我的 letsencrypt 证书即将过期。我运行了“certbot”来续订接下来的 3 个月:
$ sudo certbot certonly --standalone -d $website --email admin@$website
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for my_website123.com
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/my_website123.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/my_website123.com/privkey.pem
Your cert will expire on 2018-07-08. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
为什么是“2018-07-08”?我甚至再次运行了 certbot - 结果是一样的。
答案1
我认为您没有更新证书。以防万一,请说明您使用的 certbot 版本、您的 Linux 发行版和您的 Web 服务器(apache、nginx?)
您可以尝试运行--dry-runrenew 命令并查看输出:
certbot-auto renew --dry-run
一旦检查一切正确,您就可以实际运行它并重新启动 apache:
systemctl stop apache2 &&
certbot-auto renew &&
systemctl start apache2
如果该命令不起作用(由于 certbot 版本或包),您可能需要certbot使用前挂钩和后挂钩来运行该命令:
certbot renew --pre-hook "service apache2 stop" --post-hook "service apache2 start"
自动化
解决手动检查续订的问题后,您应该尝试使用 cron 作业自动执行此操作,至少每周一次,如果不是每天一次的话。如果您需要帮助,请在此处发表评论,我会更新我的答案以将其包括在内。大多数分配包括自动更新使用 certbot 包。