之前踩过这个坑,结果今天又花了我一个小时踩了同样的坑。
要不是同事一语点醒,我估计还得继续埋头google继续胡乱尝试。
给网站安装https证书,报如下错误:
Traceback (most recent call last): File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 600, in urlopen chunked=chunked) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 345, in _make_request self._validate_conn(conn) File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 846, in _validate_conn conn.connect() File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 326, in connect ssl_context=context) File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 325, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 445, in wrap_socket raise ssl.SSLError('bad handshake: %r' % e) ssl.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/requests/adapters.py", line 440, in sendtimeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 630, in urlopen
raise SSLError(e)
urllib3.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",) During handling of the above exception, another exception occurred: requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)
Please see the logfiles in /var/log/letsencrypt for more details.
主要提示就是:certificate verify failed,即证书校验失败。
google了半个多小时,也没能找到解决方法。
本次导致的原因是:
服务器时间不对,将时间校准
用date一查,居然2014年的时间,怪不得执行如下命令:
curl -v https://acme-v01.api.letsencrypt.org/directory
网上人家是请求成功,而我返回的含有Expired的提示。
经提醒,用如下命令校准下服务器时间,https证书就可以安装了。
date -s '2019-11-22 22:08:00'