ALL · 2017年6月10日

【转载】解决特定环境(centos6 openvz)下宝塔面板的SSL证书自动获取失败的问题

 原文地址

如有可能,请勿使用openvz的VPS,太他么蛋疼了。

官方提供的解决办法可能不适用于多种情况,比如我的
https://www.bt.cn/bbs/forum.php?mod=viewthread&tid=3049&extra=page%3D1%26filter%3Dtypeid%26typeid%3D10&page=1

例如,我的VPS压根就没有epel源,所以我们先安装一下

系统为centos6

yum install epel-release #EPEL官方源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo    #阿里云基础源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo    #阿里云epel源
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm    #remi源

yum clean all 清理缓存
yum makecache 生成列表

然后安装官方提示的方式安装

wget -O /www/server/panel/certbot-auto http://download.bt.cn/install/certbot-auto.init -T 5

chmod +x /www/server/panel/certbot-auto && /www/server/panel/certbot-auto -n

会出现各种错误,我们一一解决

You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command

pip版本太低,我们升级

pip install --upgrade pip

安装完后会提示Successfully installed pip-9.0.1

再运行官方的脚本,错误变得更多了

pip prints the following errors: 
=====================================================
DEPRECATION: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of pip will drop support for Python 2.6
Requirement already satisfied (use --upgrade to upgrade): argparse==1.4.0 in ./.local/share/letsencrypt/lib/python2.6/site-packages (from -r /tmp/tmp.WXO6ZH4OPv/letsencrypt-auto-requirements.txt (line 11))
Collecting pycparser==2.14 (from -r /tmp/tmp.WXO6ZH4OPv/letsencrypt-auto-requirements.txt (line 17))
/root/.local/share/letsencrypt/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
/root/.local/share/letsencrypt/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  Could not fetch URL https://pypi.python.org/simple/pycparser/: There was a problem confirming the ssl certificate: [Errno 185090050] _ssl.c:330: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib - skipping
  Could not find a version that satisfies the requirement pycparser==2.14 (from -r /tmp/tmp.WXO6ZH4OPv/letsencrypt-auto-requirements.txt (line 17)) (from versions: )
No matching distribution found for pycparser==2.14 (from -r /tmp/tmp.WXO6ZH4OPv/letsencrypt-auto-requirements.txt (line 17))
/root/.local/share/letsencrypt/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3

但并不是我们做错了,继续修复

因为我们已经填了很多源,直接yum update
升级成功

Updated:
  libmcrypt.x86_64 0:2.5.8-9.el6         mcrypt.x86_64 0:2.6.8-10.el6         mhash.x86_64 0:0.9.

然后更新下python

yum update python*

更新完成

Updated:
  python.x86_64 0:2.6.6-66.el6_8        python-devel.x86_64 0:2.6.6-66.el6_8  python-libs.x86_64 0:2.6.6-66.el6_8 
  python-tools.x86_64 0:2.6.6-66.el6_8
Dependency Updated:
  tkinter.x86_64 0:2.6.6-66.el6_8   

Complete!

最后我们再运行官方的安装脚本,安装成功

Complete!
Creating virtual environment...
Installing Python packages...
Installation succeeded.

我们从面板点击更新证书,OK

为什么一定要从面板更新证书?
因为LE的证书有效期只有3个月,如果我们不使用自动更新,那么对后续的维护将是灾难性的
这样是我为什么开始使用宝塔面板而不再手动搭建环境。