gpt4 book ai didi

ssl - certbot 不更新证书

转载 作者:行者123 更新时间:2023-12-04 22:37:59 26 4
gpt4 key购买 nike

我有一个 api.mydomain.com 形式的域使用我正在尝试更新的 Letsencrypt 证书。

root@prod-app-1:/home/ninesalt# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: api.mydomain.com
Domains: api.mydomain.com
Expiry Date: 2019-06-17 11:25:52+00:00 (VALID: 27 days)
Certificate Path: /etc/letsencrypt/live/api.mydomain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/api.mydomain.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

但是,当我尝试使用 certbot renew 更新它时我收到此错误:
Attempting to renew cert (api.mydomain.com) from /etc/letsencrypt/renewal/api.mydomain.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/api.mydomain.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/api.mydomain.com/fullchain.pem (failure)

最佳答案

使用 --manual 创建的证书(并且没有身份验证 Hook )无法自动更新。
这是因为它涉及您手动执行授权步骤,这不是 Certbot 可以在续订时自动重复的操作。
通常您会希望使用手动验证器以外的验证器(例如 --apache、--nginx、--webroot、--standalone),以便 Certbot 执行自动更新。
因此,您可能应该再次手动创建证书:

certbot certonly --manual -d xxx.com

关于ssl - certbot 不更新证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56224101/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com