我正在尝试更新通配符let's encrypt证书。
/usr/local/bin/certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sub.myDomain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certs are not due for renewal yet:
/etc/letsencrypt/live/sub.myDomain.com/fullchain.pem expires on 2019-08-14 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
它响应说Cert not yet due for renewal。但实际上它已经过期:
echo | openssl s_client -connect sub.myDomain.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Mar 11 15:32:13 2019 GMT
notAfter=Jun 9 15:32:13 2019 GMT
我该如何更新它?下面是我创建该证书的方法:
certbot certonly \
--dns-google \
--email [email protected] \
--agree-tos \
-d *.sub.myDomain.com
答案1
您的系统上个月更新了证书,但网络服务器从未重新启动或重新加载以真正开始使用它。
要修复此问题,请重新加载/重新启动 Web 服务器。
您还可以提供适当的命令来重新加载您的 Web 服务器作为--deploy-hook您的certbot renew命令。