Certbot 和 letsencrypt:续订后我的证书有效期从 3 个月延长至 2 周

Certbot 和 letsencrypt:续订后我的证书有效期从 3 个月延长至 2 周

我的 letsencrypt 证书即将过期。我运行了“certbot”来续订接下来的 3 个月:

  $ sudo certbot certonly --standalone -d $website --email admin@$website
  Saving debug log to /var/log/letsencrypt/letsencrypt.log
  Plugins selected: Authenticator standalone, Installer None
  Cert is due for renewal, auto-renewing...
  Renewing an existing certificate
  Performing the following challenges:
  tls-sni-01 challenge for my_website123.com
  Waiting for verification...
  Cleaning up challenges

  IMPORTANT NOTES:
   - Congratulations! Your certificate and chain have been saved at:
     /etc/letsencrypt/live/my_website123.com/fullchain.pem
     Your key file has been saved at:
     /etc/letsencrypt/live/my_website123.com/privkey.pem
     Your cert will expire on 2018-07-08. To obtain a new or tweaked
     version of this certificate in the future, simply run certbot
     again. To non-interactively renew *all* of your certificates, run
     "certbot renew"
   - If you like Certbot, please consider supporting our work by:

     Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
     Donating to EFF:                    https://eff.org/donate-le

为什么是“2018-07-08”?我甚至再次运行了 certbot - 结果是一样的。

答案1

我认为您没有更新证书。以防万一,请说明您使用的 certbot 版本、您的 Linux 发行版和您的 Web 服务器(apache、nginx?)

您可以尝试运行--dry-runrenew 命令并查看输出:

certbot-auto renew --dry-run

一旦检查一切正确,您就可以实际运行它并重新启动 apache:

systemctl stop apache2 &&
certbot-auto renew && 
systemctl start apache2 

如果该命令不起作用(由于 certbot 版本或包),您可能需要certbot使用前挂钩和后挂钩来运行该命令:

certbot renew --pre-hook "service apache2 stop" --post-hook "service apache2 start"

自动化

解决手动检查续订的问题后,您应该尝试使用 cron 作业自动执行此操作,至少每周一次,如果不是每天一次的话。如果您需要帮助,请在此处发表评论,我会更新我的答案以将其包括在内。大多数分配包括自动更新使用 certbot 包。

相关内容