最近接到邮件,说自己SSL证书将于10日内过期,于是赶紧续期。renew.
使用 letsencrypt 官方推荐的客户端 Certbot 完成操作。
下载该工具,根据各自的系统和包管理器,下载安装。
由于我的系统比较老,所以下载了 binary 文件。
给了执行权限,继续操作。
续期成功,其实我感觉是重新生成了一份新的。
查看证书存放地址:
现在要做的就是删除老的快过期的证书,然后用新生成的替换掉它,重启WEB SERVER即可。
搞定!!!!
关于 Certbot 的用法参数说明,参见:
https://certbot.eff.org/docs/using.html#certbot-command-line-options
https://certbot.eff.org/ Certbot 官网
https://letsencrypt.org/docs/client-options/ Certbot 其他变种
使用 letsencrypt 官方推荐的客户端 Certbot 完成操作。
下载该工具,根据各自的系统和包管理器,下载安装。
由于我的系统比较老,所以下载了 binary 文件。
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
给了执行权限,继续操作。
[root@xzx ~]# ./certbot-auto certonly --force-renewal -d xiazhengxin.name --no-self-upgrade
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed to find executable apachectl in PATH: /opt/lighttpd/sbin:/opt/php/sbin:/opt/php/bin:/opt/mysql/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Place files in webroot directory (webroot)
2: Spin up a temporary webserver (standalone)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for xiazhengxin.name
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/xiazhengxin.name/fullchain.pem. Your cert
will expire on 2017-07-13. To obtain a new or tweaked version of
this certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
续期成功,其实我感觉是重新生成了一份新的。
查看证书存放地址:
[root@xzx ~]# ./certbot-auto certificates --force-renewal -d xiazhengxin.name --no-self-upgrade
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Found the following matching certs:
Certificate Name: xiazhengxin.name
Domains: xiazhengxin.name
Expiry Date: 2017-07-13 09:26:00+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/xiazhengxin.name/fullchain.pem
Private Key Path: /etc/letsencrypt/live/xiazhengxin.name/privkey.pem
-------------------------------------------------------------------------------
现在要做的就是删除老的快过期的证书,然后用新生成的替换掉它,重启WEB SERVER即可。
[root@xzx ~]# cp /etc/letsencrypt/live/xiazhengxin.name/fullchain.pem /home/http/blog_xiazhengxin_name/ssl.pem
[root@xzx ~]# cat /etc/letsencrypt/live/xiazhengxin.name/privkey.pem >> /home/http/blog_xiazhengxin_name/ssl.pem
搞定!!!!
关于 Certbot 的用法参数说明,参见:
https://certbot.eff.org/docs/using.html#certbot-command-line-options
https://certbot.eff.org/ Certbot 官网
https://letsencrypt.org/docs/client-options/ Certbot 其他变种