主页 / user-79123

P.Péter's questions

Martin Hope
P.Péter
Asked: 2021-10-01 08:40:25 +0800 CST
  • 20

如果我尝试从 debian 9 访问具有 certbot 颁发的证书的 HTTPS 服务器,我会收到以下错误:

 # curl -v https://hu.dbpedia.org/
 *   Trying 195.111.2.82...
 * TCP_NODELAY set
 * Connected to hu.dbpedia.org (195.111.2.82) port 443      (#0)
 * ALPN, offering h2
 * ALPN, offering http/1.1
 * Cipher selection:      ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
 * successfully set certificate verify locations:
 *   CAfile: /etc/ssl/certs/ca-certificates.crt
   CApath: /etc/ssl/certs
 * TLSv1.2 (OUT), TLS header, Certificate Status (22):
 * TLSv1.2 (OUT), TLS handshake, Client hello (1):
 * TLSv1.2 (IN), TLS handshake, Server hello (2):
 * TLSv1.2 (IN), TLS handshake, Certificate (11):
 * TLSv1.2 (OUT), TLS alert, Server hello (2):
 * SSL certificate problem: certificate has expired
 * Curl_http_done: called premature == 1
 * stopped the pause stream!
 * Closing connection 0
 curl: (60) SSL certificate problem: certificate has expired

但是,如果我从 debian 10 尝试相同的命令,它会成功。

我尝试使用 rsync 简单地将所有 ca-certificates 从 debian 10 VM 复制到 debian 9 VM(到 /usr/local/share/ca-certificates),然后运行update-ca-certificates似乎添加了 400 多个证书。不幸的是,它没有帮助。这并不奇怪,因为显然 debian 9 和 10 上似乎有相同的证书。

我的问题是:如何在不完全忽略证书验证的情况下从 debian 9 机器访问带有 certbot 证书的站点

debian ssl-certificate lets-encrypt debian-stretch
Martin Hope
P.Péter
Asked: 2020-01-15 01:08:27 +0800 CST
  • 0

当我尝试在本地 kubernetes 集群中创建基于 nfs 的持久卷时,我收到以下错误:

# kubectl create -f nfs.yaml
error: error validating "nfs.yaml": error validating data: the server could not find the requested resource; if you choose to ignore these errors, turn validation off with --validate=false

有以下nfs.yaml内容:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-nfs-pv1
  labels:
    type: nfs
spec:
  capacity:
    storage: 1Gi
  accessModes:
    - ReadWriteMany
  nfs:
    server: 192.168.1.3
    path: "/srv/kubedata/"

kubernetes 集群在我们本地的 openstack 云中创建的三个虚拟机上运行(安装了 kubespray)。nfs 共享位于第一个节点上,可以手动挂载到所有节点上。

我该如何解决这个问题?是yaml文件的问题吗?如何诊断问题?知道错误的确切位置会非常有帮助:kubectl 是否有调试模式?

更新:我发布的原始 yaml 已损坏,但那是因为堆栈溢出引用算法吃了一些换行符。我解决了这个问题,现在发布的 yaml 似乎在https://kubeyaml.com/上验证,所以 yaml 似乎没问题(至少在语法方面)。

更新2:

# kubectl version
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.0", GitCommit:"fff5156092b56e6bd60fff75aad4dc9de6b6ef37", GitTreeState:"clean", BuildDate:"2017-03-28T16:36:33Z", GoVersion:"go1.7.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.3", GitCommit:"2d3c76f9091b6bec110a5e63777c332469e0cba2", GitTreeState:"clean", BuildDate:"2019-08-19T11:05:50Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"linux/amd64"}
kubernetes