当前我的certbot无法更新,因为其中一个子域不再有效:unneededsubdomain.foo.co.uk
和www.unneededsubdomain.foo.co.uk
。
这是因为我已删除域记录,因为不再需要将其链接到此服务器。但是,我仍然想为所有其他子域续订证书,例如:foo.co.uk
www.foo.co.uk
和api.foo.co.uk
。
这与我运行certbot renew
时的输出类似:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/foo.co.uk-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/foo.co.uk.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for unneededsubdomain.foo.co.uk
http-01 challenge for www.unneededsubdomain.foo.co.uk
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (foo.co.uk) from /etc/letsencrypt/renewal/foo.co.uk.conf produced an unexpected error: Failed authorization procedure. www.unneededsubdomain.foo.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from ... :: The client lacks sufficient authorization :: Invalid response from .... Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/foo.co.uk/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certs are not due for renewal yet:
/etc/letsencrypt/live/foo.co.uk-0001/fullchain.pem expires on 2019-07-06 (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/foo.co.uk/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.unneededsubdomain.foo.co.uk
Type: unauthorized
Detail: Invalid response from
...
Domain: unneededsubdomain.foo.co.uk
Type: unauthorized
Detail: Invalid response from
...
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
如您所见,续订失败,因为它尝试续订不再需要的证书。在没有此不需要的子域的情况下,如何成功续订证书?
(注意:foo.co.uk当然不是我的实际网站。我只是将其替换为虚拟名称)