之前已经使用免费的certbot-auto 做了本站的https证书,原网址: http://47.93.183.36/article/507.html 更新证书的后台服务一直在跑着没怎么看,今天访问https页面时提示证书错误(查看提示证书已过期),就上来看一下,发现更新出了问题。因为请求的域名raw.githubusercontent.com失败,导致证书更新失败,先暂指一下host解决。过程记录如下:本文地址:http://8408.cn/article/868.html,未经许可,不得转载.
[root@04007 ~]# /opt/modules/https/certbot-auto renew Upgrading certbot-auto 1.0.0 to 1.8.0... Couldn't download https://raw.githubusercontent.com/certbot/certbot/v1.8.0/letsencrypt-auto-source/letsencrypt-auto. <urlopen error timed out> [root@04007 ~]# vim /etc/hosts 1 127.0.0.1 localhost 5 199.232.4.133 raw.githubusercontent.com [root@04007 ~]# /opt/modules/https/certbot-auto renew Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap) yum is /usr/bin/yum yum is hashed (/usr/bin/yum) Loaded plugins: security Setting up Install Process Package gcc-4.4.7-23.el6.x86_64 already installed and latest version Package augeas-libs-1.0.0-10.el6.x86_64 already installed and latest version Package openssl-1.0.1e-58.el6_10.x86_64 already installed and latest version Package openssl-devel-1.0.1e-58.el6_10.x86_64 already installed and latest version Package libffi-devel-3.0.5-3.2.el6.x86_64 already installed and latest version Package redhat-rpm-config-9.0.3-51.el6.centos.noarch already installed and latest version Package ca-certificates-2020.2.41-65.1.el6_10.noarch already installed and latest version Package python-devel-2.6.6-68.el6_10.x86_64 already installed and latest version Package python-virtualenv-12.0.7-1.el6.noarch already installed and latest version Package python-tools-2.6.6-68.el6_10.x86_64 already installed and latest version Package python-pip-7.1.0-2.el6.noarch already installed and latest version Nothing to do Creating virtual environment... Installing Python packages... Installation succeeded. Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/04007.cn.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... NGINX configured with OpenSSL alternatives is not officially supported by Certbot. Plugins selected: Authenticator nginx, Installer nginx Renewing an existing certificate Performing the following challenges: http-01 challenge for 04007.cn http-01 challenge for www.04007.cn Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed with reload of nginx server; fullchain is /etc/letsencrypt/live/04007.cn/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/04007.cn/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - #不用更新certbot-auto 软件本身,直接更新证书的方式 [root@04007 ~]# /opt/modules/https/certbot-auto renew --no-self-upgrade本文地址:http://8408.cn/article/868.html,未经许可,不得转载.
另外找到certbot-auto有个选项:--no-self-upgrade。certbot-auto默认始终尝试更新到最新版,但对已经稳定的应用而言,可以不用更新,因此可以使用此选项直接更新证书,而不用更新certbot-auto导致其它意外问题。本文地址:http://8408.cn/article/868.html,未经许可,不得转载.
本文地址:http://8408.cn/article/868.html 未经许可,不得转载. 手机访问本页请扫描右下方二维码.
手机扫码直接打开本页面 |