我有一台安装了 certbot 的 Let's encrypt 证书的服务器。我想使用以下命令来更新它
sudo certbot renew --force-renewal
但我收到一个错误:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mydomain.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Attempting to renew cert (mydomain) from /etc/letsencrypt/renewal/mydomain.conf produced an unexpected error: Invalid version. The only valid version for X509Req is 0.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mydomain/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/mydomain/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
我有 Ubuntu 20.04.4 LTS、Python 3.8.10,我该怎么办?
答案1
我在 Ubuntu 18.04 中遇到了同样的问题,这是由 pyOpenSSL 23.2.0 版本引起的。降级到 23.1.1 后,它又恢复正常了:
pip3 install pyOpenSSL==23.1.1
答案2
今天我在未升级的 Debian 10 机器上遇到了这个问题。前段时间它还能正常工作,但现在我遇到了同样的错误(无效版本。X509Req 的唯一有效版本是 0.. 跳过。)。我通过简单升级 certbot 解决了这个问题:
pip3 install -U certbot
这很有帮助,certbot renew效果很好。现在,pip freeze显示为我安装的这些相关软件包:
certbot==2.7.4
pyOpenSSL==24.0.0
我认为使用最新版本的安全库比降级到旧版本要好得多。