发布于2018年2月6日2018年2月6日 由hehaiboLet’s Encrypt 网站启用HTTPS更新 1 历史更新 之前参考是 酷壳 陈皓大牛的文章 如何免费的让网站启用HTTPS 2 现在官网的证书安装有更新上述，参考如下 https://github.com/certbot/certbot/issues/5405#issuecomment-356498627 Unfortunately, Let’s Encrypt has stopped offering the mechanism that Certbot’s Apache and Nginx plugins use to prove you control a domain due to a security issue. See https://community.letsencrypt.org/t/2018-01-11-update-regarding-acme-tls-sn i-and-shared-hosting-infrastructure/50188 for more info. We are planning on releasing a new version of Certbot in the next few days that works around this but if you have to obtain/renew your cert and cannot wait, you have a couple of options. If you’re serving files for that domain out of a directory on that server, you can run the following command: sudo certbot --authenticator webroot --installer nginx If you’re not serving files out of a directory on the server, you can temporarily stop your server while you obtain the certificate and restart it after Certbot has obtained the certificate. This would look like: sudo certbot --authenticator standalone --installer nginx --pre-hook "service nginx stop" --post-hook "service nginx start" These hooks will cause Certbot to automatically stop your server to obtain certificates and then start it again. After running a command like this once, Certbot will remember your settings so certbot renew will work in the future. For other people who find this issue, this affects some of our other plugins as well such as the Apache plugin. All the advice above is identical except you should replace nginx with apache in the different CLI options. EDIT: The post hook in the 2nd example was previously “server nginx stop” but I changed it to the correct value of “service nginx start”. EDIT2: Updated the beginning of the post in response to TLS-SNI-01 being permanently disabled.