letsencrypt 生成证书卡顿超时 解析部分地区疑似被污染

执行命令，然后一直卡顿，也没提示

./letsencrypt.sh letsencrypt.conf
Generate CSR...domain.csr

查看脚本，38行是刚才提示的信息

38 echo "Generate CSR...$DOMAIN_CSR"
39
40 OPENSSL_CONF="/etc/ssl/openssl.cnf"
41
42 if [ ! -f "$OPENSSL_CONF" ];then
43     OPENSSL_CONF="/etc/pki/tls/openssl.cnf"
44     if [ ! -f "$OPENSSL_CONF" ];then
45         echo "Error, file openssl.cnf not found."
46         exit 1
47     fi
48 fi
49
50 openssl req -new -sha256 -key "$DOMAIN_KEY" -subj "/" -reqexts SAN -config <(cat $OPENSSL_CONF <(printf "[SAN]\nsubjectAltName=%s" "$DOMAINS")) > "$DOMAIN_CSR"
51
52 wget https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py -O $ACME_TINY -o /dev/null

猜测raw.githubusercontent.com可能超时，果然

[root@iZ2ze57zp7tzjwclifvht5Z aysen]# wget https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py
--2019-10-31 16:56:05--  https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 173.252.73.48
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|173.252.73.48|:443...

寻找之前解析ip，本地添加解析

151.101.0.133 raw.githubusercontent.com

再次执行，解决成功

./letsencrypt.sh letsencrypt.conf
Generate CSR...domian.csr
Parsing account key...
Parsing CSR...
Found domains: domian
Getting directory...
Directory found!
Registering account...
Already registered!
Creating new order...
Order created!
Verifying domian...
domian verified!
Signing certificate...
Certificate signed!
New cert: domian.crt has been generated

偶尔也会出现卡顿，重新执行就ok

./letsencrypt.sh letsencrypt.conf
Generate CSR...domain.csr
Parsing account key...
Parsing CSR...
Found domains: domain
Getting directory...
Directory found!
Registering account...
Already registered!
Creating new order...
Order created!
Verifying domain...
^CTraceback (most recent call last):
  File "/tmp/acme_tiny.py", line 198, in 
    main(sys.argv[1:])
  File "/tmp/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/tmp/acme_tiny.py", line 159, in get_crt
    order = _poll_until_not(order_headers['Location'], ["pending", "processing"], "Error checking order status")
  File "/tmp/acme_tiny.py", line 70, in _poll_until_not
    result, _, _ = _send_signed_request(url, None, err_msg)
  File "/tmp/acme_tiny.py", line 60, in _send_signed_request
    return _do_request(url, data=data.encode('utf8'), err_msg=err_msg, depth=depth)
  File "/tmp/acme_tiny.py", line 34, in _do_request
    resp = urlopen(Request(url, data=data, headers={"Content-Type": "application/jose+json", "User-Agent": "acme-tiny"}))
  File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib64/python2.7/urllib2.py", line 431, in open
    response = self._open(req, data)
  File "/usr/lib64/python2.7/urllib2.py", line 449, in _open
    '_open', req)
  File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/usr/lib64/python2.7/urllib2.py", line 1258, in https_open
    context=self._context, check_hostname=self._check_hostname)
  File "/usr/lib64/python2.7/urllib2.py", line 1217, in do_open
    r = h.getresponse(buffering=True)
  File "/usr/lib64/python2.7/httplib.py", line 1113, in getresponse
    response.begin()
  File "/usr/lib64/python2.7/httplib.py", line 444, in begin
    version, status, reason = self._read_status()
  File "/usr/lib64/python2.7/httplib.py", line 400, in _read_status
    line = self.fp.readline(_MAXLINE + 1)
  File "/usr/lib64/python2.7/socket.py", line 476, in readline
    data = self._sock.recv(self._rbufsize)
  File "/usr/lib64/python2.7/ssl.py", line 759, in recv
    return self.read(buflen)
  File "/usr/lib64/python2.7/ssl.py", line 653, in read
    v = self._sslobj.read(len or 1024)