Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] openresty 因为 SSL 证书崩溃 #5007

Closed
boolean-dev opened this issue May 14, 2024 · 2 comments
Closed

[BUG] openresty 因为 SSL 证书崩溃 #5007

boolean-dev opened this issue May 14, 2024 · 2 comments
Assignees
@wanghe-fit2cloud
Labels
类型:问题

Comments

@boolean-dev
Copy link

boolean-dev commented May 14, 2024
edited

联系方式

jiantao.yan@qq.com

1Panel 版本

v1.10.7-lts

问题描述

目前我的 SSL 证书有在腾讯云申请的,也有直接在 1panle 上面自动申请的。
最近只要机器一重启,能进入 1panel 的页面,但是只要过几秒, 1panle 就无法访问了
图片

目前这是我的 SSL 证书的申请页面

图片

这个是 OpenResty 的日志

2024/05/14 09:22:27 [notice] 1#1: [lua] config.lua:71: ini_waf_info(): Load 1Panel WAF Version:1.0.0
2024/05/14 09:22:27 [notice] 1#1: using the "epoll" event method
2024/05/14 09:22:27 [notice] 1#1: openresty/1.21.4.3
2024/05/14 09:22:27 [notice] 1#1: built by gcc 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2) 
2024/05/14 09:22:27 [notice] 1#1: OS: Linux 5.15.0-71-generic
2024/05/14 09:22:27 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2024/05/14 09:22:27 [notice] 1#1: start worker processes
2024/05/14 09:22:27 [notice] 1#1: start worker process 7
2024/05/14 09:22:27 [notice] 1#1: start worker process 8
2024/05/14 09:22:27 [notice] 1#1: start cache manager process 9
2024/05/14 09:22:27 [notice] 1#1: start cache loader process 10
2024/05/14 09:22:27 [warn] 8#8: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/www/sites/bit.booleandev.xyz/ssl/fullchain.pem"
2024/05/14 09:23:27 [notice] 10#10: http file cache: /www/common/proxy/proxy_cache_dir 6.414M, bsize: 4096
2024/05/14 09:23:27 [notice] 1#1: signal 17 (SIGCHLD) received from 10
2024/05/14 09:23:27 [notice] 1#1: cache loader process 10 exited with code 0
2024/05/14 09:23:27 [notice] 1#1: signal 29 (SIGIO) received
2024/05/14 09:25:27 [warn] 8#8: no resolver defined to resolve ocsp.trust-provider.cn while requesting certificate status, responder: ocsp.trust-provider.cn, certificate: "/www/sites/1panel.booleandev.xyz/ssl/fullchain.pem"
2024/05/14 09:25:30 [error] 8#8: *233 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 113.215.189.198, server: 0.0.0.0:443
2024/05/14 09:25:34 [warn] 7#7: no resolver defined to resolve ocsp.trust-provider.cn while requesting certificate status, responder: ocsp.trust-provider.cn, certificate: "/www/sites/1panel.booleandev.xyz/ssl/fullchain.pem"
2024/05/14 09:27:02 [error] 8#8: *444 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 113.215.189.212, server: 0.0.0.0:443
2024/05/14 09:30:03 [crit] 8#8: *639 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 68.183.76.246, server: 0.0.0.0:443

但有一点很奇怪,我这边啥也没做,我直接用 IP 进行访问,它过一会又自动恢复了

重现步骤

自己申请的 SSL 证书和 1panle 申请的证书,同事存在,且重启服务器,我猜是这样

期待的正确结果

No response

相关日志输出

2024/05/14 09:22:27 [notice] 1#1: [lua] config.lua:71: ini_waf_info(): Load 1Panel WAF Version:1.0.0
2024/05/14 09:22:27 [notice] 1#1: using the "epoll" event method
2024/05/14 09:22:27 [notice] 1#1: openresty/1.21.4.3
2024/05/14 09:22:27 [notice] 1#1: built by gcc 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.2) 
2024/05/14 09:22:27 [notice] 1#1: OS: Linux 5.15.0-71-generic
2024/05/14 09:22:27 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2024/05/14 09:22:27 [notice] 1#1: start worker processes
2024/05/14 09:22:27 [notice] 1#1: start worker process 7
2024/05/14 09:22:27 [notice] 1#1: start worker process 8
2024/05/14 09:22:27 [notice] 1#1: start cache manager process 9
2024/05/14 09:22:27 [notice] 1#1: start cache loader process 10
2024/05/14 09:22:27 [warn] 8#8: no resolver defined to resolve r3.o.lencr.org while requesting certificate status, responder: r3.o.lencr.org, certificate: "/www/sites/bit.booleandev.xyz/ssl/fullchain.pem"
2024/05/14 09:23:27 [notice] 10#10: http file cache: /www/common/proxy/proxy_cache_dir 6.414M, bsize: 4096
2024/05/14 09:23:27 [notice] 1#1: signal 17 (SIGCHLD) received from 10
2024/05/14 09:23:27 [notice] 1#1: cache loader process 10 exited with code 0
2024/05/14 09:23:27 [notice] 1#1: signal 29 (SIGIO) received
2024/05/14 09:25:27 [warn] 8#8: no resolver defined to resolve ocsp.trust-provider.cn while requesting certificate status, responder: ocsp.trust-provider.cn, certificate: "/www/sites/1panel.booleandev.xyz/ssl/fullchain.pem"
2024/05/14 09:25:30 [error] 8#8: *233 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 113.215.189.198, server: 0.0.0.0:443
2024/05/14 09:25:34 [warn] 7#7: no resolver defined to resolve ocsp.trust-provider.cn while requesting certificate status, responder: ocsp.trust-provider.cn, certificate: "/www/sites/1panel.booleandev.xyz/ssl/fullchain.pem"
2024/05/14 09:27:02 [error] 8#8: *444 cannot load certificate "data:": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE) while SSL handshaking, client: 113.215.189.212, server: 0.0.0.0:443
2024/05/14 09:30:03 [crit] 8#8: *639 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 68.183.76.246, server: 0.0.0.0:443

附加信息

No response
@zhengkunwang223
Copy link
Collaborator

高级功能-WAF-全局设置 把 WAF 关了试试

@boolean-dev
Copy link
Author

好的,我试一试

@1Panel-dev 1Panel-dev locked and limited conversation to collaborators May 20, 2024
@wanghe-fit2cloud wanghe-fit2cloud converted this issue into discussion #5057 May 20, 2024

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees

@wanghe-fit2cloud wanghe-fit2cloud

Labels
类型:问题
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@boolean-dev @zhengkunwang223 @wanghe-fit2cloud