更新让我们加密certbot无法正常工作

时间:2017-02-02 01:05:34

标签: lets-encrypt certbot

我正在尝试使用certbot更新最近过期的证书(原始证书也是通过certbot生成的)。但是,更新命令不起作用:

sudo ./certbot-auto renew --quiet --no-self-upgrade
Use of --agree-dev-preview is deprecated.
Use of --agree-dev-preview is deprecated.
Attempting to renew cert from /etc/letsencrypt/renewal/www.removed.com.conf produced an unexpected error: <Response [404]>. Skipping.
Attempting to renew cert from /etc/letsencrypt/renewal/www.removed.com-0001.conf produced an unexpected error: <Response [404]>. Skipping.
Attempting to renew cert from /etc/letsencrypt/renewal/removed.com.conf produced an unexpected error: <Response [404]>. Skipping.

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/www.removed.com/fullchain.pem (failure)
  /etc/letsencrypt/live/www.removed.com-0001/fullchain.pem (failure)
  /etc/letsencrypt/live/removed.com/fullchain.pem (failure)

certbot日志具有以下输出:

Traceback (most recent call last):
  File "/home/test/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/home/test/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 861, in main
    args = cli.prepare_and_parse_args(plugins, cli_args)
  File "/home/test/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py", line 1074, in prepare_and_parse_args
    return helpful.parse_args()
  File "/home/test/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py", line 551, in parse_args
    self.set_test_server(parsed_args)
  File "/home/test/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/cli.py", line 568, in set_test_server
    " and ".join(conflicts)))
Error: --server value conflicts with --dry-run

有关解决此问题的任何想法?我试过以root身份运行上面的update命令。我已经停止了nginx以防它干扰了这个过程。

1 个答案:

答案 0 :(得分:0)

基于使用ACME-v02 API(支持通配符证书的API)的较新版本的certbot的代码,似乎对于--dry-run选项,唯一接受的服务器值是新的分段端点

...        
def set_test_server(self, parsed_args):
    """We have --staging/--dry-run; perform sanity check and set config.server"""

    if parsed_args.server not in (flag_default("server"), constants.STAGING_URI):
        conflicts = ["--staging"] if parsed_args.staging else []
        conflicts += ["--dry-run"] if parsed_args.dry_run else []
        raise errors.Error("--server value conflicts with {0}".format(
            " and ".join(conflicts)))

        parsed_args.server = constants.STAGING_URI
...

和constants.py文件的代码

...
STAGING_URI = "https://acme-staging-v02.api.letsencrypt.org/directory"
...

理论上解决问题你可以:

  1. 指定登台服务器端点
  2. 创建/编辑/etc/letsencrypt/cli.ini并在其中包含服务器选项,而不是在命令中指定它
  3. 使用有效的服务器选项值在任意位置创建配置文件,并将其作为--config /path/yourconfig.ini或-c /path/yourconfig.ini
    4. 传递给命令

    LINKS:

    P.S。:我说理论上是因为那些不适合我的人

相关问题
最新问题