无法使用 certbot 更新证书 renew/Letsencrypt
Cannot renew certificates with certbot renew/Letsencrypt
certbot 与 NGINX 一起用于创建证书。我们的生产构建、暂存构建和 jenkins 网络服务器在我们的服务器上只创建了一个证书。
当我 运行 更新 certbot 时一切正常,直到它尝试挑战 jenkins 服务器。我收到以下错误
Attempting to renew cert (my.domain) from /etc/letsencrypt/renewal/my.domain.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Select the webroot for jenkins.my.domain:
Choices: ['Enter a new webroot']
(You can set this with the --webroot-path flag). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/my.domain/mykey.pem (failure)
我不确定 jenkins webroot 的位置,但我认为这不像将它添加到 webroot 底部的我的 letsencrypt conf 文件那么简单,或者也许就是这样。无论哪种方式,任何帮助表示赞赏! :)
--webroot-path 是应该可以使用您的域名通过 http 访问的路径。这是在您第一次在续订时获得证书时提供的,无需明确提供。我认为更新配置文件可能有问题。
When a certificate is issued, by default Certbot creates a renewal configuration file that tracks the options that were selected when Certbot was run. This allows Certbot to use those same options again when it comes time for renewal.
https://certbot.eff.org/docs/using.html#modifying-the-renewal-configuration-file
我建议尝试生成新证书而不是续订。这将更正续订配置文件。
certbot 与 NGINX 一起用于创建证书。我们的生产构建、暂存构建和 jenkins 网络服务器在我们的服务器上只创建了一个证书。
当我 运行 更新 certbot 时一切正常,直到它尝试挑战 jenkins 服务器。我收到以下错误
Attempting to renew cert (my.domain) from /etc/letsencrypt/renewal/my.domain.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Select the webroot for jenkins.my.domain:
Choices: ['Enter a new webroot']
(You can set this with the --webroot-path flag). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/my.domain/mykey.pem (failure)
我不确定 jenkins webroot 的位置,但我认为这不像将它添加到 webroot 底部的我的 letsencrypt conf 文件那么简单,或者也许就是这样。无论哪种方式,任何帮助表示赞赏! :)
--webroot-path 是应该可以使用您的域名通过 http 访问的路径。这是在您第一次在续订时获得证书时提供的,无需明确提供。我认为更新配置文件可能有问题。
When a certificate is issued, by default Certbot creates a renewal configuration file that tracks the options that were selected when Certbot was run. This allows Certbot to use those same options again when it comes time for renewal.
https://certbot.eff.org/docs/using.html#modifying-the-renewal-configuration-file
我建议尝试生成新证书而不是续订。这将更正续订配置文件。