نطاقه هو:
forums.penttbomb.com
نفذت الأمر التالي:
sudo ./launcher logs app
وأنتج المخرجات التالية:
سلسلة من الأخطاء تشير إلى أن Nginx غير قادر على تحميل شهادة ECC، مثل:
x86_64 arch detected.
run-parts: executing /etc/runit/1.d/00-ensure-links
run-parts: executing /etc/runit/1.d/00-fix-var-logs
run-parts: executing /etc/runit/1.d/01-cleanup-web-pids
run-parts: executing /etc/runit/1.d/anacron
run-parts: executing /etc/runit/1.d/cleanup-pids
Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
run-parts: executing /etc/runit/1.d/letsencrypt
[Wed Apr 2 11:11:20 PM UTC 2025] Domains not changed.
[Wed Apr 2 11:11:20 PM UTC 2025] Skip, Next renewal time is: 2025-05-31T22:45:14Z
[Wed Apr 2 11:11:20 PM UTC 2025] Add '--force' to force to renew.
[Wed Apr 2 11:11:20 PM UTC 2025] Installing key to: /shared/ssl/forums.penttbomb.com.key
[Wed Apr 2 11:11:20 PM UTC 2025] Installing full chain to: /shared/ssl/forums.penttbomb.com.cer
[Wed Apr 2 11:11:20 PM UTC 2025] Run reload cmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Wed Apr 2 11:11:20 PM UTC 2025] Reload error for :
[Wed Apr 2 11:11:21 PM UTC 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Apr 2 11:11:21 PM UTC 2025] Single domain='forums.penttbomb.com'
[Wed Apr 2 11:11:21 PM UTC 2025] Getting domain auth token for each domain
[Wed Apr 2 11:11:21 PM UTC 2025] Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "too many certificates (5) already issued for this exact set of domains in the last 168h0m0s, retry after 2025-04-04 02:21:19 UTC: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-exact-set-of-hostnames",
"status": 429
}
[Wed Apr 2 11:11:21 PM UTC 2025] Please check log file for more details: /shared/letsencrypt/acme.sh.log
Could not open file or uri for loading certificate from ca.cer
4097C1C5DA770000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file
4097C1C5DA770000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat(ca.cer)
Unable to load certificate
Error loading file /dev/fd/63
40871A5A507C0000:error:05800088:x509 certificate routines:X509_load_cert_crl_file_ex:no certificate or crl found:../crypto/x509/by_file.c:251:
[Wed Apr 2 11:11:22 PM UTC 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Apr 2 11:11:22 PM UTC 2025] Single domain='forums.penttbomb.com'
[Wed Apr 2 11:11:22 PM UTC 2025] Getting domain auth token for each domain
[Wed Apr 2 11:11:22 PM UTC 2025] Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rateLimited",
"detail": "too many certificates (5) already issued for this exact set of domains in the last 168h0m0s, retry after 2025-04-04 02:29:35 UTC: see https://letsencrypt.org/docs/rate-limits/#new-certificates-per-exact-set-of-hostnames",
"status": 429
}
[Wed Apr 2 11:11:23 PM UTC 2025] Please check log file for more details: /shared/letsencrypt/acme.sh.log
[Wed Apr 2 11:11:23 PM UTC 2025] Installing key to: /shared/ssl/forums.penttbomb.com_ecc.key
[Wed Apr 2 11:11:23 PM UTC 2025] Installing full chain to: /shared/ssl/forums.penttbomb.com_ecc.cer
cat: /shared/letsencrypt/forums.penttbomb.com_ecc/fullchain.cer: No such file or directory
Started runsvdir, PID is 1590
warning: redis: unable to open supervise/ok: file does not exist
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
ok: run: redis: (pid 1610) 1s
ok: run: postgres: (pid 1606) 1s
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
supervisor pid: 1623 unicorn pid: 1629
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
nginx: [warn] duplicate extension "wasm", content type: "application/wasm", previous content type: "application/wasm" in /etc/nginx/conf.d/discourse.conf:4
nginx: [emerg] cannot load certificate "/shared/ssl/forums.penttbomb.com_ecc.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
يظهر أيضًا رسائل حد معدل الطلبات من Let’s Encrypt (مثل: “تم إصدار شهادات كثيرة جدًا (5) بالفعل لمجموعة النطاقات الدقيقة هذه…”).
أنا أستخدم Nginx كجزء من تثبيت Docker الرسمي لـ Discourse. (إصدار Nginx هو المرفق مع صورة Discourse) ولا أعرف الإصدار أيضًا، حيث يظهر لي عند تشغيل الأمر أن Nginx غير موجود، ومع ذلك يظهر على HTTP ولكن ليس على HTTPS.
نظام التشغيل الذي يعمل عليه خادم الويب الخاص بي هو (بما في ذلك الإصدار):
يعمل المضيف على Ubuntu (على سبيل المثال: Ubuntu 20.04 LTS على VPS من Hetzner).
موفر الاستضافة الخاص بي، إن وجد، هو:
Hetzner
يمكنني تسجيل الدخول إلى موجه جذري (root shell) على جهازي:
نعم (لدي وصول sudo/root عبر SSH).
أستخدم لوحة تحكم لإدارة موقعي:
لا، أقوم بإدارته عبر سطر الأوامر وإعداد Docker الخاص بـ Discourse.
إصدار عميلي هو (على سبيل المثال: مخرج الأمر certbot --version أو certbot-auto --version إذا كنت تستخدم Certbot): لم تنجح هذه الأوامر معي على الإطلاق.
أستخدم acme.sh المدمج في إعداد Docker الخاص بـ Discourse (لم يتم تحديد الإصدار بشكل محدد).
لقد حاولت تشغيل تثبيت Discourse الخاص بي عبر HTTPS خلال الأيام الثلاثة أو الأربعة الماضية. أنا جديد جدًا في هذا المجال وقد كنت أحل هذه المشكلة بشكل متواصل، وأصبح الأمر ساحقًا جدًا بالنسبة لي. تم إصدار شهادة RSA وتثبيتها بنجاح، لكن شهادة ECC تفشل في التحميل — مما يتسبب في رفض Nginx للاتصالات عبر HTTPS. بالإضافة إلى ذلك، أواجه خطأ حد معدل الطلبات من Let’s Encrypt يمنع طلب شهادات إضافية.
هل يجب أن أنتظر حقًا أسبوعًا كاملًا حتى يعاد ضبط حد معدل الطلبات، أم هناك طريقة لتعطيل إصدار شهادات ECC تمامًا؟ أمس كانت الرسالة تقول “إعادة المحاولة بعد 2025-04-02 16:26:56 UTC”، ففعلت ذلك، والآن تقول “إعادة المحاولة بعد 2025-04-04 02:21:19 UTC”. أي توجيه لحل أي من هذه الأخطاء سيكون محل تقدير كبير.
شكرًا جزيلاً لمساعدتكم!
تحياتي