by

记录下SSL证书更新

很久不登陆博客,发现证书过期了,记得好几年前设置过Let’sEncrypt自动更新,但死活找不到安装包在哪里。

Google一圈发现acme,好吧我真的没印象了,却发现acme好端端的躺在 local 目录。emmm …… 我这脑子啊 (话说22年还没过半我已经把我父母的生日给忘了,真的没想起来,太忙了今年各种事情

看了crontab -e,找到定时命令,执行,发现由于博客本身证书失效了,所以无法续期

"/usr/local/acme.sh"/acme.sh --cron --home "/usr/local/acme.sh" --force

一个域名成功,另外一个提示Invalid Certification,无法走更新

看man提示(好吧实际上我是Google的),单独试试更新证书

./acme.sh  -r -d "20xue.com"

结果提示

Please specify at least one validation method: '--webroot', '--standalone', '--apache', '--nginx' or '--dns' etc.

奇怪了再试了一遍

 acme.sh --issue -d 20xue.com --nginx

提示依旧,束手无策了已经

Google了一圈都是在讲相关代码逻辑,不是我这用户想要的啊,挨个试

acme.sh --issue -d 20xue.com --standalone

可以运行了,就是看着奇怪

[Wed Apr 13 11:47:06 CST 2022] Renew: '20xue.com'
[Wed Apr 13 11:47:09 CST 2022] Using CA: https://acme.zerossl.com/v2/DV90
[Wed Apr 13 11:47:09 CST 2022] Standalone mode.
[Wed Apr 13 11:47:09 CST 2022] LISTEN   0         128                 0.0.0.0:80               0.0.0.0:*        users:(("nginx",pid=18997,fd=10),("nginx",pid=18996,fd=10),("nginx",pid=6971,fd=10))
LISTEN   0         128                 0.0.0.0:80               0.0.0.0:*        users:(("nginx",pid=18997,fd=8),("nginx",pid=18996,fd=8),("nginx",pid=6971,fd=8))
[Wed Apr 13 11:47:09 CST 2022] tcp port 80 is already used by (("nginx",pid=18997,fd=10),("nginx",pid=18996,fd=10),("nginx",pid=6971,fd=10))
(("nginx",pid=18997,fd=8),("nginx",pid=18996,fd=8),("nginx",pid=6971,fd=8))
[Wed Apr 13 11:47:09 CST 2022] Please stop it first
[Wed Apr 13 11:47:09 CST 2022] _on_before_issue.

不对啊,之前没见过,先 lnmp reload 试试,可以,证书生效了,不过这个端口冲突感觉很奇怪

莫非 Standalone 的锅 …… 试试nginx发现要conf,可是我lnmp自己装的他要conf搞啥?跳过这个配置

–webroot可能是菜

root@localhost:/usr/local/acme.sh# acme.sh --issue -d 20xue.com --webroot
Please specify at least one validation method: '--webroot', '--standalone', '--apache', '--nginx' or '--dns' etc.

可惜,webroot还行不行,可是为何不行,分明按 man 来的,又仔细看了下帮助文档,好家伙

-w, --webroot <directory>         Specifies the web root folder for web root mode.
  --standalone                      Use standalone mode.
  --alpn                            Use standalone alpn mode.
  --stateless                       Use stateless mode.
                                    See: https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mode

webroot 后面得加目录地址,这个tips真的好粗糙啊

删除刚才创建的证书

root@localhost:/usr/local/acme.sh# acme.sh --remove -d 20xue.com
[Wed Apr 13 12:06:28 CST 2022] 20xue.com is removed, the key and cert files are in /usr/local/nginx/conf/ssl/20xue.com
[Wed Apr 13 12:06:28 CST 2022] You can remove them by yourself.

重新走颁发流程

acme.sh --issue -d 20xue.com -w /home/wwwroot/20xue.com

再看看证书更新是否ok

root@localhost:/usr/local/acme.sh# "/usr/local/acme.sh"/acme.sh --cron --home "/usr/local/acme.sh" --force
[Wed Apr 13 12:23:17 CST 2022] ===Starting cron===
[Wed Apr 13 12:23:17 CST 2022] Installing from online archive.
[Wed Apr 13 12:23:17 CST 2022] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Wed Apr 13 12:23:18 CST 2022] Extracting master.tar.gz
[Wed Apr 13 12:23:18 CST 2022] Installing to /usr/local/acme.sh
[Wed Apr 13 12:23:18 CST 2022] Installed to /usr/local/acme.sh/acme.sh
[Wed Apr 13 12:23:18 CST 2022] Good, bash is found, so change the shebang to use bash as preferred.
[Wed Apr 13 12:23:19 CST 2022] OK
[Wed Apr 13 12:23:19 CST 2022] Install success!
[Wed Apr 13 12:23:19 CST 2022] Upgrade success!
[Wed Apr 13 12:23:19 CST 2022] Auto upgraded to: 3.0.3
[Wed Apr 13 12:23:19 CST 2022] Renew: '20xue.com'

搞定

好久不折腾了,自从18年年底开始转Java开发,VPS不折腾了,VPN不折腾了,Ubuntu也不折腾了,好多命令还有思路都忘了,离开源社区越来越远,得捡起来

另外,大厂很多人连 Linux / Git 命令敲不利索,就会背八股,写的代码一坨屎,真的很无语,唉 …… 再说吧,工作中可以吐槽的不少

PHP YES ( AMD YES