自动摘要
正在生成中……
错误表现
日志内容大概如下:
2024/05/09 23:18:27 [error] 3310769#3310769: 18913 [lua] ssl_certificate.lua:260: set_response_cert(): auto-ssl: failed to set ocsp stapling for example.com - continuing anyway - failed to get ocsp response: OCSP responder query failed (http://r3.o.lencr.org): timeout, context: ssl_certificate_by_lua, client: 127.0.0.1, server: 127.0.0.1:4430
紧急重新申请证书
删除本地证书目录下的所有文件
rm -rf /etc/resty-auto-ssl/letsencrypt/certs/*
重启openresty, 如果还无法工作,再删除 /etc/resty-auto-ssl/storage/file 里面的文件。
rm -rf /etc/resty-auto-ssl/storage/file/*
进一步修复
修改 auto_ssl:set("renew_check_interval", 1600) ,默认是一天。
vi /etc/openresty/resty.http
init_by_lua_block {
auto_ssl = (require "resty.auto-ssl").new()
auto_ssl:set("renew_check_interval", 1600)
....
参考资料:
-
https://github.com/auto-ssl/lua-resty-auto-ssl/issues/239
-
https://github.com/auto-ssl/lua-resty-auto-ssl/issues/241