1. 首页
  2. 服务器运维
  3. Linux

Let’s encrypt更新SSL证书提示It seems the CA server is busy now的问题

今天突然收到一封SSL证书监控的告警邮件,翻开内容原来证书过期了。该网站的SSL证书是let’s encrypt免费证书,有效期3个月,但我已经使用acme脚本配置了自动更新,一年多运行下来也没有出现过问题。只能登录服务器查看原因了。发现日志中有类似“It seems the CA server is busy now, let’s wait and retry. Sleeping 1 seconds.”的错误,这个错误导致证书没有定时更新。

20200203155645

[Mon Jan  6 00:46:02 CST 2020] Renew: 'nbhao.org'
[Mon Jan  6 00:46:03 CST 2020] Multi domain='DNS:nbhao.org,DNS:*.nbhao.org'
[Mon Jan  6 00:46:03 CST 2020] Getting domain auth token for each domain
[Mon Jan  6 00:51:03 CST 2020] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Mon Jan  6 00:56:07 CST 2020] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Mon Jan  6 01:01:10 CST 2020] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Mon Jan  6 01:06:11 CST 2020] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Mon Jan  6 01:11:13 CST 2020] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Mon Jan  6 01:16:18 CST 2020] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Mon Jan  6 01:21:23 CST 2020] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.

根据错误提示,字面上的意思是CA服务器连接出现了问题。但是let’s encrypt作为全球最知名的免费SSL证书,CA服务器应该不大可能出现问题,即使出现问题,应该也会抓紧恢复,不会那么多天过去还无法连接。最后去官方找到新闻,找资料,发现let’s encrypt升级了api的cdn。那么问题应该好办了,尝试升级acme脚本。

cd /root/jobs/acme
./acme.sh --upgrade

升级成功

20200203160738

再次运行更新ssl证书的计划任务,问题解决。

20200203160925

为了防止这个问题再次出现,添加定时更新脚本的计划任务,再添加这个https网站的ssl证书监控

如果有碰到相同问题无法解决,其他SSL证书的问题或购买,欢迎咨询。

参考文章:

《非80端口不支持Http验证域名签发let’s encrypt ssl证书》:http://www.szl724.com/?p=2633.html

《Zabbix 增加HTTPS网站SSL证书过期时间监控》:http://www.szl724.com/?p=3106.html

原创文章,作者:章郎虫,如若转载,请注明出处:http://www.szl724.com/sysmaint/linux-os/3228.html

联系我们

0574-55011290

QQ:248687950

邮件:admin@nbhao.org

工作时间:周一至周五,9:00-18:00,节假日休息

QR code