我有一个api.mydomain.com形式的域,带有一个我要续签的letencrypt证书。
root@prod-app-1:/home/ninesalt# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: api.mydomain.com
Domains: api.mydomain.com
Expiry Date: 2019-06-17 11:25:52+00:00 (VALID: 27 days)
Certificate Path: /etc/letsencrypt/live/api.mydomain.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/api.mydomain.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
但是,当我尝试使用certbot renew进行续订时,出现此错误:
Attempting to renew cert (api.mydomain.com) from /etc/letsencrypt/renewal/api.mydomain.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/api.mydomain.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/api.mydomain.com/fullchain.pem (failure)
答案 0 :(得分:0)
使用 --manual(且没有身份验证挂钩)创建的证书无法自动续订。
这是因为它涉及您手动执行授权步骤,而 Certbot 无法在续订时自动重复。
通常您会希望使用手动验证器以外的验证器(例如--apache、--nginx、--webroot、--standalone),以便 Certbot 可以执行自动续订。
因此,您可能应该再次手动创建证书:
certbot certonly --manual -d xxx.com