使用certbot-auto手动更新Let's Encrypt的SSL数字证书

By 大伟哥 |

国庆节期间大伟哥在做新的网站,所以博客好几天没有更新了。今天看到阿里云ECS上两个网站的SSL安全证书还有不到一周就要到期了,那就花几分钟更新一下数字证书吧,Let‘s Encrypt的免费证书认可度比较高,就是有效期比较短,只有90天,不像收费的那些安装好了一年不用管它。看来以后有空要设置一下自动更新了。

大伟哥在这台阿里云ECS上是使用 Certbot-auto工具申请管理Let’s Encrypt的SSL证书的,以下步骤以 Certbot-auto为例,估计certbot也一样:

1. 首先使用certbot-auto certificates命令看一下之前安装的安全证书的情况,很长时间不关注,有些忘了当时安装的证书名称和位置了:

daweibro@aliyunecs:~$ ./certbot-auto certificates
Upgrading certbot-auto 0.16.0 to 0.19.0...
Replacing certbot-auto...
[sudo] password for david: 
Requesting to rerun ./certbot-auto with root privileges...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/xxx-xxxx.cn-0001.conf produced an unexpected error: 
expected /etc/letsencrypt/live/xxx-xxxx.cn-0001/cert.pem to be a symlink. Skipping.

-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: daweibro.com
    Domains: daweibro.com www.daweibro.com
    Expiry Date: 2017-10-15 04:15:00+00:00 (VALID: 6 days)
    Certificate Path: /etc/letsencrypt/live/daweibro.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/daweibro.com/privkey.pem
  Certificate Name: xxx-xxxx.cn
    Domains: xxxx-xxxx.cn www.xxx-xxxx.cn
    Expiry Date: 2017-10-15 03:38:00+00:00 (VALID: 6 days)
    Certificate Path: /etc/letsencrypt/live/xxx-xxxx.cn/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/xxx-xxxx.cn/privkey.pem

The following renewal configuration files were invalid:
  /etc/letsencrypt/renewal/xxx-xxxx.cn-0001.conf
-------------------------------------------------------------------------------

Certbot-auto每次运行都要检查有没有最新版本,如果有新版本的话,就会自动升级,这次就由0.16.0升级到了0.19.0,升级过程用了不少时间。然后就是找到了两个有效的证书,证书名称、有效期和文件位置都告诉我们了。还有一个之前安装的,已经废弃不用,不去管它了。

2. 使用certbot-auto renew正式更新两个证书:

daweibro@aliyunecs:~$ ./certbot-auto renew

更新很顺利,后面信息太多,就不复制了,总之没有问题。

3.更新后的SSL证书信息可以用第一步的certbot-auto certificates查看,也可以在浏览器下直接查看有效期是否成功延长到三个月以后了:

daweibro@aliyunecs:~$ ./certbot-auto certificates
Requesting to rerun ./certbot-auto with root privileges...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/xxx-xxxx.cn-0001.conf produced an unexpected error: 
expected /etc/letsencrypt/live/xxx-xxxx.cn-0001/cert.pem to be a symlink. Skipping.

-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: daweibro.com
    Domains: daweibro.com www.daweibro.com
    Expiry Date: 2018-01-07 00:37:41+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/daweibro.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/daweibro.com/privkey.pem
  Certificate Name: xxx-xxxx.cn
    Domains: xxx-xxxx.cn www.xxx-xxxx.cn
    Expiry Date: 2018-01-07 00:37:59+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/xxx-xxxx.cn/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/xxx-xxxx.cn/privkey.pem

The following renewal configuration files were invalid:
  /etc/letsencrypt/renewal/xxx-xxxx.cn-0001.conf
-------------------------------------------------------------------------------
网站建设
SSL

评论

添加新评论

此字段内容将保密,不会被其他人看见。
关于文本格式
  • 不允许使用HTML标签。
CAPTCHA
1 + 12 =
计算出这道简单的算术题并键入答案。例如、1+3,就输入 4。
发布评论前,请通过下面的验证,以免被当作垃圾评论机器人屏蔽。