Warning: This Docker image is no longer receiving updates!
You should switch to the Docker images on Docker Hub at:
https://hub.docker.com/u/certbot
/opt/certbot/venv/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a release (2.7.7+) that supports hmac.compare_digest as soon as possible.
utils.PersistentlyDeprecated2018,
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
An unexpected error occurred:
SSLError: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
Please see the logfiles in /var/log/letsencrypt for more details.
curl -v报错
- Trying 172.65.32.248...
- Trying 2606:4700:60:0:f53d:5624:85c7:3a2c...
- Immediate connect fail for 2606:4700:60:0:f53d:5624:85c7:3a2c: Cannot assign requested address
- Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
- found 127 certificates in /etc/ssl/certs/ca-certificates.crt
- found 381 certificates in /etc/ssl/certs
- ALPN, offering http/1.1
- SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
- server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
- Closing connection 0
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: curl - SSL CA Certificates
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.