Letsencrypt 日志中的证书

时间:2021-05-17 18:17:41

标签: security ssl logging lets-encrypt certbot

我已将 certbot 配置为生成和更新 SSL 证书。现在我将日志连接到外部聚合器,我意识到普通证书已打印在 /var/log/letsencrypt/ 的日志文件中。 如果我尝试试运行 sudo certbot renew --dry-run,我可以在日志中找到以下内容:

HTTP 200
Server: nginx
Date: Mon, 17 May 2021 17:03:10 GMT
Content-Type: application/pem-certificate-chain
Content-Length: 5763
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-staging-v02.api.letsencrypt.org/acme/cert/fad1c71f16bfd3347724907fb0fcaa101f8b/1>;rel="alternate"
Replay-Nonce: 0003YhKZdyLxPhNwsq5shqbKFhpxBsPqyL__TDJMSCf5DXs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

这是否只发生在试运行中? 如果不是,这似乎是 certbot 的工作方式,但这是一种安全的做法吗?

0 个答案:

没有答案
相关问题
最新问题