letsencrypt的免费SSL证书续签及解决办法
Posted qinyan20
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了letsencrypt的免费SSL证书续签及解决办法相关的知识,希望对你有一定的参考价值。
正常letsencrypt的免费SSL证书续签, 常常需要停止nginx
步骤:
就是先停nginx服务,然后续签操作,在服务器上即:
1. 直接续签证书
find / -name "certbot-auto"
/root/letsencrypt/certbot-auto
/root/certbot-auto
/root/letsencrypt/certbot-auto/certbot-auto renew --force-renew --no-self-upgrade
--force-renew 强制更新
--no-self-upgrade 不更新 letsencrypt
2. 续签证书失败(重新注册证书)
执行: /root/letsencrypt/certbot-auto certonly --standalone --no-self-upgrade -d xxxxx.com
若执行报以下错
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxx.com
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.
停止nginx
sudo /usr/sbin/nginx -s stop
启动nginx
nginx -c /etc/nginx/nginx.conf
nginx -s reload
最后 用2生成的新的 fullchain.pem 和privkey.pem 替换原来旧的,即可
cp /etc/letsencrypt/live/xxx.com-0001/fullchain.pem /etc/letsencrypt/live/xxx.com/fullchain.pem
cp /etc/letsencrypt/live/xxx.com-0001/privkey.pem /etc/letsencrypt/live/xxx.com/privkey.pem
sudo /usr/sbin/nginx -t
sudo /usr/sbin/nginx -s reload
访问网站, 可以看到证书已续签 !!
letsencrypt配置https 相关网址:
https://www.jianshu.com/p/0d455c7a9326
https://www.jianshu.com/p/e4def1f789c1
以上是关于letsencrypt的免费SSL证书续签及解决办法的主要内容,如果未能解决你的问题,请参考以下文章
Let'sEncrypt快速颁发及自动续签泛域名证书实践指南
centos 下安装 Let’s Encrypt 永久免费 SSL 证书