重新处理 ssl certbot ,当别名域失败但生成证书时,没有模式 certonly
reprocess ssl certbot , when a alias domain fails but certificate is generated, no mode certonly
我已经启动了 certbot 进程:
sudo certbot --nginx -d example.com -d www.example.com
但我忘记在 'servernam' nginx 虚拟站点中为 example.com
添加 'www.example.com'
server {
(...)
server_name example.com www.example.com;
(...)
}
然后我得到了证书,但没有自动完成过程来使用 ssl 配置我的 nginx
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for examle.com
tls-sni-01 challenge for www.example.com
Cleaning up challenges
Cannot find a VirtualHost matching domain www.example.com. In order for Certbot to correctly perform the challenge please add a corresponding server_name directive to your nginx configuration: https://nginx.org/en/docs/http/server_names.html
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
就像我刚刚写的:
cerbot --certonly --standalone -d example.com
因为我只有证书,现在 nginx 上的配置没问题,我可以再次启动该过程并覆盖所有旧值? Let's Encrypt Certificate Authority 是否有问题,再次为同一域调用新证书?解决办法是什么?再次全部删除,或手动完成其余过程(nginx 配置)?
cerbot 可以为已创建的域再次启动 ssl。在我的例子中,当域失败时,这是你第一次使用 certbot。 Nginx 配置已更改但未完全更改,因此当您第二次尝试时将完成并更新 nginx 配置。 Certbot 只是更新域的配置,注释它认为重复的旧行并插入新行,由 Certbod 添加 #manage,因此当您需要更新证书时,Cerbot 可以巧妙地更改行。
以我的 nginx 配置为例,第一次尝试,第二次尝试:
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
# Redirect non-https traffic to https
# if ($scheme != "https") {
# return 301 https://$host$request_uri;
# } # managed by Certbot
我已经启动了 certbot 进程:
sudo certbot --nginx -d example.com -d www.example.com
但我忘记在 'servernam' nginx 虚拟站点中为 example.com
添加 'www.example.com'server {
(...)
server_name example.com www.example.com;
(...)
}
然后我得到了证书,但没有自动完成过程来使用 ssl 配置我的 nginx
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for examle.com
tls-sni-01 challenge for www.example.com
Cleaning up challenges
Cannot find a VirtualHost matching domain www.example.com. In order for Certbot to correctly perform the challenge please add a corresponding server_name directive to your nginx configuration: https://nginx.org/en/docs/http/server_names.html
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
就像我刚刚写的:
cerbot --certonly --standalone -d example.com
因为我只有证书,现在 nginx 上的配置没问题,我可以再次启动该过程并覆盖所有旧值? Let's Encrypt Certificate Authority 是否有问题,再次为同一域调用新证书?解决办法是什么?再次全部删除,或手动完成其余过程(nginx 配置)?
cerbot 可以为已创建的域再次启动 ssl。在我的例子中,当域失败时,这是你第一次使用 certbot。 Nginx 配置已更改但未完全更改,因此当您第二次尝试时将完成并更新 nginx 配置。 Certbot 只是更新域的配置,注释它认为重复的旧行并插入新行,由 Certbod 添加 #manage,因此当您需要更新证书时,Cerbot 可以巧妙地更改行。
以我的 nginx 配置为例,第一次尝试,第二次尝试:
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
# Redirect non-https traffic to https
# if ($scheme != "https") {
# return 301 https://$host$request_uri;
# } # managed by Certbot