在执行自动更新命令时,出错了,为如下提示
WARNING: unable to check for updates. Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/dajuan.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - OCSP check failed for /etc/letsencrypt/archive/dajuan.com/cert1.pem (are we offline?) Traceback (most recent call last): File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/ocsp.py", line 188, in _check_ocsp_cryptography timeout=timeout) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/api.py", line 119, in post return request('post', url, data=data, json=json, **kwargs) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/api.py", line 61, in request return session.request(method=method, url=url, **kwargs) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/sessions.py", line 530, in request resp = self.send(prep, **send_kwargs) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/sessions.py", line 643, in send r = adapter.send(request, **kwargs) File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/requests/adapters.py", line 516, in send raise ConnectionError(e, request=request) ConnectionError: HTTPConnectionPool(host='ocsp.int-x3.letsencrypt.org', port=80): Max retries exceeded with url: / (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 113] No route to host',)) Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/dajuan.com/fullchain.pem expires on 2020-11-25 (skipped) No renewals were attempted.
这是是首行的错误提示:
OCSP check failed for /etc/letsencrypt/archive/dajuan.com/cert1.pem (are we offline?)
经搜索原因:原因是 ocsp.int-x3.letsencrypt.org 的 cname 域名 a771.dscq.akamai.net 受到了干扰。
可以采用本地修改hosts的方案进行临时处理,在/etc/hosts中添加
23.32.3.72 ocsp.int-x3.letsencrypt.org
然后再执行
certbot-auto renew
就是如下的提示了
[root@VM-0-7-centos ~]# certbot-auto renew
WARNING: unable to check for updates.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/dajuan.com.conf
Cert not yet due for renewal
The following certs are not due for renewal yet:
/etc/letsencrypt/live/dajuan.com/fullchain.pem expires on 2020-11-25 (skipped)
No renewals were attempted.