今天我收到错误,因为我的网络服务器已过期SSL
好的,我进入操作系统服务器并运行让我们加密手动快速编写脚本
# /opt/letsencrypt/bin/letsencrypt-auto
Upgrading certbot-auto 0.13.0 to 0.14.2...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find executable apache2ctl in PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "letsencrypt-auto certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
好的,关于“apache2ctl”有一些奇怪的消息Apache2没关系,我正在使用NGINX在openresty
并通常运行另一个命令来更新所有证书
# /opt/letsencrypt/bin/letsencrypt-auto renew
然后我在每个过期域名上都遇到了另一个错误
Processing
/etc/letsencrypt/renewal/{{domain}}.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for {{domain}}
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/{{domain}}.conf produced an unexpected error: Failed authorization procedure. {{domain}} (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [{{key}}] != [HELLO! This domain is waiting to be connected.<br>
For more information see help or contact us on {{contact_url}}.]. Skipping.
运行单独的命令没有帮助,因为文档没有显示之后发生了什么
# ./certbot-auto certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find executable apache2ctl in PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
可能每一个举动都会摧毁我的结构
问我该怎么办?
答案1
一开始我备份机器
这是我的步骤
# wget https://dl.eff.org/certbot-auto
# chmod a+x ./certbot-auto
# mv certbot-auto /opt/letsencrypt/bin
# openresty -s stop
# ./certbot-auto certonly --standalone -d {{domain}},{{domain}},{{domain}}
# openresty
之后我检查了一下,命令选项“更新”工作正常,即使再次运行网络服务器也没有错误
./certbot-auto renew
也许它可以对某些人有所帮助。