0

我已经开始 certbot 进程:

sudo certbot --nginx -d example.com -d www.example.com

但我忘记在“servernam”nginx 虚拟站点中添加“www.example.com”,例如 example.com

server { 
        (...)
        server_name example.com www.example.com;
        (...)
}

然后我得到了证书,但没有自动完成过程来用 ssl 配置我的 nginx

Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for examle.com
tls-sni-01 challenge for www.example.com
Cleaning up challenges
Cannot find a VirtualHost matching domain www.example.com. In order for Certbot to correctly perform the challenge please add a corresponding server_name directive to your nginx configuration: https://nginx.org/en/docs/http/server_names.html

IMPORTANT NOTES:
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

就像我刚刚写的:

cerbot --certonly --standalone -d example.com

因为我只有证书,现在 nginx 上的配置没问题,我可以再次启动该过程并覆盖所有旧值?Let's Encrypt Certificate Authority 是否有问题,再次为同一域调用新证书?解决办法是什么?再次全部删除,还是手动完成剩余的流程(nginx 配置)?

4

1 回答 1

0

cerbot 可以为已创建的域再次启动 ssl。就我而言,当域失败时,这是您第一次使用 certbot。Nginx 配置已更改但未完全更改,因此当您第二次尝试时,将完成并更新 nginx 配置。Certbot 只需更新域的配置,并注释它认为重复的旧行并插入新行,添加 Certbod 的 #manage,因此当您需要更新证书时,Cerbot 可以巧妙地更改这些行。

以我的 nginx 配置为例,第一次尝试,第二次:

if ($scheme != "https") {
    return 301 https://$host$request_uri;
} # managed by Certbot


# Redirect non-https traffic to https
# if ($scheme != "https") {
#     return 301 https://$host$request_uri;
# } # managed by Certbot
于 2017-11-17T04:51:30.283 回答