Lets-Encrypt- 更新报错

本文最后更新于:2020年11月22日 晚上

复制 粘贴 搜索 解决问题

前言

证书快过期了,我就去手动更新一下,结果报错了??没辙,只好想办法解决了。

正文

certbot-auto renew --renew-hook "sudo nginx -s reload"

利用上面的命令更新证书的时候遇到了下面这样的报错信息

Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
Attempting to renew cert (yikakia.com) from /etc/letsencrypt/renewal/yikakia.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/yikakia.com/fullchain.pem (failure)

这个时候我们就手动更新就好了

# 先到你放 letsencrypt 的地方 
cd ~/certbot

#  然后输入如下命令强制执行更新 
./letsencrypt-auto certonly --debug --force-renew -a manual -d yikakia.com

这个时候会出现下面这样的提示


Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for yikakia.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:

一大串英文与数字,作为文件的内容,用于验证你对这个网址的所有权

And make it available on your web server at this URL:

http://yikakia.com/.well-known/acme-challenge/ 一大串英文与数字

# 这里就是说让你在你的网站的目录下新建一个 /.well-known/acme-challeng/ 的文件夹,然后在里面放一个含有对应验证内容的文件。文件名也要是对应的才行。

现在放完了你测试下能不能获取到对应的内容就好了。如果可以的话,你就输入回车键开始验证吧。验证成功的话会出现下面这样的信息提示你验证成功了。

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   / 公钥储存的地址
   Your key file has been saved at:
   / 私钥储存的地址
   Your cert will expire on 2020-11-19. To obtain a new or tweaked
   version of this certificate in the future, simply run
   letsencrypt-auto again. To non-interactively renew *all* of your
   certificates, run "letsencrypt-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

参考

使用 Let’s Encrypt 给网站加上免费 HTTPS 证书 |Kyle’s Blog