使用certbot续期ssl证书renew时遇到问题

转载自:CSDN 2019-12-27 19:18:51
284 12 0

转载自:http://blog.csdn.net/qq_19868745/article/details/72677709

遇到的问题如下:

IMPORTANT NOTES:

 - The following errors were reported by the server:

   Domain: www.miling.online

   Type:   unauthorized

   Detail: Invalid response from

   http://www.miling.online/.well-known/acme-challenge/8IPPiMABwsHSwqSSTfZ5XMv7wD9sqXdO1pzOwFebdzg

   [2001:470:35:bf9::2]: 404


   To fix these errors, please make sure that your domain name was

   entered correctly and the DNS A record(s) for that domain

   contain(s) the right IP address.

[root@iZuf6istfz0zvz8dbdfyxxZ ~]# certbot-auto renew --force-renew

-bash: certbot-auto: command not found

[root@iZuf6istfz0zvz8dbdfyxxZ ~]# 

[root@iZuf6istfz0zvz8dbdfyxxZ ~]# 1

-bash: 1: command not found

[root@iZuf6istfz0zvz8dbdfyxxZ ~]# certbot renew --quiet

Attempting to renew cert from /etc/letsencrypt/renewal/www.miling.online.conf produced an unexpected error: Failed authorization procedure. www.miling.online (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.miling.online/.well-known/acme-challenge/o30LM-8eAdn4IB8vX96Aa1Xgs6Mwc-5QjJNQ8mjl_Ns [2001:470:35:bf9::2]: 404. Skipping.

All renewal attempts failed. The following certs could not be renewed:

  /etc/letsencrypt/live/www.miling.online/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

最后查看了certbot的帮助



依次运行:
# service nginx stop



# certbot --force-renewal



# certbot certonly



# certbot renew --dry-run



# cerbot nginx start

需要注意的是service nginx stop/start,否则会出现问题


注:今天使用上述命令成功的手动renew了Let's Encrypt的证书,每个网站都要用certbot certonly进行更新,更新后的证书文件目录与原先的不同需要在虚拟主机的配置问题中更新,服务器上所有域名更新之后运行 certbot renew --dry-run. 如何配置定期自动更新今后再试。

【壹剧团】备注:本篇文章如有牵涉版权或其他问题,请随时邮件联系,必将及时响应。