[GH-ISSUE #1314] 阿里云域名证书无法正常申请 #3827

New issue

Closed

opened 2026-02-28 11:57:54 +03:00 by kerem · 4 comments

kerem commented

2026-02-28 11:57:54 +03:00

Owner

Originally created by @767251930 on GitHub (Aug 17, 2025).
Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/1314

基本环境：
在本地内网（无公网IP）使用docker-compose部署的nginx-ui，
平时的使用习惯，使用了host模式，

services:
    nginx-ui:
        stdin_open: true
        tty: true
        container_name: nginx-ui
        restart: always
        environment:
            - TZ=Asia/Shanghai
        volumes:
            - './mnt/user/appdata/nginx:/etc/nginx'
            - './mnt/user/appdata/nginx-ui:/etc/nginx-ui'
            - './var/www:/var/www'
            - './var/run/docker.sock:/var/run/docker.sock'
        network_mode: "host"
       # ports:
       #    - 8080:80
       #     - 8443:443
        image: 'uozi/nginx-ui:latest'

只在阿里云上购买了wzksy.top的域名，没有阿里云ecs实例。DNS凭证中已经配置了对应的ALICLOUD_ACCESS_KEY和ALICLOUD_SECRET_KEY

下面是申请证书时的日志

正在获取证书，请稍等...

[Nginx UI] 正在准备 lego 配置

[Nginx UI] ACME 用户：System Initial User，邮箱：767251930@qq.com，CA 目录：https://acme-v02.api.letsencrypt.org/directory

[Nginx UI] 正在创建客户端用于与 CA 服务器通信

[Nginx UI] 正在设置 DNS01 验证提供程序

[Nginx UI] 正在设置环境变量

[Nginx UI] 正在获取证书

2025/08/17 15:57:00 [INFO] [*.wzksy.top, wzksy.top] acme: Obtaining bundled SAN certificate

2025/08/17 15:57:02 [INFO] [*.wzksy.top] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2599766337/570156164857

2025/08/17 15:57:02 [INFO] [wzksy.top] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2599766337/570156164867

2025/08/17 15:57:02 [INFO] [*.wzksy.top] acme: use dns-01 solver

2025/08/17 15:57:02 [INFO] [wzksy.top] acme: Could not find solver for: tls-alpn-01

2025/08/17 15:57:02 [INFO] [wzksy.top] acme: Could not find solver for: http-01

2025/08/17 15:57:02 [INFO] [wzksy.top] acme: use dns-01 solver

2025/08/17 15:57:02 [INFO] [*.wzksy.top] acme: Preparing to solve DNS-01

2025/08/17 15:57:04 [INFO] [wzksy.top] acme: Preparing to solve DNS-01

2025/08/17 15:57:06 [INFO] [*.wzksy.top] acme: Cleaning DNS-01 challenge

2025/08/17 15:57:08 [WARN] [*.wzksy.top] acme: cleaning up failed: alicloud: API call failed: refresh Ecs sts token err: Get "http://100.100.100.200/latest/meta-data/ram/security-credentials/nginxui@1265925409821934.onaliyun.com?": dial tcp 100.100.100.200:80: i/o timeout

2025/08/17 15:57:08 [INFO] [wzksy.top] acme: Cleaning DNS-01 challenge

2025/08/17 15:57:10 [WARN] [wzksy.top] acme: cleaning up failed: alicloud: API call failed: refresh Ecs sts token err: Get "http://100.100.100.200/latest/meta-data/ram/security-credentials/nginxui@1265925409821934.onaliyun.com?": dial tcp 100.100.100.200:80: i/o timeout

2025/08/17 15:57:11 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2599766337/570156164857

2025/08/17 15:57:11 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2599766337/570156164867

obtain cert error: error: one or more domains had a problem: [*.wzksy.top] [*.wzksy.top] acme: error presenting token: alicloud: API call failed: refresh Ecs sts token err: Get "http://100.100.100.200/latest/meta-data/ram/security-credentials/nginxui@1265925409821934.onaliyun.com?": dial tcp 100.100.100.200:80: i/o timeout [wzksy.top] [wzksy.top] acme: error presenting token: alicloud: API call failed: refresh Ecs sts token err: Get "http://100.100.100.200/latest/meta-data/ram/security-credentials/nginxui@1265925409821934.onaliyun.com?": dial tcp 100.100.100.200:80: i/o timeout

