正常Let’sEncrypt的免费SSL证书续签 步骤 就是先停nginx服务,然后续签操作,在服务器上即:
service nginx stop
/www/server/panel/certbot-auto renew 最后在启动nginx => service nginx start
但是这个一直报错,
主要错误是:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Attempting to renew cert (xxx.cn) from /etc/letsencrypt/renewal/xxx.cn.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/xxx.cn/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
最终解决:
1.先 /www/server/panel/certbot-auto certonly --standalone -d xxx.cn
(2. 然后 /www/server/panel/certbot-auto renew --force-renew --no-self-upgrade (不用force 强制更新的话无法更新,还是有错,这一步可有可无))
最后 用1生成的新的 fullchain.pem 和privkey.pem 替换原来旧的,即可
cp /etc/letsencrypt/live/xxx.cn-0001/fullchain.pem /etc/letsencrypt/live/xxx.cn/fullchain.pem
cp /etc/letsencrypt/live/xxx.cn-0001/privkey.pem /etc/letsencrypt/live/xxx.cn/privkey.pem
可以看到续签到11月18号了
将此记录下来,与大家分享。