娃哈哈好喝官网有文档说明怎么使用,但是没有中文,官网地址
这里就把官网的翻译一下吧,顺便把遇到的坑也说一下
系统:centos7.6,nginx1.21
1、安装snapd
[root@centos ~]# yum -y install snapd python2-certbot-nginx
#创建个软连接
[root@centos ~]# ln -s /var/lib/snapd/snap /snap
#启动服务
[root@centos ~]# systemctl start snapd.seeded.service
如果没有报错snap就安装完成了
2、安装snap core并更新snap
[root@centos ~]# snap install core
[root@centos ~]# snap refresh core
3、删除其他版本的certbot
[root@centos ~]# yum -y remove certbot
4、安装certbot
[root@centos ~]# snap install --classic certbot
#创建个软连接
[root@centos ~]# ln -s /snap/bin/certbot /usr/bin/certbot
5、生成证书 #生成证书并添加到nginx配置文件中
[root@centos ~]# certbot --nginx
#只生成证书,不添加到配置文件
[root@centos ~]# certbot certonly --nginx
如果你的nginx不是在/etc/nginx/nginx.conf这个路径可以手动指定配置路径
#自定义nginx配置路径
[root@centos ~]# certbot certonly --nginx --nginx-server-root=/etc/nginx/conf/
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: wahahahaohe.com
2: www.wahahahaohe.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1 2
Requesting a certificate for wahahahaohe.com and www.wahahahaohe.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/wahahahaohe.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/wahahahaohe.com/privkey.pem
This certificate expires on 2023-06-25.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
上面的命令会列出当前配置文件中所有在使用的域名,选择需要申请证书的域名编号即可,多个编号空格隔开。
6、配置证书
ssl_certificate /etc/letsencrypt/live/wahahahaohe.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wahahahaohe.com/privkey.pem;
7、更新证书 [root@centos ~]# certbot renew 证书有效期是90天,只有在有效期低于30天才能更新,大于30天会报错,类似这样
[root@centos ~]# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/wahahahaohe.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
/etc/letsencrypt/live/wahahahaohe.com/fullchain.pem expires on 2023-06-25 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[root@centos ~]#
可以添加到计划任务每周执行一次,等到了30天内就会更新成功。
#每周一执行一次更新
* * * * 1 /bin/certbot renew
遇到的坑1
Could not parse file: /etc/nginx/conf/nginx.conf due to Expected string_end, found 'http' (at char 254), (line:16, col:1)
申请证书的时候会遇到类似上面的报错,原因就是nginx.conf配置文件中关于日志部分有#开头的注释内容干扰了certbot的解析,所以解决办法只需要将注释内容去掉就可以了