certbot是专门为Let’s encrypt制作的一个管理证书工具,可以通过它来生成证书管理更新Let’s encrypt证书。
安装
- Installing snap on CentOS
1
2
3
4yum install epel-release
yum install snapd
systemctl enable --now snapd.socket
ln -s /var/lib/snapd/snap /snap
1 | snap install core |
1 | yum remove certbot |
Install Certbot
1
2snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbotRun Certbot
1
certbot certonly --standalone
Automatic Renewal(nginx服务 80端口)
1
2
3
4
5
6
7sh -c 'printf "#!/bin/sh\nsystemctl stop nginx\n" > /etc/letsencrypt/renewal-hooks/pre/nginx.sh'
sh -c 'printf "#!/bin/sh\nsystemctl start nginx\n" > /etc/letsencrypt/renewal-hooks/post/nginx.sh'
chmod 755 /etc/letsencrypt/renewal-hooks/pre/nginx.sh
chmod 755 /etc/letsencrypt/renewal-hooks/post/nginx.sh
crontab -e
0 6 1 * * /usr/bin/crontab renew > /dev/null 2>&1 &
安装(已过期)
下载
1
wget https://dl.eff.org/certbot-auto
安装
1
2mv certbot-auto /usr/local/bin/certbot-auto
chmod a+x /usr/local/bin/certbot-auto生成证书
1
certbot-auto certonly --standalone -d www.themismin.com --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
设置自动更新
1
2# 每两个月2号4点16分 域名证书更新
16 4 2 */2 * /usr/local/bin/certbot-auto renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" > /dev/null 2>&1 &
问题1
OCSP check failed
OSCP 无法访问
1 | 在/etc/hosts中添加 |
