Sticky: How to troubleshoot E_FAIL_DRY_CHALLENGE #4
読み込み中…
新しいイシューから参照
説明はありません。
ブランチ "%!s(<nil>)" の削除
ブランチの削除は恒久的です。 実際に削除されるまでの短い期間、ブランチが存在したままになることもありますが、たいていは元に戻すことはできません。 続行しますか?
ブランチの削除は恒久的です。 実際に削除されるまでの短い期間、ブランチが存在したままになることもありますが、たいていは元に戻すことはできません。 続行しますか?
E_FAIL_DRY_CHALLENGE
In order to decrease the likelihood of being blocked for hitting bad request rate limits I implemented a "dry run" to catch errors before the real request is made to the ACME server.
Failed HTTP-01 Dry Run
Basically this means that
curl https://whatever.com/.well-known/acme-challenge/<<token>>
did not return a valid<<keyAuthorization>>
Common reasons for failure:
le-challenge-....
module is not properly configured or wasn't tested by the author before the latest releaseFailed DNS-01 Dry Run
Basically this means that
dig TXT _acme-challenge.whatever.com
did not return the appropriate<<keyAuthorizationHash>>
challenge record in the list of TXT records queried at your nameserver.Common reasons for failure:
dig +trace TXT _acme-challenge.whatever.com
a few times on the server before trying againle-challenge-....
module is not properly configured or wasn't tested by the author before the latest release and isn't actually adding the proper records_acme-challenge
DNS record was magically deleted... ?Triggering Errors (on purpose) for Testing
You can literally use
example.com
in this instance.This will cause curl to set the https SNI (servername indicator) to "example.com" while resolving it to your local server.
Meanwhile, 'example.com' actually has an address that resolves to something that isn't 127.0.0.1, which means that it will create the error state of not being able to fetch the challenge.
If you try this with a name that doesn't exist, you won't get far enough in the process to trigger the error you're intending to trigger. You can spoof this by adding that domain to your
/etc/hosts
:It's important that you don't set the IP to a local address, otherwise it will succeed instead of failing.
Then you still need to use the same curl trick from above:
Sticky: How to troubleshoot E_PREFAIL_CHALLENGEから Sticky: How to troubleshoot E_FAIL_DRY_CHALLENGE に変更