个人中心
gpt4 book ai didi

php - phpbot在certbot工作时尽早执行

转载 作者:行者123 更新时间:2023-12-02 14:06:45 26 4
gpt4 key购买 nike

我正在使用phpseclib来实现对我的域的证书。

证书实施的典型过程如下:

[root@centos web]# sudo certbot --nginx -d somedomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for somedomain.com
Waiting for verification...
Cleaning up challenges
Resetting dropped connection: acme-v02.api.letsencrypt.org
Deploying Certificate to VirtualHost /home/admin/conf/web/somedomain.com.nginx.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /home/admin/conf/web/somedomain.com.nginx.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://somedomain.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=somedomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/somedomain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/somedomain.com/privkey.pem
   Your cert will expire on 2019-11-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le


相同命令的PHP脚本如下所示: 
<?php
$hostname = '192.168.1.1'; //my hosting ip
$username = 'root';
$password = 'somesecret'; //password

include('Net/SSH2.php');

$ssh = new Net_SSH2($hostname);
if (!$ssh->login($username, $password)) {
    exit('Login Failed');
}

echo $ssh->exec("sudo certbot --nginx -d somedomain.com");

我得到的输出: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Process finished with exit code 0

问题在于脚本应该等待特定的问题(“选择适当的数字[1-2],然后单击[输入](按'c'取消):”),然后输入2 ...

我试图使用ssh-> write()和ssh-> read(),但是输出是相同的。 
<?php
$hostname = '192.168.1.1'; //my hosting ip
$username = 'root';
$password = 'somesecret'; //password

include('Net/SSH2.php');

$ssh = new Net_SSH2($hostname);
if (!$ssh->login($username, $password)) {
    exit('Login Failed');
}

$ssh->write("sudo certbot --nginx -d somedomain.com");
echo $ssh->read("Select the appropriate number [1-2] then [enter] (press 'c' to cancel):");

结果: 
Last failed login: Sun Aug 25 21:04:23 CEST 2019 from 192.168.1.1 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Sun Aug 25 21:03:39 2019 from 192.168.1.1
sudo certbot --nginx -d somedomain.com[root@centos web]# sudo certbot --nginx -d somedomain.com 
Process finished with exit code 0

请建议在哪里继续搜索。

最佳答案

即使您最新的pastebin.com链接也不包含完整的SSH日志,但包含任何内容。其中包含的内容足以了解发生了什么:

<- NET_SSH2_MSG_CHANNEL_DATA (since last: 2.5204, network: 0.0001s)
00000000  00:00:00:02:00:00:00:3a:53:61:76:69:6e:67:20:64  .......:Saving d
00000010  65:62:75:67:20:6c:6f:67:20:74:6f:20:2f:76:61:72  ebug log to /var
00000020  2f:6c:6f:67:2f:6c:65:74:73:65:6e:63:72:79:70:74  /log/letsencrypt
00000030  2f:6c:65:74:73:65:6e:63:72:79:70:74:2e:6c:6f:67  /letsencrypt.log
00000040  0d:0a                                            ..

-> NET_SSH2_MSG_CHANNEL_EOF (since last: 7.4256, network: 0.0001s)
00000000  00:00:00:00                                      ....

phpseclib的默认超时为10s。 “保存调试日志”消息显示需要2.5秒,而下一行则显示... idk通常显示需要多长时间,但是phpseclib在大约7.5秒后就放弃了。 7.5s + 2.5s是10s,这是超时,因此为什么phpseclib关闭了连接。

我猜想certbot命令需要一段时间才能运行。

我的建议是执行以下任一操作:
  • 使用nohup
  • 通过执行$ssh->setTimeout(0);
    • 来禁用超时

    关于php - phpbot在certbot工作时尽早执行,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57648643/

    26 4 0
    文章推荐: amazon-web-services - 为什么Terraform SSH无法进入我的EC2实例?
    文章推荐: grails - Grails Stripe插件错误
    文章推荐: spring - Grails:错误org.springframework.boot.SpringApplication-应用启动失败
    文章推荐: git - 如何将 core.sshCommand 选项传播到子模块更新?
    行者123
    个人简介

    我是一名优秀的程序员,十分优秀!

    滴滴打车优惠券免费领取
    滴滴打车优惠券
    全站热门文章
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com