【发布时间】:2017-03-09 17:20:15
【问题描述】:
我正在使用 certbot-auto 为我的域名生成证书 https。我使用这样的命令
sudo ./certbot-auto
没关系,但是当我更新证书时使用命令
sudo ./certbot-auto renew --dry-run
它无法更新证书并显示如下错误消息:
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/example.asia.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for example.asia
tls-sni-01 challenge for www.example.asia
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0020_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0020_csr-certbot.pem
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/example.asia/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
请帮帮我
【问题讨论】:
-
究竟是什么错误?
--dry-run是模拟续订(实际上并不续订证书)。您似乎在昨天(世界协调时间 2016 年 10 月 26 日星期三 02:49:00 UTC)更新了证书,并且在 3 个月内不会过期。要续订证书,您不会使用--dry-run选项。 -
我们使用什么命令来更新?请告诉我
-
@AnandBhat,对不起先生,我可以在 3 个月到期之前更新证书吗?过期 3 个月后,我可以使用此命令 sudo ./certbot-auto renew --quiet 进行续订吗?没事吧?
-
我今天想测试更新证书。我使用这个命令 sudo ./certbot-auto renew --quiet 和 sudo service httpd restart。证书今天无法续订(2016 年 10 月 27 日星期四 02:49:00 UTC)
标签: python ssl centos6 centos6.5 certbot