让我们来写一份有关Let’Encrypt更新工作的备忘录
背景是指某个事件或事物发生的环境或前提。
第一次面临Let’sEncrypt证书更新的时候,我一直担心会有困难。但是出乎意料的是,结果却很容易搞定,因此我想把这个过程记录下来。
环境
-
- Apache2.4
-
- CentOS
- ドメインは取得・設定済み
停止Apache
据说如果不停止Apache,会出错。
在服务器的终端上输入以下命令,暂时停止Apache。
apachectl stop
在测试环境中尝试更新Let’Encrypt证书。
使用Let’s Encrypt证书时存在严格的速率限制,如果持续出现错误等问题,可能会导致一段时间内无法进行操作,因此建议在末尾加上“–dry-run”进行测试环境的试用。
sudo certbot renew --dry-run
如果按此方法进行,会显示如下结果。如果最后显示“success”则表示成功!
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/(ドメイン名).conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Account registered.
Simulating renewal of an existing certificate for (ドメイン名)
Performing the following challenges:
http-01 challenge for (ドメイン名)
Error while running apachectl graceful.
Job for httpd.service invalid.
Unable to restart apache using ['apachectl', 'graceful']
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/(ドメイン名)/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/(ドメイン名)/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
在生产环境中进行更新
经过在测试环境中确认可以执行的操作后,将删除“–dry-run”并在生产环境中执行。
sudo certbot renew
如果你也听到了“成功”这个词,那就意味着成功了!
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/(ドメイン名).conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate for (ドメイン名)
Performing the following challenges:
http-01 challenge for (ドメイン名)
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/(ドメイン名)/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded:
/etc/letsencrypt/live/(ドメイン名)/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
重新启动Apache
先将停止的Apache重新启动。
apachectl restart
请使用浏览器访问以确认是否可以进行操作。
如果在浏览器中访问应用程序,并且出现了https,则表示一切正常。
最后
我也是初学者,对许多部分还不了解。
如果有注意到的地方,请告诉我,我会非常感激!
我参考了以下网站:
https://it-jog.com/khow/serv/renewletsencrypt
