SSL證書續期(Let's Encrypt免費證書)


Let's Encrypt是免費證書,有效期三個月,續期成功,記錄一下過程。

服務器環境: CentOS7.6、Python2.7.5

第一步:在寶塔系統將網站的SSL停用,執行續期命令: /git/letsencrypt/certbot-auto certonly --renew-by-default --email xxx@qq.com -d abc.xxx.com

執行過程: 

Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Nginx Web Server plugin (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3

Input the webroot for lingshi.xinlz.net: (Enter 'c' to cancel): /mnt/vdb1/abc.xxx.com
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/abc.xxx.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/abc.xxx.com/privkey.pem
Your cert will expire on 2020-06-17. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

==================================================

 第二步: 檢查當前站點的Nginx配置中對證書的引用路徑是否正確

第三步:如更改過Nginx配置,則需重啟服務

service nginx restart

 

=========  部署成功  ==================================================

過程和原理簡單,但在實際實施過程,會遇到無限可能的不確定性導致失敗。下面簡章列出幾個遇到過的問題:

1. 續期命令執行時一直停留在 Installing Python packages...

 解決辦法:

vim ~/.pip/pip.conf

[global]
# index-url = https://pypi.doubanio.com/simple/
#index-url=https://pypi.tuna.tsinghua.edu.cn/simple/ #清華鏡像,網上99%的文章推薦這個網址,經多次測試未成功
index-url = http://mirrors.aliyun.com/pypi/simple/  #阿里雲,一次成功。

[install]
#trusted-host=pypi.doubanio.com
#trusted-host=pypi.huna.tsinghua.edu.cn
trusted-host=mirrors.aliyun.com 阿里雲

保存pip.conf 后重新執行續期命令即可。

 

2. 提示.well-known 403錯誤,目錄不可訪問。

解決方法:在Nginx配置中增加允許訪問設置:

location ~ /.well-known {
allow all;
}

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM