.ossez.com_ecc.cer
cat: /shared/letsencrypt/www.ossez.com_ecc/fullchain.cer: No such file or directory
Error loading file ca.cer
Error loading file ca.cer
Started runsvdir, PID is 2115
ok: run: redis: (pid 2123) 0s
nginx: [emerg] cannot load certificate "/shared/ssl/www.ossez.com.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
ok: run: postgres: (pid 2129) 0s
chgrp: invalid group: ‘syslog’
rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.
rsyslogd: activation of module imklog failed [v8.1901.0 try https://www.rsyslog.com/e/2145 ]
supervisor pid: 2124 unicorn pid: 2150
nginx: [emerg] cannot load certificate "/shared/ssl/www.ossez.com.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [emerg] cannot load certificate "/shared/ssl/www.ossez.com.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [emerg] cannot load certificate "/shared/ssl/www.ossez.com.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [emerg] cannot load certificate "/shared/ssl/www.ossez.com.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

通过访问密钥签发机构上面提供的信息了解到：Let’s Encrypt 针对一个域名只会在一定时间内签发 5 次，如果你超过了签发的次数，你需要 5 天后才能再次申请。