打印

使用Letsencrypt证书用户建议更新自动续期规则

本主题由 licess 于 2017-8-23 17:39 设置高亮

使用Letsencrypt证书用户建议更新自动续期规则

因Let'sEncrypt的certbot程序更新,参数发生些变化,可能导致SSL证书续期失败,建议8月23日前安装LNMP的用户更新一下crontab规则和lnmp管理脚本,自动更新命令:wget -O - http://soft.vpser.net/lnmp/ext/fix_renewssl.sh|bash

也可以执行:cd /tmp && wget http://soft.vpser.net/lnmp/lnmp1.4.tar.gz -O lnmp1.4.tar.gz && tar zxf lnmp1.4.tar.gz && cd lnmp1.4 && ./upgrade1.x-1.4.sh
升级lnmp管理脚本后再自行参考crontab教程,删除原certbot的规则,添加上0 3 */7 * * /bin/certbot renew --disable-hook-validation --renew-hook "/etc/init.d/nginx reload"
手动更新的话建议再执行:/bin/certbot renew --disable-hook-validation --renew-hook "/etc/init.d/nginx reload" 看一下能否正常更新。

如有问题,请到LNMP论坛进行反馈:https://bbs.vpser.net/forum-25-1.html

TOP

还好我用的是acme.sh的DNS API申请的证书!

TOP

不能正常更新

安装完1.4后,开始没有更新自动续期规则,前几天SSL到期了,然后才看到需要更新自动续期规则。但是更新后还是不能续期啊:

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/wptheme.top.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

-------------------------------------------------------------------------------

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/wptheme.top/fullchain.pem (skipped)
No renewals were attempted.
No hooks were run.

TOP

更新证书出错

/bin/certbot renew --disable-hook-validation --renew-hook "/etc/init.d/nginx reload"
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log

TOP