Lua-resty-auto-ssl: λ§λ£λ λλ©μΈμ΄ ν¬μ°©λμ§ μκ³ allow_domainμ΄ κ°±μ μ μ€νλμ§ μμ΅λλ€.
μλνλ μΈμ¦μ κ°±μ μ λν΄ λ κ°μ§ κ΄λ ¨ λ¬Έμ κ° λ°μνμ΅λλ€.
-Auto-sslμ λλ©μΈμ΄ μ ν¨νλ€κ³ μκ°νμ§λ§ νμ΄μ¦λ λλ©μΈμ΄ λͺ κ°μ μ μ λ§λ£λμ΄ μν μνλΌκ³ νμν©λλ€.
-allow_domainμ΄ μλ κ°±μ μ μν΄ μ€νλμ§ μλ κ² κ°μ΅λλ€.
λ§λ£λ λλ©μΈ(μ΄λμμλ νμΈλμ§ μμ)
WHOIS λ°μ΄ν°:
λ μ§μ€νΈλ¦¬ λ§λ£ λ μ§: 2018-05-22T01:19:25Z
λλ©μΈ μν: μν κΈ°κ° https://icann.org/epp#redemptionPeriod
2018/07/06 17:58:11 [error] 3233#3233: *42151 [lua] lets_encrypt.lua:41: issue_cert(): auto-ssl: dehydrated failed: env HOOK_SECRET=74b9b9da3dc257b6f00948fc00b9117beab9fb356fb129a22dd6893c18a9cca3 HOOK_SERVER_PORT=8999 /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated --cron --accept-terms --no-lock --domain www.expireddomain.com --challenge http-01 --config /etc/resty-auto-ssl/letsencrypt/config --hook /usr/local/openresty/luajit/bin/resty-auto-ssl/letsencrypt_hooks status: 256 out: # INFO: Using main config file /etc/resty-auto-ssl/letsencrypt/config
Processing www.expireddomain.com
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Aug 6 00:52:58 2018 GMT (Less than 30 days). Renewing!
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting authorization for www.expireddomain.com...
+ 1 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for www.expireddomain.com authorization...
Invalid challenge: DOMAIN=www.expireddomain.com RESPONSE={
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:dns",
"detail": "DNS problem: NXDOMAIN looking up A for www.expireddomain.com",
"status": 400
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/bP_FGFj0H6027YXEVXwUTr0hgPYU3p4ux70J03YgJcg/5508927882",
"token": "xBzqCypg7iDi6AUTXlmc65C8MtifK14wAQOjh76Z4ok",
"keyAuthorization": "xBzqCypg7iDi6AUTXlmc65C8MtifK14wAQOjh76Z4ok.BmCf6H2DAkLb8K_367ROMmY9nfcTaEk0ovuF_zhtU1M",
"validationRecord": [
{
"url": "http://www.expireddomain.com/.well-known/acme-challenge/xBzqCypg7iDi6AUTXlmc65C8MtifK14wAQOjh76Z4ok",
"hostname": "www.expireddomain.com",
"port": "80"
}
]
Allow_domainμ μλ κ°±μ μμ μ€νλμ§ μλ κ²μΌλ‘ 보μ
λλ€.
-λλ©μΈμ΄ λ€λ₯Έ μ 곡μ
μ²΄λ‘ μ΄μ λμ΄ λ μ΄μ λΉμ¬ μλ²λ‘ νμΈλμ§ μμ λ λ°μνλ λ¬Έμ μ
λλ€.
