老版本Gitlab SSL证书自动续期错误KeyError: key not found: "token"解决
- 解决方案
- [Acme-client Issue参考](#Acme-client Issue参考)
- 排除过程(思路)
-
- 问题发现&报错
- 查看更详细的日志
- [查看错误的Stacktrace dumped(堆栈报告)](#查看错误的Stacktrace dumped(堆栈报告))
- 查看并修改源码
- 重新配置Gitlab
解决方案
赶时间的,先看解决办法,后面再说细节
因为有些CA提供商在域名为组织预先验证,并没有为其设置token,所以acme-client客户端v2.0.17以前的版本,initialize_challenge方法中会因为这个参数报错
bash
# 2.7.0、2.0.9这些版本,可能不一样,换成自己本地对应的版本号
# 根本问题找到authorization.rb即可
sudo vi /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb
# 修改initialize_challenge方法
# 原本是token: attributes.fetch('token'),改为以下内容
token: attributes.fetch('token', nil),
# wq保存退出,重新配置Gitlab就发现全好了
sudo gitlab-ctl reconfigureAcme-client Issue参考
acme-client 在v2.0.17才解决这个问题,提交记录参考如下:
Set authorization token to if there is no token in the challenge (#234nil)
所以可能大家搜到说:
- 升级Gitlab(变相的升级了acme-client)
- 更换其他签发证书的方式(跳过了acme签发证书)
都可以解决
排除过程(思路)
问题发现&报错
到日期了SSL证书也没有自动续签,运行sudo gitlab-ctl reconfigure报错
bash
Running handlers:
There was an error running gitlab-ctl reconfigure:
letsencrypt_certificate[xxx.xxxx.cn] (letsencrypt::http_authorization line 6) had an error: KeyError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 41) had an error: KeyError: key not found: "token"查看更详细的日志
查看/var/log/gitlab/lets-encrypt/目录下最新的日志,1777570203按自己实际情况
bash
tail -200f /var/log/gitlab/lets-encrypt/renewal.1777570203.log查看相应时间的错误可以发现,本次更详细的堆栈问题在/opt/gitlab/embedded/cookbooks/cache/chef-stacktrace.out这个里面
bash
[2026-05-01T01:30:22+08:00] INFO: Running queued delayed notifications before re-raising exception
[2026-05-01T01:30:22+08:00] ERROR: Running exception handlers
[2026-05-01T01:30:22+08:00] ERROR: Exception handlers complete
[2026-05-01T01:30:22+08:00] FATAL: Stacktrace dumped to /opt/gitlab/embedded/cookbooks/cache/chef-stacktrace.out
[2026-05-01T01:30:22+08:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2026-05-01T01:30:22+08:00] FATAL: KeyError: letsencrypt_certificate[xxxx.xxxx.cn] (letsencrypt::http_authorization line 6) had an error: KeyError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 41) had an error: KeyError: key not found: "token"查看错误的Stacktrace dumped(堆栈报告)
查看/opt/gitlab/embedded/cookbooks/cache/chef-stacktrace.out
bash
tail -200f /opt/gitlab/embedded/cookbooks/cache/chef-stacktrace.out找到错误发生的行>>>> Caused by KeyError
bash
>>>> Caused by KeyError: key not found: "token"
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb:59:in `fetch'
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb:59:in `initialize_challenge'
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb:23:in `block in challenges'
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb:22:in `map'
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb:22:in `challenges'
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb:28:in `http01'可以发现错误源自authorization.rb59行fetch
查看并修改源码
查看authorization.rb的initialize_challenge方法的fetch token
参考Issue Set authorization token to if there is no token in the challenge (#234nil)修改
bash
vi /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb
#########
def initialize_challenge(attributes)
arguments = {
type: attributes.fetch('type'),
status: attributes.fetch('status'),
url: attributes.fetch('url'),
token: attributes.fetch('token', nil), # 增加, nil 默认值
error: attributes['error']
}
Acme::Client::Resources::Challenges.new(@client, **arguments)
end
#########
# wq 保存退出重新配置Gitlab
bash
sudo gitlab-ctl reconfigure