一键安装出错

[xfq]

服务器为 Vultr 的 Debian 12，未安装 nginx。本地为 macOS 14.7.2 下自带的 Terminal 和 OpenSSH。

安装选项及日志：

2. 安装 trojan/trojan-go 和 nginx, 支持CDN 开启websocket, trojan-go 运行在443端口

证书路径为默认路径/nginxweb/cert

域名指向的IP正确

1 Letsencrypt.org

1 http 申请方式

3. webroot 并使用ran作为临时的Web服务器

[Thu Jan 16 07:42:13 UTC 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Thu Jan 16 07:42:13 UTC 2025] Account key creation OK.
[Thu Jan 16 07:42:13 UTC 2025] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Thu Jan 16 07:42:14 UTC 2025] Registered
[Thu Jan 16 07:42:14 UTC 2025] ACCOUNT_THUMBPRINT='@@@@@@@@@'
[Thu Jan 16 07:42:14 UTC 2025] Creating domain key
[Thu Jan 16 07:42:14 UTC 2025] The domain key is here: /root/.acme.sh/@@@@.publicvm.com_ecc/@@@@.publicvm.com.key
[Thu Jan 16 07:42:14 UTC 2025] Single domain='@@@@.publicvm.com'
[Thu Jan 16 07:42:15 UTC 2025] Getting webroot for domain='@@@@.publicvm.com'
[Thu Jan 16 07:42:16 UTC 2025] Verifying: @@@@.publicvm.com
[Thu Jan 16 07:42:16 UTC 2025] Pending. The CA is processing your order, please wait. (1/30)
[Thu Jan 16 07:42:20 UTC 2025] Pending. The CA is processing your order, please wait. (2/30)
[Thu Jan 16 07:42:23 UTC 2025] Pending. The CA is processing your order, please wait. (3/30)
[Thu Jan 16 07:42:27 UTC 2025] @@@@.publicvm.com: Invalid status. Verification error details: 167.179.@@.@@: Fetching http://@@@@.publicvm.com/.well-known/acme-challenge/@@@@@@: Timeout during connect (likely firewall problem)
[Thu Jan 16 07:42:27 UTC 2025] Please add '--debug' or '--log' to see more information.
[Thu Jan 16 07:42:27 UTC 2025] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

[Thu Jan 16 07:42:32 UTC 2025] Installing key to: /nginxweb/cert/server.key
[Thu Jan 16 07:42:32 UTC 2025] Installing full chain to: /nginxweb/cert/server_fullchain.cert
cat: /root/.acme.sh/@@@@.publicvm.com_ecc/fullchain.cer: No such file or directory

 ==================================================

 ==================================================
 https证书没有申请成功，安装失败!
 请检查域名和DNS是否生效, 同一域名请不要一天内多次申请!
 请检查80和443端口是否开启, VPS服务商可能需要添加额外防火墙规则，例如阿里云、谷歌云等!
 重启VPS, 重新执行脚本, 可重新选择该项再次申请证书 !
 ==================================================

上面部分和域名/IP相关内容用@@@代替了。

用ping.pe试过IP的80和443端口，全是绿的没问题。Vultr里的防火墙选的是No Firewall（没有改过）。

[jinwyp]

@@@@.publicvm.com

你的域名输入的有问题吧？

[xfq]

域名没问题。

上面我提到了，和我的域名/IP相关内容我用@@@代替了。

[jinwyp]

[Thu Jan 16 07:42:16 UTC 2025] Pending. The CA is processing your order, please wait. (1/30)
[Thu Jan 16 07:42:20 UTC 2025] Pending. The CA is processing your order, please wait. (2/30)
[Thu Jan 16 07:42:23 UTC 2025] Pending. The CA is processing your order, please wait. (3/30)
[Thu Jan 16 07:42:27 UTC 2025] @@@@.publicvm.com: Invalid status. Verification error details: 167.179.@@.@@: Fetching http://@@@@.publicvm.com/.well-known/acme-challenge/@@@@@@: Timeout during connect (likely firewall problem)

你域名申请证书出现问题， 具体看一下域名是否指向vps的ip

[xfq]

域名指向的IP没问题。

[jinwyp]

(likely firewall problem) 看下机器的端口80 和 443 是否被占用, 防火墙是否关闭

用ping.pe试过IP的80和443端口绿的就是不对的,被占用了, 应该是红的没有响应才对, 这时候再申请域名运行acme的时候才可以启动端口用来申请域名

[xfq]

好的，应该怎么调试解决呢？

[jinwyp]

sudo lsof -i :80
查看 linux 80端口 被哪个程序占用了

[xfq]

试了一下，没有任何输出：

root@vultr:~# sudo lsof -i :80
root@vultr:~# lsof -i :80
root@vultr:~# 

[jinwyp]

netstat -tulpn 同样可以看一下是否80 443 被占用
或在 选择 3. webroot 并使用ran作为临时的Web服务器 之前, 不选这项 选 1. 使用acme自带的web服务器 试试