Let's Encrypt 和 华为云的DNS 不大兼容啊
DNS验证基本上失败率>90%,换了阿狸的DNS秒过,MLGBD... 本帖最后由 ccf 于 2020-10-21 22:28 编辑扫描了一下华为云的DNS,应该是不支持 echo capitalization 导致的
已发工单,需要对DNS服务器做调整,看看他们能否解决
[*]X Fatal error: Nameserver doesn't support echo capitalization. That's critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks "ExAmPlE.cOm", the name server must answer with the same name, not with "example.com". Creating Letsencrypt certificates isn't possible. Your name server provider must update the software.: ns1.huaweicloud-dns.cn / 43.254.0.68
[*]X Fatal error: Nameserver doesn't support echo capitalization. That's critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks "ExAmPlE.cOm", the name server must answer with the same name, not with "example.com". Creating Letsencrypt certificates isn't possible. Your name server provider must update the software.: ns1.huaweicloud-dns.com / 114.115.192.11
[*]X Fatal error: Nameserver doesn't support echo capitalization. That's critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks "ExAmPlE.cOm", the name server must answer with the same name, not with "example.com". Creating Letsencrypt certificates isn't possible. Your name server provider must update the software.: ns1.huaweicloud-dns.com / 139.9.224.17
[*]X Fatal error: Nameserver doesn't support echo capitalization. That's critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks "ExAmPlE.cOm", the name server must answer with the same name, not with "example.com". Creating Letsencrypt certificates isn't possible. Your name server provider must update the software.: ns1.huaweicloud-dns.net / 159.138.76.159
[*]X Fatal error: Nameserver doesn't support echo capitalization. That's critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks "ExAmPlE.cOm", the name server must answer with the same name, not with "example.com". Creating Letsencrypt certificates isn't possible. Your name server provider must update the software.: ns1.huaweicloud-dns.org
[*]X Fatal error: Nameserver doesn't support echo capitalization. That's critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks "ExAmPlE.cOm", the name server must answer with the same name, not with "example.com". Creating Letsencrypt certificates isn't possible. Your name server provider must update the software.: ns1.huaweicloud-dns.org / 159.138.17.59
[*]X Fatal error: Nameserver doesn't support echo capitalization. That's critical if you want to create Letsencrypt certificates. Read https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 (2008). If a dns client asks "ExAmPlE.cOm", the name server must answer with the same name, not with "example.com". Creating Letsencrypt certificates isn't possible. Your name server provider must update the software.: ns1.huaweicloud-dns.org / 159.138.77.159复制代码 是这样,所以我每次都要切腾讯DNS 折腾还是qq,阿里家吧
patch.gif
华为dns有优先级设置,还有4个ns,两个国内两个国外 本帖最后由 ccf 于 2020-10-21 11:53 编辑
By小酷 发表于 2020-10-21 11:42
华为dns有优先级设置,还有4个ns,两个国内两个国外
其他功能是不错,我这里是单纯说Let's的TXT验证,不管用华为国内国外,都失败
nslookup 查询没问题,但 Let's 的查询机制不一样
https://unboundtest.com/ 这里可以测试,和 Let's 的查询机制一样,TXT和CAA查询大概率失败,估计是DNS的兼容性有问题
ccf 发表于 2020-10-21 11:51
其他功能是不错,我这里是单纯说Let's的TXT验证,不管用华为国内国外,都失败
nslookup 查询没问题,但...
你如果有txt记录,建议全部写成一个,因为华为分开写记录集会变成轮训,写成一个才会全部显示
By小酷 发表于 2020-10-21 12:13
你如果有txt记录,建议全部写成一个,因为华为分开写记录集会变成轮训,写成一个才会全部显示 ...
我知道他这个机制,我都是写一个记录的,
但问题是,哪怕这个记录里面只有一行TXT,https://unboundtest.com/ 这里也大概率查询失败,Let's 就更完蛋了
而且 CAA 也是大概率查询失败
cry.gif
之前说要修的,结果现在都没修
king51 发表于 2020-10-21 12:53
之前说要修的,结果现在都没修
你发过工单么?
lol.gif
把需要签证书的域名套上cfp就行