很久不登陆博客,发现证书过期了,记得好几年前设置过Let’sEncrypt自动更新,但死活找不到安装包在哪里。
Google一圈发现acme,好吧我真的没印象了,却发现acme好端端的躺在 local 目录。emmm …… 我这脑子啊 (话说22年还没过半我已经把我父母的生日给忘了,真的没想起来,太忙了今年各种事情
看了crontab -e,找到定时命令,执行,发现由于博客本身证书失效了,所以无法续期
"/usr/local/acme.sh"/acme.sh --cron --home "/usr/local/acme.sh" --force
一个域名成功,另外一个提示Invalid Certification,无法走更新
看man提示(好吧实际上我是Google的),单独试试更新证书
./acme.sh -r -d "20xue.com"
结果提示
Please specify at least one validation method: '--webroot', '--standalone', '--apache', '--nginx' or '--dns' etc.
奇怪了再试了一遍
acme.sh --issue -d 20xue.com --nginx
提示依旧,束手无策了已经
Google了一圈都是在讲相关代码逻辑,不是我这用户想要的啊,挨个试
acme.sh --issue -d 20xue.com --standalone
可以运行了,就是看着奇怪
[Wed Apr 13 11:47:06 CST 2022] Renew: '20xue.com'
[Wed Apr 13 11:47:09 CST 2022] Using CA: https://acme.zerossl.com/v2/DV90
[Wed Apr 13 11:47:09 CST 2022] Standalone mode.
[Wed Apr 13 11:47:09 CST 2022] LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=18997,fd=10),("nginx",pid=18996,fd=10),("nginx",pid=6971,fd=10))
LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=18997,fd=8),("nginx",pid=18996,fd=8),("nginx",pid=6971,fd=8))
[Wed Apr 13 11:47:09 CST 2022] tcp port 80 is already used by (("nginx",pid=18997,fd=10),("nginx",pid=18996,fd=10),("nginx",pid=6971,fd=10))
(("nginx",pid=18997,fd=8),("nginx",pid=18996,fd=8),("nginx",pid=6971,fd=8))
[Wed Apr 13 11:47:09 CST 2022] Please stop it first
[Wed Apr 13 11:47:09 CST 2022] _on_before_issue.
不对啊,之前没见过,先 lnmp reload 试试,可以,证书生效了,不过这个端口冲突感觉很奇怪
莫非 Standalone 的锅 …… 试试nginx发现要conf,可是我lnmp自己装的他要conf搞啥?跳过这个配置
–webroot可能是菜
root@localhost:/usr/local/acme.sh# acme.sh --issue -d 20xue.com --webroot
Please specify at least one validation method: '--webroot', '--standalone', '--apache', '--nginx' or '--dns' etc.
可惜,webroot还行不行,可是为何不行,分明按 man 来的,又仔细看了下帮助文档,好家伙
-w, --webroot <directory> Specifies the web root folder for web root mode.
--standalone Use standalone mode.
--alpn Use standalone alpn mode.
--stateless Use stateless mode.
See: https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mode
webroot 后面得加目录地址,这个tips真的好粗糙啊
删除刚才创建的证书
root@localhost:/usr/local/acme.sh# acme.sh --remove -d 20xue.com
[Wed Apr 13 12:06:28 CST 2022] 20xue.com is removed, the key and cert files are in /usr/local/nginx/conf/ssl/20xue.com
[Wed Apr 13 12:06:28 CST 2022] You can remove them by yourself.
重新走颁发流程
acme.sh --issue -d 20xue.com -w /home/wwwroot/20xue.com
再看看证书更新是否ok
root@localhost:/usr/local/acme.sh# "/usr/local/acme.sh"/acme.sh --cron --home "/usr/local/acme.sh" --force
[Wed Apr 13 12:23:17 CST 2022] ===Starting cron===
[Wed Apr 13 12:23:17 CST 2022] Installing from online archive.
[Wed Apr 13 12:23:17 CST 2022] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Wed Apr 13 12:23:18 CST 2022] Extracting master.tar.gz
[Wed Apr 13 12:23:18 CST 2022] Installing to /usr/local/acme.sh
[Wed Apr 13 12:23:18 CST 2022] Installed to /usr/local/acme.sh/acme.sh
[Wed Apr 13 12:23:18 CST 2022] Good, bash is found, so change the shebang to use bash as preferred.
[Wed Apr 13 12:23:19 CST 2022] OK
[Wed Apr 13 12:23:19 CST 2022] Install success!
[Wed Apr 13 12:23:19 CST 2022] Upgrade success!
[Wed Apr 13 12:23:19 CST 2022] Auto upgraded to: 3.0.3
[Wed Apr 13 12:23:19 CST 2022] Renew: '20xue.com'
搞定
好久不折腾了,自从18年年底开始转Java开发,VPS不折腾了,VPN不折腾了,Ubuntu也不折腾了,好多命令还有思路都忘了,离开源社区越来越远,得捡起来
另外,大厂很多人连 Linux / Git 命令敲不利索,就会背八股,写的代码一坨屎,真的很无语,唉 …… 再说吧,工作中可以吐槽的不少
PHP YES ( AMD YES