starred/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2026-04-25 08:45:58 +03:00
Code Issues 618 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #321] 签发证书时能否增加DNS记录的检测时间? #177

New issue
Closed
opened 2026-02-26 12:07:32 +03:00 by kerem · 8 comments
kerem commented 2026-02-26 12:07:32 +03:00
Owner
Copy link

Originally created by @jearton on GitHub (Feb 28, 2024).
Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/321

签发证书的成功率有点低,50%都不到,全都是因为DNS记录检测超时导致的。我用的阿里云DNS凭证

Originally created by @jearton on GitHub (Feb 28, 2024). Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/321 签发证书的成功率有点低,50%都不到,全都是因为DNS记录检测超时导致的。我用的阿里云DNS凭证
kerem 2026-02-26 12:07:32 +03:00
kerem commented 2026-02-26 12:07:32 +03:00
Author
Owner
Copy link

@0xJacky commented on GitHub (Feb 28, 2024):

可以试下配置一下环境变量

image
<!-- gh-comment-id:1968184409 --> @0xJacky commented on GitHub (Feb 28, 2024): 可以试下配置一下环境变量 <img width="632" alt="image" src="https://github.com/0xJacky/nginx-ui/assets/13096985/968909da-be6f-443f-949f-94bcd2e3bacb">
kerem commented 2026-02-26 12:07:32 +03:00
Author
Owner
Copy link

@0xJacky commented on GitHub (Feb 28, 2024):

对应 UI 里的几个值,我看 lego 的代码是会读取这个 env 的,这个我没法控制,实在不行建议给宿主机换个 DNS。我 CF 还没遇到失败的.

<!-- gh-comment-id:1968185080 --> @0xJacky commented on GitHub (Feb 28, 2024): 对应 UI 里的几个值,我看 lego 的代码是会读取这个 env 的,这个我没法控制,实在不行建议给宿主机换个 DNS。我 CF 还没遇到失败的.
kerem commented 2026-02-26 12:07:32 +03:00
Author
Owner
Copy link

@jearton commented on GitHub (Feb 28, 2024):

可以,有配置能自己控制时间就行

<!-- gh-comment-id:1968187524 --> @jearton commented on GitHub (Feb 28, 2024): 可以,有配置能自己控制时间就行
kerem commented 2026-02-26 12:07:32 +03:00
Author
Owner
Copy link

@jearton commented on GitHub (Feb 28, 2024):

@0xJacky 顺便请教一下,这个证书多久会自动续期?

<!-- gh-comment-id:1968189038 --> @jearton commented on GitHub (Feb 28, 2024): @0xJacky 顺便请教一下,这个证书多久会自动续期?
kerem commented 2026-02-26 12:07:32 +03:00
Author
Owner
Copy link

@0xJacky commented on GitHub (Feb 28, 2024):

目前是每7天重签,不过看起来在证书多的情况下会有问题 #319

<!-- gh-comment-id:1968189917 --> @0xJacky commented on GitHub (Feb 28, 2024): 目前是每7天重签,不过看起来在证书多的情况下会有问题 #319
kerem commented 2026-02-26 12:07:32 +03:00
Author
Owner
Copy link

@jearton commented on GitHub (Feb 28, 2024):

感觉有点频繁了,毕竟有3个月有效期呢,在过期前几天签就足够了吧。acme.sh 这个项目里是每2个月自动续签,而且续签万一失败,最好能发个机器人消息通知出来,通知到飞书,钉钉,slack这类办公软件里,不然感知不到

<!-- gh-comment-id:1968198958 --> @jearton commented on GitHub (Feb 28, 2024): 感觉有点频繁了,毕竟有3个月有效期呢,在过期前几天签就足够了吧。acme.sh 这个项目里是每2个月自动续签,而且续签万一失败,最好能发个机器人消息通知出来,通知到飞书,钉钉,slack这类办公软件里,不然感知不到
kerem commented 2026-02-26 12:07:32 +03:00
Author
Owner
Copy link

@0xJacky commented on GitHub (Feb 28, 2024):

目前,如果还剩半个月没能正常续签 let's encrypted 会给你发邮件的

<!-- gh-comment-id:1968208498 --> @0xJacky commented on GitHub (Feb 28, 2024): 目前,如果还剩半个月没能正常续签 let's encrypted 会给你发邮件的
kerem commented 2026-02-26 12:07:32 +03:00
Author
Owner
Copy link

@sofusskovgaard commented on GitHub (Feb 28, 2024):

Currently, if there is half a month left and the renewal fails, Let's Encrypt will send you an email.

