Cloudflare导致SSL证书renew失败

/ 默认分类 / 0 / 203

使用certbot renew更新证书时出现以下错误

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/yuika.love.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for yuika.love
nginx: [error] invalid PID number "" in "/usr/local/nginx/logs/nginx.pid"
Waiting for verification...
**Challenge failed for domain yuika.love**
http-01 challenge for yuika.love
Cleaning up challenges
**Attempting to renew cert (yuika.love) from /etc/letsencrypt/renewal/yuika.love.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/yuika.love/fullchain.pem (failure)**

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/yuika.love/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: yuika.love
   Type:   unauthorized
   Detail: Invalid response from
   https://yuika.love/.well-known/acme-challenge/Vv1r_2-_ocbc6VTTgV1o94vrD3T8dbt8o1sicjzl1Dk
   [2606:4700:3036::681c:18d4]: "<html>\n<head><title>404 Not
   Found</title></head>\n<body>\n<center><h1>404 Not
   Found</h1></center>\n<hr><center>nginx</center>\n</bod"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

发现2606:4700:3036::681c:18d4这个没见过的ip地址 去搜了下发现是cloudflare的cdn服务器地址
于是跑去暂停cloudflare再renew就一切正常了

Responses