V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
loveminds
V2EX  ›  DNS

Let's Encrypt 的 NXDOMAIN 机制到底是怎样的

  •  
  •   loveminds · 2018-03-26 11:39:53 +08:00 · 5339 次点击
    这是一个创建于 2432 天前的主题,其中的信息可能已经有所发展或是发生改变。
    程序是这个 https://oneinstack.com/faq/letsencrypt/ 基于 ACME
    直接添加单一的不带 www 的域名是没有问题的,一加 www 马上根就 NX,加泛域名根也 NX

    What Are You Doing?
    1. Use HTTP Only
    2. Use your own SSL Certificate and Key
    3. Use Let's Encrypt to Create SSL Certificate and Key
    q. Exit
    Please input the correct option: 3

    Please input domain(example: www.example.com): aaa.com
    domain=aaa.com

    Please input the directory for the domain:aaa.com :
    (Default directory: /data/wwwroot/aaa.com):
    Virtual Host Directory=/data/wwwroot/aaa.com

    Create Virtul Host directory......
    set permissions of Virtual Host directory......

    Do you want to add more domain name? [y/n]: y

    Type domainname or IP(example: example.com other.example.com): www.aaa.com
    domain list=www.aaa.com

    Let's Encrypt Verify error! DNS problem: NXDOMAIN looking up A for aaa.com


    # dig aaa.com

    ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> aaa.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63822
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ;; QUESTION SECTION:
    ;aaa.com. IN A

    ;; ANSWER SECTION:
    aaa.com. 599 IN A 192.74.251.xx

    ;; Query time: 285 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Mon Mar 26 11:38:26 CST 2018
    ;; MSG SIZE rcvd: 53


    # dig www.aaa.com

    ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> www.aaa.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27594
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ;; QUESTION SECTION:
    ;www.aaa.com. IN A

    ;; ANSWER SECTION:
    www.aaa.com. 599 IN A 192.74.251.xx

    ;; Query time: 309 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Mon Mar 26 11:38:45 CST 2018
    ;; MSG SIZE rcvd: 57
    2 条回复    2018-03-30 16:08:19 +08:00
    loveminds
        1
    loveminds  
    OP
       2018-03-26 12:58:19 +08:00
    一直非常奇怪的一件事,不加 www 这个第二域名的情况下,并不会 NX
    What Are You Doing?
    1. Use HTTP Only
    2. Use your own SSL Certificate and Key
    3. Use Let's Encrypt to Create SSL Certificate and Key
    q. Exit
    Please input the correct option: 3

    Please input domain(example: www.example.com): aaa.com
    domain=aaa.com

    Please input the directory for the domain:aaa.com :
    (Default directory: /data/wwwroot/aaa.com):
    Virtual Host Directory=/data/wwwroot/aaa.com

    Create Virtul Host directory......
    set permissions of Virtual Host directory......

    Do you want to add more domain name? [y/n]: n

    Do you want to redirect all HTTP requests to HTTPS? [y/n]:
    yesono
        2
    yesono  
       2018-03-30 16:08:19 +08:00
    @loveminds 升级 oneinstack ~/oneinstack/upgrade.sh oneinstack, 再试试
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3102 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 13:48 · PVG 21:48 · LAX 05:48 · JFK 08:48
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.