Let’s Encrypt 网站启用HTTPS更新

1 历史更新

之前参考是 酷壳 陈皓大牛的文章


2 现在官网的证书安装有更新上述,参考如下


Unfortunately, Let’s Encrypt has stopped offering the mechanism that Certbot’s

Apache and Nginx plugins use to prove you control a domain due to a security issue.

See https://community.letsencrypt.org/t/2018-01-11-update-regarding-acme-tls-sn


for more info.

We are planning on releasing a new version of Certbot in the next few days that works

around this but if you have to obtain/renew your cert and cannot wait, you have a

couple of options. If you’re serving files for that domain out of a directory on that

server, you can run the following command:

sudo certbot --authenticator webroot --installer nginx

If you’re not serving files out of a directory on the server, you can temporarily stop your server

while you obtain the certificate and restart it after Certbot has obtained the certificate. This would look like:

sudo certbot --authenticator standalone --installer nginx 
--pre-hook "service nginx stop" 
--post-hook "service nginx start"

These hooks will cause Certbot to automatically stop your server to obtain certificates and

then start it again. After running a command like this once, Certbot will remember your

settings so certbot renew

will work in the future.

For other people who find this issue, this affects some of our other plugins as well such

as the Apache plugin. All the advice above is identical except you should replace nginx

with apache in the different CLI options.

EDIT: The post hook in the 2nd example was previously “server nginx stop” but I

changed it to the correct value of “service nginx start”.
EDIT2: Updated the beginning of the post in response to TLS-SNI-01 being

permanently disabled.




电子邮件地址不会被公开。 必填项已用*标注