我运行"certbot delete --cert-name"。重启 Nginx 失败
I ran "certbot delete --cert-name". Failed to restart Nginx
环境
・Nginx
・ 中央操作系统 7
・ Certbot 0.31.0
$ sudo certbot delete --cert-name a.example.com
$ nginx -t
2019/04/13 01:19:30 [emerg] 10189 # 10189: BIO_new_file ("/ etc /
letsencrypt / live / a.example.com / fullchain.pem") failed (SSL :
error: 0200100D: system library: fopen: Permission denied: fopen
('/etc/letsencrypt/live/a.example.com/fullchain.pem', 'r') error:
2006D002: BIO routines: BIO_new_file: system lib) nginx: configuration
file /etc/nginx/nginx.conf test failed
$ sudo less /var/log/letsencrypt/letsencrypt.log
FailedChallenges: Failed authorization procedure. A.example.com
(http-01): urn: ietf: params: acme: error: connection :: The server
could not connect to the client to verify the domain :: Fetching http:
// a .example.com / .well-known / acme-challenge / xxxx: Connection
refused
你为什么要尝试读取证书,虽然它应该已经被删除了?
如何启动 Nginx?
您只从 letsencrypt 路径中删除了 SSL 证书。
但它不会从 nginx 配置(在虚拟主机中)中删除 SSL 配置。
编辑你的 nginx 配置,这个证书在哪里使用。
环境 ・Nginx ・ 中央操作系统 7 ・ Certbot 0.31.0
$ sudo certbot delete --cert-name a.example.com
$ nginx -t
2019/04/13 01:19:30 [emerg] 10189 # 10189: BIO_new_file ("/ etc / letsencrypt / live / a.example.com / fullchain.pem") failed (SSL : error: 0200100D: system library: fopen: Permission denied: fopen ('/etc/letsencrypt/live/a.example.com/fullchain.pem', 'r') error: 2006D002: BIO routines: BIO_new_file: system lib) nginx: configuration file /etc/nginx/nginx.conf test failed
$ sudo less /var/log/letsencrypt/letsencrypt.log
FailedChallenges: Failed authorization procedure. A.example.com (http-01): urn: ietf: params: acme: error: connection :: The server could not connect to the client to verify the domain :: Fetching http: // a .example.com / .well-known / acme-challenge / xxxx: Connection refused
你为什么要尝试读取证书,虽然它应该已经被删除了? 如何启动 Nginx?
您只从 letsencrypt 路径中删除了 SSL 证书。
但它不会从 nginx 配置(在虚拟主机中)中删除 SSL 配置。
编辑你的 nginx 配置,这个证书在哪里使用。