100.100.100.200似乎是一个内网地址，只有正常只能通过阿里云ecs 内去访问。

Originally created by @767251930 on GitHub (Aug 17, 2025). Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/1314 基本环境：在本地内网（无公网IP）使用docker-compose部署的nginx-ui，平时的使用习惯，使用了host模式， ```docker-compose.yml services: nginx-ui: stdin_open: true tty: true container_name: nginx-ui restart: always environment: - TZ=Asia/Shanghai volumes: - './mnt/user/appdata/nginx:/etc/nginx' - './mnt/user/appdata/nginx-ui:/etc/nginx-ui' - './var/www:/var/www' - './var/run/docker.sock:/var/run/docker.sock' network_mode: "host" # ports: # - 8080:80 # - 8443:443 image: 'uozi/nginx-ui:latest' ``` <img width="516" height="526" alt="Image" src="https://github.com/user-attachments/assets/7059397b-c619-403f-b479-9e5ef885be73" /> 只在阿里云上购买了wzksy.top的域名，没有阿里云ecs实例。DNS凭证中已经配置了对应的ALICLOUD_ACCESS_KEY和ALICLOUD_SECRET_KEY 下面是申请证书时的日志 ``` 正在获取证书，请稍等... [Nginx UI] 正在准备 lego 配置 [Nginx UI] ACME 用户：System Initial User，邮箱：767251930@qq.com，CA 目录：https://acme-v02.api.letsencrypt.org/directory [Nginx UI] 正在创建客户端用于与 CA 服务器通信 [Nginx UI] 正在设置 DNS01 验证提供程序 [Nginx UI] 正在设置环境变量 [Nginx UI] 正在获取证书 2025/08/17 15:57:00 [INFO] [*.wzksy.top, wzksy.top] acme: Obtaining bundled SAN certificate 2025/08/17 15:57:02 [INFO] [*.wzksy.top] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2599766337/570156164857 2025/08/17 15:57:02 [INFO] [wzksy.top] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2599766337/570156164867 2025/08/17 15:57:02 [INFO] [*.wzksy.top] acme: use dns-01 solver 2025/08/17 15:57:02 [INFO] [wzksy.top] acme: Could not find solver for: tls-alpn-01 2025/08/17 15:57:02 [INFO] [wzksy.top] acme: Could not find solver for: http-01 2025/08/17 15:57:02 [INFO] [wzksy.top] acme: use dns-01 solver 2025/08/17 15:57:02 [INFO] [*.wzksy.top] acme: Preparing to solve DNS-01 2025/08/17 15:57:04 [INFO] [wzksy.top] acme: Preparing to solve DNS-01 2025/08/17 15:57:06 [INFO] [*.wzksy.top] acme: Cleaning DNS-01 challenge 2025/08/17 15:57:08 [WARN] [*.wzksy.top] acme: cleaning up failed: alicloud: API call failed: refresh Ecs sts token err: Get "http://100.100.100.200/latest/meta-data/ram/security-credentials/nginxui@1265925409821934.onaliyun.com?": dial tcp 100.100.100.200:80: i/o timeout 2025/08/17 15:57:08 [INFO] [wzksy.top] acme: Cleaning DNS-01 challenge 2025/08/17 15:57:10 [WARN] [wzksy.top] acme: cleaning up failed: alicloud: API call failed: refresh Ecs sts token err: Get "http://100.100.100.200/latest/meta-data/ram/security-credentials/nginxui@1265925409821934.onaliyun.com?": dial tcp 100.100.100.200:80: i/o timeout 2025/08/17 15:57:11 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2599766337/570156164857 2025/08/17 15:57:11 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2599766337/570156164867 obtain cert error: error: one or more domains had a problem: [*.wzksy.top] [*.wzksy.top] acme: error presenting token: alicloud: API call failed: refresh Ecs sts token err: Get "http://100.100.100.200/latest/meta-data/ram/security-credentials/nginxui@1265925409821934.onaliyun.com?": dial tcp 100.100.100.200:80: i/o timeout [wzksy.top] [wzksy.top] acme: error presenting token: alicloud: API call failed: refresh Ecs sts token err: Get "http://100.100.100.200/latest/meta-data/ram/security-credentials/nginxui@1265925409821934.onaliyun.com?": dial tcp 100.100.100.200:80: i/o timeout ``` 100.100.100.200似乎是一个内网地址，只有正常只能通过阿里云ecs 内去访问。

kerem

2026-02-28 11:57:54 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-28 11:57:55 +03:00

Author

Owner

@0xJacky commented on GitHub (Aug 17, 2025):

是不是填错配置了？截个图打码掉敏感信息看看？

@0xJacky commented on GitHub (Aug 17, 2025): 是不是填错配置了？截个图打码掉敏感信息看看？

kerem commented

2026-02-28 11:57:55 +03:00

Author

Owner

@767251930 commented on GitHub (Aug 17, 2025):

@767251930 commented on GitHub (Aug 17, 2025): <img width="492" height="739" alt="Image" src="https://github.com/user-attachments/assets/5feaaeb7-d673-4635-842b-94db06ef1257" />

kerem commented

2026-02-28 11:57:55 +03:00

Author

Owner

@767251930 commented on GitHub (Aug 17, 2025):

nginx.conf配置没动，也没有添加额外的配置。
把UI的服务端口改到了8082，
只改了nginx-ui.conf中的 proxy_pass http://localhost:8082/;
和app.ini的Port = 8082

@767251930 commented on GitHub (Aug 17, 2025): nginx.conf配置没动，也没有添加额外的配置。把UI的服务端口改到了8082，只改了nginx-ui.conf中的 proxy_pass http://localhost:8082/; 和app.ini的Port = 8082

kerem commented

2026-02-28 11:57:55 +03:00

Author

Owner

@0xJacky commented on GitHub (Aug 17, 2025):

不应该填写 RAM_ROLE

@0xJacky commented on GitHub (Aug 17, 2025): 不应该填写 RAM_ROLE