我需要知道我的证书存在“不安全”问题的确切原因。我不是很精通这项技术,所以不确定要检查什么。这是我尝试重新运行脚本时收到的消息:
/certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d mwosa.com -d www.mwosa.com
Requesting to rerun ./certbot-auto with root privileges...
./certbot-auto has insecure permissions!
To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/
Upgrading certbot-auto 0.39.0 to 1.2.0...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mwosa.com
http-01 challenge for www.mwosa.com
Using the webroot path /opt/bitnami/apps/wordpress/htdocs for all unmatched domains.
Waiting for verification...
Cleaning up challenges
答案 0 :(得分:1)
这看起来像是一条权限消息,可能是letsencrypt文件夹需要写保护,包含certbot-auto的目录路径(包括在certbot-auto的绝对路径中访问的每个目录)不允许写低特权用户。您可以在Certbot-auto deployment best practices中按照说明解决此问题。
如果您必须对/ opt拥有写权限,那么任何人都可以这样做:
mv /opt/letsencrypt /opt/somethingelse
mkdir /opt/letsencrypt
echo 'echo owned >> /root/owned' > /opt/letsencrypt/letsencrypt-auto
chmod -R a+x /opt/letsencrypt
,它将在下次cronjob根用户以root特权运行letencrypt-auto时触发。