证书没有到期续订,但模拟更新为空运行
问题描述:
我正在使用certbot-auto生成证书https作为我的域名。我用命令这样证书没有到期续订,但模拟更新为空运行
sudo ./certbot-auto
它的确定,但是当我再次证书使用命令
sudo ./certbot-auto renew --dry-run
它不能更新证书,并显示错误信息象下面这样:
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/example.asia.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for example.asia
tls-sni-01 challenge for www.example.asia
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0020_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0020_csr-certbot.pem
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/example.asia/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
请帮助我
答
您在您的问题sudo ./certbot-auto renew --dry-run
中运行的命令用于测试续订。正如你的日志所表明的,一切顺利,测试成功了。
当您希望更新证书时,运行sudo ./certbot-auto renew --quiet
将起作用。您可以在证书过期不到30天或已过期的情况下续签证书。
更多详细信息可在Certbot documentation和Certbot userguide中找到。
+0
非常感谢! ./certbot-auto renew - 安静不适合我。我使用sudo ./certbot-auto renew --force-renew是好的。但是当我使用crontab -e * 15 * * */certbot-auto更新--force-renew它有这样的错误:引导基于RedHat的操作系统的依赖关系... yum是/ usr/bin/yum 要使用Certbot,需要安装EPEL存储库中的软件包。 请启用此存储库并再次运行Certbot。如果知道解决方案,请帮助我 –
究竟是什么错误? '--dry-run'是为了模拟更新(它实际上并没有更新证书)。您似乎已于昨天更新了证书(星期三,2016年10月26日02:49:00),并且该证书在另外3个月内不会过期。要更新证书,您不会使用'--dry-run'选项。 –
我们用于更新的命令是什么?请告诉我 –
@AnandBhat,对不起,先生,我可以在到期3个月之前续证吗?过期3个月后我可以使用这个命令sudo ./certbot-auto renew --quiet for renew?可以吗? –