我通过 cron 进行了以下设置:
/usr/sbin/certbot-auto renew --force-renew --quiet --post-hook "/sbin/service httpd reload" >> /var/log/letsencrypt/letsencrypt.log 2>&1
我发现这并没有更新证书,当我尝试手动运行命令时,我得到:
Attempting to renew cert (foo.com) from /etc/letsencrypt/renewal/foo.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/foo.com/fullchain.pem (failure)
我找不到用于设置它的原始文章,但如果我尝试以自动化方式执行此操作,我不明白为什么需要使用 --manual-auth-hook。有人可以告诉我为什么会弹出此错误消息以及我需要如何修复它以便 cron 自动运行而不会出现错误吗?我猜我需要添加某种通过 dns 或 http 进行身份验证的脚本,但我对此不是 100% 确定。
答案1
我不确定为什么会出现此错误,但我最近遇到了同样的问题,不得不使用以下命令手动更新证书:
certbot-auto certonly --apache -d foo.com
此命令发出的成功消息包含一个代码片段,具体说明我将能够在未来使用“certbot-auto renew”自动更新此证书。
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/foo.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/foo.com/privkey.pem
Your cert will expire on 2019-02-25. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
我有一个 cron 作业,每周运行一次 certbot-auto renew,如果我发现任何问题,我会回来更新此答案。如果您在 2019-02-25 之前没有收到我的回复,则意味着证书可以在上述手动续订后自动续订。