@0xJacky as I mentioned in #319, you're never actually renewing the same certificate. Meaning the original certificate will run out every time and the user will receive an email every time no matter what. This also means you could receive up to 52 ish emails a year about certificates.

It feels a bit frequent. After all, it is valid for 3 months. It is enough to sign a few days before expiration. The acme.sh project automatically renews every 2 months, and if the renewal fails, it is best to send a robot message to notify it and notify it in office software such as Feishu, DingTalk, and Slack, otherwise, it will not be detected.

I agree with @jearton. Start trying to renew the certificate when it has 30 days left to live. If it fails the user should be notified by nginx-ui about the failing renewal. Retry for n days, if it fails or succeeds notify the user so they're informed and have a long time to take action.

I hope Google Translate didn't butcher your comments 🙏

<!-- gh-comment-id:1968556355 --> @sofusskovgaard commented on GitHub (Feb 28, 2024): > Currently, if there is half a month left and the renewal fails, Let's Encrypt will send you an email. @0xJacky as I mentioned in #319, you're never actually renewing the same certificate. Meaning the original certificate will run out every time and the user will receive an email every time no matter what. This also means you could receive up to 52 ish emails a year about certificates. > It feels a bit frequent. After all, it is valid for 3 months. It is enough to sign a few days before expiration. The acme.sh project automatically renews every 2 months, and if the renewal fails, it is best to send a robot message to notify it and notify it in office software such as Feishu, DingTalk, and Slack, otherwise, it will not be detected. I agree with @jearton. Start trying to renew the certificate when it has 30 days left to live. If it fails the user should be notified by nginx-ui about the failing renewal. Retry for `n` days, if it fails or succeeds notify the user so they're informed and have a long time to take action. *I hope Google Translate didn't butcher your comments 🙏*
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
weblate
main
renovate/uuid-14.x
renovate/typescript-6.x
renovate/all-minor-patch
cursor/interface-conversion-error-36ec
cursor/docker-api-stat-path-27ca
cursor/nginx-ui-disk-i-o-3d99
cursor/cloudflare-dns-comments-299c
cursor/access-log-dark-mode-font-dfdc
copilot/fix-ai-chat-title-error
cursor/propfind-method-logging-33b5
cursor/docker-client-version-update-d1b4
copilot/fix-nginx-ui-api-errors
cursor/update-x-forwarded-proto-header-handling-1223
cursor/fix-nginx-ui-issue-1455-gpt-5.1-codex-high-079c
cursor/update-nginx-ui-to-vue-3-gpt-5.1-codex-high-3100
cursor/investigate-nginx-ui-issue-1446-gpt-5.1-codex-high-2be0
v1
v2.3.8
v2.3.7
v2.3.6
v2.3.5
v2.3.4
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.1
v2.2.0-patch.1
v2.2.0
v2.1.17
v2.1.16
v2.1.15
v2.1.14
v2.1.13
v2.1.12
v2.1.11
v2.1.10
v2.1.9
v2.1.8
v2.1.7
v2.1.6
v2.1.5
