1

我使用letsencrypt生成带有独立选项的SSL证书,然后我成功生成了一个SSL证书。

我去 AWS 负载均衡器在端口 433 上配置了一个监听器,并使用我之前生成的 SSL 证书在这种弹出窗口中导入:

在此处输入图像描述

然后一切正常,现在我想更新这个 SSL 证书。我按照此说明更新了我的证书。

我试过了:

./certbot-auto renew --standalone

=> Checking for new version...
Requesting root privileges to run certbot...
   /root/.local/share/letsencrypt/bin/letsencrypt renew --standalone
No renewals were attempted.

或者再次获取证书./certbot-auto certonly --standalone

Failed authorization procedure. www.atoha.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested ef39667c9d782884f8157f30f3e85e81.fb4436208f9bc7c8bdeb19356bb090f2.acme.invalid from 54.179.140.152:443. Received certificate containing 'www.my_domain.com'

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.my_domain.com
   Type:   unauthorized
   Detail: Incorrect validation certificate for TLS-SNI-01 challenge.
   Requested ef39667c9d782884f8157f30f3e85e81.fb4436208f9bc7c8bdeb1935
   6bb090f2.acme.invalid from 54.179.140.152:443. Received certificate
   containing 'www.my_domain.com'

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

这意味着我的证书之前是正确生成的,现在我想知道如何更新它,因为它快过期了!

谢谢!

4

2 回答 2

1

你可以试试这个:

bash /opt/letsencrypt/letsencrypt-auto -t --renew-by-default --server https://acme-v01.api.letsencrypt.org/directory certonly --agree-tos --email 'your@email.com' --webroot --webroot-path 'yourwebdirectory_publichtml' -d yourdomain.com -d www.yourdomain.com

where /opt/letsencrypt/= 你的letsencrypt目录位置

然后将 .pem 的文件内容放置(复制粘贴)到您的 aws elb(我通常在 linux 中使用 cat):

  • 私钥---> privkey.pem

  • 公钥证书---> fullchain.pem

  • 证书链--->不需要填写这个

于 2016-07-31T08:55:53.823 回答
0

我使用https://github.com/alex/letsencrypt-aws自动处理 AWS 上的自动续订。它目前唯一没有做的就是删除旧证书。

于 2017-01-26T08:51:03.370 回答