老版本Gitlab SSL证书自动续期错误KeyError: key not found: “token“解决

老版本Gitlab SSL证书自动续期错误KeyError: key not found: "token"解决

解决方案

赶时间的,先看解决办法,后面再说细节

因为有些CA提供商在域名为组织预先验证,并没有为其设置token,所以acme-client客户端v2.0.17以前的版本initialize_challenge方法中会因为这个参数报错

bash 复制代码
# 2.7.0、2.0.9这些版本,可能不一样,换成自己本地对应的版本号
# 根本问题找到authorization.rb即可
sudo vi /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb

# 修改initialize_challenge方法
# 原本是token: attributes.fetch('token'),改为以下内容
token: attributes.fetch('token', nil),

# wq保存退出,重新配置Gitlab就发现全好了
sudo gitlab-ctl reconfigure

Acme-client Issue参考

acme-client 在v2.0.17才解决这个问题,提交记录参考如下:

Set authorization token to if there is no token in the challenge (#234nil)

所以可能大家搜到说:

  • 升级Gitlab(变相的升级了acme-client)
  • 更换其他签发证书的方式(跳过了acme签发证书)

都可以解决

排除过程(思路)

问题发现&报错

到日期了SSL证书也没有自动续签,运行sudo gitlab-ctl reconfigure报错

bash 复制代码
Running handlers:
There was an error running gitlab-ctl reconfigure:

letsencrypt_certificate[xxx.xxxx.cn] (letsencrypt::http_authorization line 6) had an error: KeyError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 41) had an error: KeyError: key not found: "token"

查看更详细的日志

查看/var/log/gitlab/lets-encrypt/目录下最新的日志,1777570203按自己实际情况

bash 复制代码
tail -200f /var/log/gitlab/lets-encrypt/renewal.1777570203.log

查看相应时间的错误可以发现,本次更详细的堆栈问题在/opt/gitlab/embedded/cookbooks/cache/chef-stacktrace.out这个里面

bash 复制代码
[2026-05-01T01:30:22+08:00] INFO: Running queued delayed notifications before re-raising exception
[2026-05-01T01:30:22+08:00] ERROR: Running exception handlers
[2026-05-01T01:30:22+08:00] ERROR: Exception handlers complete
[2026-05-01T01:30:22+08:00] FATAL: Stacktrace dumped to /opt/gitlab/embedded/cookbooks/cache/chef-stacktrace.out
[2026-05-01T01:30:22+08:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2026-05-01T01:30:22+08:00] FATAL: KeyError: letsencrypt_certificate[xxxx.xxxx.cn] (letsencrypt::http_authorization line 6) had an error: KeyError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 41) had an error: KeyError: key not found: "token"

查看错误的Stacktrace dumped(堆栈报告)

查看/opt/gitlab/embedded/cookbooks/cache/chef-stacktrace.out

bash 复制代码
tail -200f /opt/gitlab/embedded/cookbooks/cache/chef-stacktrace.out

找到错误发生的行>>>> Caused by KeyError

bash 复制代码
>>>> Caused by KeyError: key not found: "token"
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb:59:in `fetch'
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb:59:in `initialize_challenge'
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb:23:in `block in challenges'
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb:22:in `map'
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb:22:in `challenges'
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb:28:in `http01'

可以发现错误源自authorization.rb59行fetch

查看并修改源码

查看authorization.rbinitialize_challenge方法的fetch token

参考Issue Set authorization token to if there is no token in the challenge (#234nil)修改

bash 复制代码
vi /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/acme-client-2.0.9/lib/acme/client/resources/authorization.rb

#########
  def initialize_challenge(attributes)
    arguments = {
      type: attributes.fetch('type'),
      status: attributes.fetch('status'),
      url: attributes.fetch('url'),
      token: attributes.fetch('token', nil), # 增加, nil 默认值
      error: attributes['error']
    }
    Acme::Client::Resources::Challenges.new(@client, **arguments)
  end
#########
# wq 保存退出

重新配置Gitlab

bash 复制代码
sudo gitlab-ctl reconfigure
相关推荐
卖萌的斜阳18 小时前
W55MH32L-EVB 上手测评:硬件 TCP/IP 加持的以太网单片机,MicroPython 零门槛开发
单片机·网络协议·tcp/ip
用户83344239661418 小时前
Qt6 实现 TCP/UDP/组播 透明中继抓包工具 | 流量录制回放 | 工业设备调试
网络协议
CryptoPP20 小时前
BSE股票K线数据接入实战:从接口调用到前端图表展示
大数据·前端·网络·人工智能·websocket·网络协议
ITxiaobing202320 小时前
程序化广告RTB场景下IP地理定位服务的精度与工程架构选型
网络协议·tcp/ip·架构
阿米亚波1 天前
【EVE-NG 实战】防火墙基础(VLAN · VRRP · NAT · ACL · 静态路由)
运维·网络·笔记·网络协议·计算机网络·网络安全·运维开发
tiantianuser1 天前
NVME-oF IP 设计2 :设计之前的调研!
网络·网络协议·rdma·roce v2·nvme of
2401_873479401 天前
如何识别代理IP和伪装流量?用IP情报工具三步穿透住宅代理伪装
网络·数据库·网络协议·tcp/ip·ip
STDD1 天前
Traefik 中间件深度配置:限流、认证、IP 白名单与错误页面定制
网络协议·tcp/ip·中间件
曾令胜1 天前
HTTP协议基础总结
网络·网络协议·http
zoipuus1 天前
上传repo仓库到自己的gitlab
linux·gitlab·shell·全志·tina