certbot不续订证书

时间:2019-05-20 15:34:43

标签: ssl lets-encrypt certbot

我有一个api.mydomain.com形式的域,带有一个我要续签的letencrypt证书。

root@prod-app-1:/home/ninesalt# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: api.mydomain.com
    Domains: api.mydomain.com
    Expiry Date: 2019-06-17 11:25:52+00:00 (VALID: 27 days)
    Certificate Path: /etc/letsencrypt/live/api.mydomain.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/api.mydomain.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

但是,当我尝试使用certbot renew进行续订时,出现此错误:

Attempting to renew cert (api.mydomain.com) from /etc/letsencrypt/renewal/api.mydomain.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/api.mydomain.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/api.mydomain.com/fullchain.pem (failure)

1 个答案:

答案 0 :(得分:0)

使用 --manual(且没有身份验证挂钩)创建的证书无法自动续订。

这是因为它涉及您手动执行授权步骤,而 Certbot 无法在续订时自动重复。

通常您会希望使用手动验证器以外的验证器(例如--apache、--nginx、--webroot、--standalone),以便 Certbot 可以执行自动续订。

因此,您可能应该再次手动创建证书:

certbot certonly --manual -d xxx.com