Please enter your domain name:134.thairath.eu.org
[DEG] your domain is:134.thairath.eu.org,check it...
[INF] your domain is ready for issuing cert now...
please choose which port do you use,default will be 80 port:
[ERR] your input is invalid,will use default port
[INF] will use port: to issue certs,please make sure this port is open...
[Mon Mar 23 02:16:41 PM CST 2026] Changed default CA to: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 23 02:16:42 PM CST 2026] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 23 02:16:42 PM CST 2026] Standalone mode.
[Mon Mar 23 02:16:42 PM CST 2026] Creating domain key
[Mon Mar 23 02:16:42 PM CST 2026] Domain key exists, do you want to overwrite it?
[Mon Mar 23 02:16:42 PM CST 2026] If so, add '--force' and try again.
[Mon Mar 23 02:16:42 PM CST 2026] Error creating domain key.
[Mon Mar 23 02:16:42 PM CST 2026] Please add '--debug' or '--log' to see more information.
[Mon Mar 23 02:16:42 PM CST 2026] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[ERR] issue certs failed,please check logs
root@ioracle:~# 看日志报错,问题其实比网络环境还要简单:acme.sh 脚本检测到本地已经存在该域名的密钥文件(Domain key),但因为你没有加 --force 参数,它为了安全起见拒绝覆盖旧文件,导致任务中断。
简单来说,就是“旧的没删,新的不敢写”。
解决办法
你可以尝试以下两种方式:
方法 A:使用强制覆盖参数(最快)
在执行申请命令时,手动加上 --force 选项。如果你是直接运行面板自带的脚本,可能需要手动进入命令行运行:
Bash
~/.acme.sh/acme.sh --issue --standalone -d 134.thairath.eu.org --forceroot@ioracle:~# ~/.acme.sh/acme.sh --issue --standalone -d 134.thairath.eu.org --force
[Mon Mar 23 02:17:12 PM CST 2026] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 23 02:17:12 PM CST 2026] Standalone mode.
[Mon Mar 23 02:17:12 PM CST 2026] Creating domain key
[Mon Mar 23 02:17:12 PM CST 2026] The domain key is here: /root/.acme.sh/134.thairath.eu.org_ecc/134.thairath.eu.org.key
[Mon Mar 23 02:17:12 PM CST 2026] Single domain='134.thairath.eu.org'
[Mon Mar 23 02:17:15 PM CST 2026] Getting webroot for domain='134.thairath.eu.org'
[Mon Mar 23 02:17:15 PM CST 2026] Verifying: 134.thairath.eu.org
[Mon Mar 23 02:17:15 PM CST 2026] Standalone mode server
[Mon Mar 23 02:17:16 PM CST 2026] Pending. The CA is processing your order, please wait. (1/30)
[Mon Mar 23 02:17:20 PM CST 2026] 134.thairath.eu.org: Invalid status. Verification error details: 2a14:67c0:302:134::a: Fetching http://134.thairath.eu.org/.well-known/acme-challenge/0AwiOlXLRD91CvA2FZG5TLhuB9teN82AW3kFAcDT5qM: Connection refused
[Mon Mar 23 02:17:20 PM CST 2026] Please add '--debug' or '--log' to see more information.
[Mon Mar 23 02:17:20 PM CST 2026] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
root@ioracle:~# 这次报错 Connection refused(连接被拒绝),说明 Let’s Encrypt 的服务器尝试通过 IPv6 访问你的 80 端口,但没敲开门。
对于纯 IPv6 的 VPS,最常见的原因有两个:防火墙没开 或者 acme.sh 没能成功监听 IPv6 的 80 端口。
1. 检查 IPv6 防火墙 (最可能的原因)
很多 VPS 默认只开了 IPv4 的防火墙,或者 ip6tables 默认拒绝所有入站流量。请执行以下命令彻底放行 IPv6 的 80 端口:
Bash
# 放行 IPv6 80 端口流量
ip6tables -I INPUT -p tcp --dport 80 -j ACCEPT
# 如果你安装了 ufw,也需要放行
ufw allow 80/tcp2. 强制 acme.sh 监听 IPv6
在某些系统环境下,standalone 模式默认可能只监听了 IPv4。我们可以通过添加 --listen-v6 参数来强制它监听 IPv6:
Bash
~/.acme.sh/acme.sh --issue --standalone -d 134.thairath.eu.org --listen-v6 --force然后再去申请
[Mon Mar 23 02:18:36 PM CST 2026] Your cert is in: /root/.acme.sh/134.thairath.eu.org_ecc/134.thairath.eu.org.cer
[Mon Mar 23 02:18:36 PM CST 2026] Your cert key is in: /root/.acme.sh/134.thairath.eu.org_ecc/134.thairath.eu.org.key
[Mon Mar 23 02:18:36 PM CST 2026] The intermediate CA cert is in: /root/.acme.sh/134.thairath.eu.org_ecc/ca.cer
[Mon Mar 23 02:18:36 PM CST 2026] And the full-chain cert is in: /root/.acme.sh/134.thairath.eu.org_ecc/fullchain.cer
root@ioracle:~#
完美解决~!
正文完