Today Gerber drop-off certificate expired,I have written beforeHow to add https support with letsencrypt to blog,And teach you to write a regular update service at the end of the article,So you do not own every three months to update the manual。
but,If your certificate to expire,So in fact letsencrypt robot will send you a reminder email,The general content like this:
Hello,
Your certificate (or certificates) for the names listed below will expire in
0 days (on 28 Oct 17 17:30 +0000). Please make sure to renew
your certificate before then, or visitors to your website will encounter errors.cnswift.org
logcg.com
www.cnswift.org
www.logcg.comFor any questions or support, please visit https://community.letsencrypt.org/.
Unfortunately, we can’t provide support by email.For details about when we send these emails, please visit
https://letsencrypt.org/docs/expiration-emails/. In particular, note
that this reminder email is still sent if you’ve obtained a slightly
different certificate by adding or removing names. If you’ve replaced
this certificate with a newer one that covers more or fewer names than
the list above, you may be able to ignore this message.
Since I own timing,I thought it was time to test before the certificate is signed ignored,really,Today a friend told me that there - you blog certificate has expired。
no way,To manually renewal,In any case the results are wrong。This time only to find,The original letsencrypt This tool has renamed,The new name is certbot。(/certbot)
This tool configuration simpler,More humane,There are a variety of direct plug-in server,Can automatic completion。
I was ubuntu,Here are ubuntu 16.04 Steps,Users of other versions of the system and you can come here to see the corresponding detailed tutorial:https://certbot.eff.org
The first is the installation tool:
|
1 2 3 4 5 |
apt update apt install software-properties-common add-apt-repository ppa:certbot/certbot apt update apt install python-certbot-nginx |
After installed can use the command to start the:
|
1 |
certbot --nginx |
No additional parameters of the,It will automatically get you back in nginx startup configuration file and get all the domain names can issue certificates,You only need to write according to a list of numbers,No. divided by spaces。
Then everything is done automatically ...... final will ask whether you want to configure a jump http https,Generally choose to automatically jump,It will help you complete the configuration。
This time the certificate was already in force ..................
Its that simple。
Same,In the crontab command to update the previous change it,Changed
certbot renew .。
The new setting automatic update method,certbot officially gives the script,Just copy and paste to execute:
|
1 |
SLEEPTIME=$(awk 'BEGIN{srand(); print int(rand()*(3600+1))}'); echo "0 0,12 * * * root sleep $SLEEPTIME && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null |
References
- letsencrypt tool into the certbot
- Nginx on Ubuntu 16.04 (great)
- certbot/certbot
- https://eff-certbot.readthedocs.io/en/stable/using.html#setting-up-automated-renewal
Original article written by Gerber drop-off:R0uter's Blog » letsencrypt tool renamed certbot
Reproduced Please keep the source and description link:https://www.logcg.com/archives/2921.html
I used to use –nginx
monochrome,certbot later abandoned –the nginx,
So we use
certbot --webroot --installer nginx --redirect --keep -d 域名
The
Looks like ages ago on a whim yo,I was stupid stupid certonly
Last August a thing,I have not received the message loud noise it ...... weeping
Brother - your e-mail alert hung up ~
Well, it seems natural?
what。not at all
It seems to be your domain name is pull the black qq mailbox? Others are normal mail sent out it ..................
Yeah I can not receive normal mail,Just tried it ......
Hell ...... I looked at here is the normal transmission log ...... emmm,Just not you。