v2.1.4-patch.1
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0-patch.1
v2.1.0
v2.1.0-rc.3
v2.1.0-rc.2
v2.1.0-rc.1
v2.1.0-beta.1
v2.0.2
v2.0.1
v2.0.0
v2.0.0-rc.8-patch.1
v2.0.0-rc.8
v2.0.0-rc.7-patch.6
v2.0.0-rc.7-patch.7
v2.0.0-rc.7-patch.8
v2.0.0-rc.7-patch.5
v2.0.0-rc.7-patch.4
v2.0.0-rc.7-patch.3
v2.0.0-rc.7-patch.2
v2.0.0-rc.7-patch.1
v2.0.0-rc.7
v2.0.0-rc.6-patch.5
v2.0.0-rc.6-patch.4
v2.0.0-rc.6-patch.3
v2.0.0-rc.6-patch.2
v2.0.0-rc.6-patch.1
v2.0.0-rc.6
v2.0.0-rc.5
v2.0.0-rc.4-patch.3
v2.0.0-rc.4-patch.2
v2.0.0-rc.4-patch.1
v2.0.0-rc.4
v2.0.0-rc.3-patch.1
v2.0.0-rc.3
v2.0.0-rc.2
v2.0.0-rc.1-patch.2
v2.0.0-rc.1-patch.1
v2.0.0-rc.1
v2.0.0-beta.42
v2.0.0-beta.41
v2.0.0-beta.40
v2.0.0-beta.39-risefront.6
v2.0.0-beta.39-risefront.5
v2.0.0-beta.39-risefront.4
v2.0.0-beta.39-risefront.3
v2.0.0-beta.39-risefront.2
v2.0.0-beta.39-risefront
v2.0.0-beta.39
v2.0.0-beta.38
v2.0.0-beta.37-patch.5
v2.0.0-beta.37-patch.3
v2.0.0-beta.37-patch.4
v2.0.0-beta.37-patch.2
v2.0.0-beta.37-patch.1
v2.0.0-beta.37
v2.0.0-beta.36
v2.0.0-beta.35
v2.0.0-beta.34
v2.0.0-beta.33
v2.0.0-beta.32-patch.1
v2.0.0-beta.32
v2.0.0-beta.31
v2.0.0-beta.30
v2.0.0-beta.29
v2.0.0-beta.28
v2.0.0-beta.27
v2.0.0-beta.26
v2.0.0-beta.25-patch.2
v2.0.0-beta.25-patch.1
v2.0.0-beta.25
v2.0.0-beta.24
v2.0.0-beta.23-patch.2
v2.0.0-beta.23-patch.1
v2.0.0-beta.23
v2.0.0-beta.22
v2.0.0-beta.21
v2.0.0-beta.20
v2.0.0-beta.19
v2.0.0-beta.18-patch.2
v2.0.0-beta.18-patch.1
v2.0.0-beta.18
v2.0.0-beta.17
v2.0.0-beta.16
v2.0.0-beta.15
v2.0.0-beta.14
v2.0.0-beta.13-patch
v2.0.0-beta.13
v2.0.0-beta.12
v2.0.0-beta.11
v2.0.0-beta.10-patch
v2.0.0-beta.10
v2.0.0-beta.9
v2.0.0-beta.8-patch
v2.0.0-beta.8
v2.0.0-beta.7
v2.0.0-beta.6-patch.2
v2.0.0-beta.6-patch
v2.0.0-beta.6
v2.0.0-beta.5-patch
v2.0.0-beta.5
v2.0.0-beta.4-patch
v2.0.0-beta.4
v2.0.0-beta.3
v2.0.0-beta.2
v2.0.0-beta.1
v1.9.9-4
v1.9.9-3
v1.9.9-2
v1.9.9
v1.9.9-1
v1.8.4-patch
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.9
v1.7.8
v1.7.7
v1.7.6
v1.7.5
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0-patch
v1.7.0
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.3
v1.6.2
v1.6.1
v1.6.0-fix
v1.6.0
v1.5.2
v1.5.1
v1.5.0
v1.5.0-beta9
v1.5.0-beta8
v1.5.0-beta7
v1.5.0-beta6
v1.5.0-beta5
v1.5.0-beta4-fix
v1.5.0-beta4
v1.5.0-beta3
v1.5.0-beta2
v1.5.0-beta1
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc1
v1.3.3-rc1
v1.3.2
v1.3.1-fix
v1.3.1
v1.3.0
v1.3.0-rc1
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc.3
v1.2.0-rc.2
v1.2.0-rc.1
v1.2.0-alpha.4
v1.2.0-alpha.3
v1.2.0-alpha.2
v1.1.0
Labels
Clear labels   
Q/A

   
bug

   
casdoor

   
dependencies

   
docker

   
documentation

   
duplicate

   
enhancement

   
help wanted

   
invalid

   
lego

   
platform:openwrt

   
platform:windows

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wontfix
No labels
Q/A
bug
casdoor
dependencies
docker
documentation
duplicate
enhancement
help wanted
invalid
lego
platform:openwrt
platform:windows
pull-request
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-ui#177
No description provided.