分享 | 交流
让学习成为一种习惯

Let’s Encrypt证书续期

近期工作比较忙,有一段时间没有来了,今天看到邮件提醒证书过期,特将证书续期过程记录,留给需要的人参考!

之前的一篇文章:

申请Let’s Encrypt永久免费SSL证书

[root@liushike ~]# ./certbot-auto –server https://acme-v02.api.letsencrypt.org/directory -d “*.liushike.com” -d “liushike.com” –manual –preferred-challenges dns-01 certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for liushike.com
dns-01 challenge for liushike.com

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: Y

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Please deploy a DNS TXT record under the name
_acme-challenge.liushike.com with the following value:

5HvCu39Kf4N2dCXsclLpxB9vpqm1mZCHIjAtN5jnC_k

Before continuing, verify the record is deployed.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Press Enter to Continue

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Please deploy a DNS TXT record under the name
_acme-challenge.liushike.com with the following value:

fQL_N1nd3hbyARIM1rY7DDEpKsmjtp5JxCa2mjgXsNg

Before continuing, verify the record is deployed.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Press Enter to Continue

添加TXT解析

_acme-challenge  5HvCu39Kf4N2dCXsclLpxB9vpqm1mZCHIjAtN5jnC_k
_acme-challenge  fQL_N1nd3hbyARIM1rY7DDEpKsmjtp5JxCa2mjgXsNg

安装域名解析查询工具
yum -y install bind-utils

查询接续状态,确保解析ok之后再继续
[root@liushike ~]# dig _acme-challenge.liushike.com txt

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> _acme-challenge.liushike.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35562
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_acme-challenge.liushike.com. IN TXT

;; ANSWER SECTION:
_acme-challenge.liushike.com. 600 IN TXT “5HvCu39Kf4N2dCXsclLpxB9vpqm1mZCHIjAtN5jnC_k”
_acme-challenge.liushike.com. 600 IN TXT “fQL_N1nd3hbyARIM1rY7DDEpKsmjtp5JxCa2mjgXsNg”

;; Query time: 61 msec
;; SERVER: 100.100.2.138#53(100.100.2.138)
;; WHEN: Sun Jul 15 13:30:08 CST 2018
;; MSG SIZE rcvd: 169

解析正常了,安任意键继续

Waiting for verification…
Cleaning up challenges

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/liushike.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/liushike.com/privkey.pem
Your cert will expire on 2018-10-13. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
“certbot-auto renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

升级完成

未经允许不得转载:留时刻运维网 » Let’s Encrypt证书续期

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

留时刻 - Linux系统教程,运维经验分享

加入我们给我留言