letsencrypt certbot https自动续期配置

环境certos7

nginx

 

来此加密快速开始文档

https://letsencrypt.org/zh-cn/getting-started/

 

先安装好snap

https://snapcraft.io/docs/installing-snap-on-centos

 

yum install epel-release
yum install snapd
systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap

 

 

 

再按照如下教程安装certbot自动获取

https://certbot.eff.org/lets-encrypt/centosrhel7-nginx

sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

 

 

上面两步已经安装完 下面开始拉证书

sudo certbot --nginx
sudo certbot certonly --nginx

 

 

证书有效期是3个月 自动任务每3月续期一次

crontab -e
0 0 1 3,6,9,12 * sh /root/renewHttpsCert.sh

 

 

renewHttpsCert.sh内容

sudo certbot renew --force-renewal

 

 

异常情况：

Detail: Fetching http://domain/.well-known/acme-challenge/EueWlS27qFXsigK43xQ6Cb46v339iBZVU3JUgnU4yiE: Error getting validation data

The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

如果验证挑战文件失败 则需要手动安装

certbot certonly --manual

 

然后会手动生成一个验证串和一个文件内容

需要在 webroot/.well-known/acme-challenge 文件夹下生成一个文件 把生成的验证内容放入文件 然后验证即可生成证书。然后手动放入nginx配置 中

webroot/.well-known/acme-challenge