- μλ μΈμ¦μ κ°±μ μμ allow_domainμ μ€νν κ²½μ°μλ allow_domain μ€ν¬λ¦½νΈκ° DNS νμΈμ νμΈνκΈ° λλ¬Έμ λ§λ£λ λλ©μΈ λ¬Έμ λ ν΄κ²°λ©λλ€. letsencryptμμ λ³΄κ³ ν λλ‘ λΆλͺ
ν μ€ν¨ν©λλ€.
danDanV1
λͺ¨λ 7 λκΈ
λ§μ λλ©μΈμ κ±°μΉλ©΄μ λμΌν λ¬Έμ κ° λ°μνμΌλ©°, νμ©νκΈ° μ μ λλ©μΈμ νμΈνκΈ° μν΄ μλ μ½λλ₯Ό κ°±μ .luaμ refresh_check_cert ν¨μμ μΆκ°νμ΅λλ€. λν λ§€λ² λ°μνμ§ μλλ‘ λ§λ£λ λλ©μΈλ μμ ν©λλ€.
-- Verify domain before we issue a renewal request.
local allow_domain = auto_ssl_instance:get("allow_domain")
if not allow_domain(domain) then
ngx.log(ngx.NOTICE, "auto-ssl: domain not allowed - not renewing - ", domain)
return
end
brianlund
μ 2018λ
07μ 11μΌ
@brianlund κ°μ¬ν©λλ€.
μ체 ν¬ν¬λ₯Ό μ μ§ κ΄λ¦¬νμ§ μμλ λλλ‘ refresh_check_certλ₯Ό ꡬμ±ν μ μλ€λ©΄ μ’μ κ²μ λλ€.
danDanV1
μ 2018λ
07μ 14μΌ
λ¬Έμ μμ΄μ @edeis53
λλ μ΄κ²μΌλ‘ ν 리νμ€νΈλ₯Ό νκ³ λ§λ£λ μΈμ¦μ μμ μ§μμ λ§λ€λ €κ³ νμ΅λλ€. μ κ° ν΄κ²°ν μ μλμ§ νμΈνκ² μ΅λλ€.
brianlund
μ 2018λ
07μ 14μΌ
@brianlund
κ°±μ μ DNS μ€λ₯μμ λλ©μΈμ μ κ±°ν μ μμ΅λκΉ? #173μ μΈλΆμ 보
prionkor
μ 2019λ
06μ 28μΌ
@prionkor λ¬Έμ κ° ν΄κ²°λμ§ μμ΅λκΉ? https://github.com/GUI/lua-resty-auto-ssl/pull/128
brianlund
μ 2019λ
08μ 20μΌ
#176κ³Ό #128μ μ‘°ν© μ¬μ΄μ v0.13.0μμ μ΄κ²μ΄ μ ν΄κ²°λμ΄μΌ νλ€κ³ μκ°ν©λλ€. λ¬Έμ ν΄κ²°μ΄ μ€λ μ§μ°λμ΄ μ£μ‘ν©λλ€! κ·Έλμ λλ μ΄κ²μ λ«μ κ²μ΄μ§λ§, μ 릴리μ€μ λμμ μ¬μ ν λ―Έν΄κ²° λ¬Έμ κ° μμΌλ©΄ μλ €μ£Όμμμ€.
GUI
μ 2019λ
09μ 30μΌ
μ§κΈ μ€μΉνκ³ ν μ€νΈ μ€μ λλ€! λ³ν© λ° μΆμν΄μ£Όμ μ μ λ§ κ°μ¬ν©λλ€.
danDanV1
μ 2019λ
09μ 30μΌ
κ΄λ ¨ λ¬Έμ
jasonbouffard
Β·
6μ½λ©νΈ
discobean
Β·
8μ½λ©νΈ
sahildeliwala
Β·
16μ½λ©νΈ
brendon
Β·
9μ½λ©νΈ
prionkor
Β·
11μ½λ©νΈ
κ°μ₯ μ μ©ν λκΈ
λ¬Έμ μμ΄μ @edeis53
λλ μ΄κ²μΌλ‘ ν 리νμ€νΈλ₯Ό νκ³ λ§λ£λ μΈμ¦μ μμ μ§μμ λ§λ€λ €κ³ νμ΅λλ€. μ κ° ν΄κ²°ν μ μλμ§ νμΈνκ² μ΅λλ€.