怎样续期Let’s Encrypt免费证书?

今天用浏览器打开网页提示不安全,原来是域名的ssl证书到期了,之前一直用的是Let’s Encrypt的免费证书(请参考文章“Linux系统下配置nginx启用Let’s encrypt的免费SSL证书”),只有3个月的使用期,到期后要手动续期的,之前一直有收到邮件提示,但没管它,现在出现红色警告了,必须马上更新证书才行,具体步骤如下:

SSH进服务器,执行如下命令:

[email protected]:~# /webdirectory/letsencrypt/certbot-auto renew –quiet –no-self-upgrade

这时,若提示如下错误信息:

Attempting to renew cert (www.itkylin.com) from /etc/letsencrypt/renewal/www.itkylin.com.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6.. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/www.itkylin.com/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s)

暂时停止nginx监听80、443端口:

[email protected]:~# service nginx stop

重新执行更新命令:

[email protected]:~# /webdirectory/letsencrypt/certbot-auto renew –quiet –no-self-upgrade

重新启动nginx服务:

[email protected]:~# service nginx start

OK,打开浏览器输入网址打开网页,小绿伞又出来了,查看信息三个月后到期,为了防止下次又忘记续期,可以写个小脚本定时执行:

三个月早忘了这事了,所以还是写个脚本放crontab让它自动更新吧:

[email protected]:~#chmod +x /webdirectory/letsencrypt/certbot-auto [email protected]:~#vi /webdirectory/letsencrypt/sslrenew.sh #!/bin/sh /webdirectory/letsencrypt/certbot-auto renew –quiet –no-self-upgrade :wq! [email protected]:~#chmod +x /webdirectory/letsencrypt/sslrenew.sh

Certbot只有在证书到期前一个月才会进行更新,如果证书还没到期,它是不会进行更新的。所以设定让服务器每周日凌晨01:05分开始自动更新。

[email protected]:~#vi /etc/crontab 05 1 * * 0 /webdirectory/letsencrypt/sslrenew.sh
:wq!

上一篇: