Popular blog tags

全站部署https系列(4)-Let’s Encrypt修改域名证书,环境:阿里云Ubuntu 18.04 + Nginx + let's encrypt

Published

We’ll be using Certbot to manage our Let’s Encrypt SSL..

1.系统环境

环境:阿里云Ubuntu 18.04 64位 + Nginx + let's encrypt

2. Let's Encrypt的客户端Certbot

Certbot 是一个维护 Let’s Encrypt 的 Package

3.Certbot命令格式

usage: 
  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN]

 

检查版certbot 本号,运行:

certbot --version

certbot 0.28.0

Managing certificates

office doc:https://certbot.eff.org/docs/using.html#managing-certificates

Step 1:查看服务器上已安装的所有证书

To view a list of the certificates Certbot knows about, run the certificates subcommand:

certbot certificates

output

Found the following certs:
  Certificate Name: example.com
    Domains: example.com, www.example.com
    Expiry Date: 2017-02-19 19:53:00+00:00 (VALID: 30 days)
    Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
Certificate Name: example1.cn
    Domains: example1.cn www.example1.cn
    Expiry Date: 2021-05-08 13:57:26+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/example1.cn/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/example1.cn/privkey.pem
  Certificate Name: testapi.example2.com
    Domains: www.example2.com api.example2.com cloud.example2.com data.example2.com f10.example2.com search.example2.com so.example2.com example2.com testapi.example2.com
    Expiry Date: 2021-05-08 14:31:01+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/testapi.example2.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/testapi.example2.com/privkey.pem

域名证书名称为:Certificate Name: example.com,该证书中包含了域名:Domains: example.com, www.example.com

Step 2:删除过期证书

certbot delete --cert-name example.com

example.com为证书名称,即Certificate Name: example.com

or

certbot delete
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which certificate(s) would you like to delete?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: liuhaolin.com
2:iaspnetcore.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):1

Step 3.生成1个新的证书

certbot --nginx -d XXX.com

certonly是它的子命令,表示只颁发证书。

 

Step 4:在证书中新增加一个域名,例如:

certbot --nginx -d XXX.com  www.xxx.com

Step 5:从证书中删除1个域名

直接重建,把要删除的域名从列表中移除即可。

certbot --nginx -d XXX.com  

Step 6:renew a specific certificate

some times the renewal process fails for various reasons, and you need to issue the following manual command for forceful renewal:

certbot --force-renewal
certbot --force-renewal -d domain-name-1-here,domain-name-2-here
certbot --force-renewal -d www.nixcraft.com,nixcraft.com

 

证书所在的地方是/etc/letsencrypt/

https://www.cyberciti.biz/faq/how-to-forcefully-renew-lets-encrypt-certificate/