我已经通过以下方式启动了certbot流程:
sudo certbot --nginx -d example.com -d www.example.com
但我忘了添加www.example.com'在' servernam'适用于example.com的nginx virtualsite
server {
(...)
server_name example.com www.example.com;
(...)
}
然后我获得了证书,但没有使用ssl配置我的nginx的自动complet过程
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for examle.com
tls-sni-01 challenge for www.example.com
Cleaning up challenges
Cannot find a VirtualHost matching domain www.example.com. In order for Certbot to correctly perform the challenge please add a corresponding server_name directive to your nginx configuration: https://nginx.org/en/docs/http/server_names.html
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
就像我写的那样:
cerbot --certonly --standalone -d example.com
因为我只有证书,现在nginx上的配置没关系,我可以再次查看该过程并覆盖所有旧值吗?让我们的加密证书颁发机构出现问题,再次为同一个域调用新证书?解决办法是什么?再次删除所有,或手动完成剩余的进程(nginx配置)?
答案 0 :(得分:0)
cerbot可以再次启动已创建的域的ssl。在我的情况下,域名失败,并且它是您第一次使用certbot。 Nginx配置已更改但不完全,因此当您第二次尝试complet并更新nginx配置时。 Certbot只是更新域的配置,并注释它认为重复的旧行并插入新的行,由Certbod添加#manage,因此当您需要翻新证书时,Cerbot可以巧妙地改变行。
示例我的nginx配置,第一次尝试,第二次:
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
# Redirect non-https traffic to https
# if ($scheme != "https") {
# return 301 https://$host$request_uri;
# } # managed by Certbot