We’ll be using Certbot to manage our Let’s Encrypt SSL..
1.系统环境
环境:阿里云Ubuntu 18.04 64位 + Nginx + let's encrypt
2. Let's Encrypt的客户端Certbot
Certbot 是一个维护 Let’s Encrypt 的 Package
3.Certbot命令格式
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN]
检查版certbot 本号,运行:
certbot --version
certbot 0.28.0
Managing certificates
office doc:https://certbot.eff.org/docs/using.html#managing-certificates
Step 1:查看服务器上已安装的所有证书
To view a list of the certificates Certbot knows about, run the certificates subcommand:
certbot certificates
output
Found the following certs:
Certificate Name: example.com
Domains: example.com, www.example.com
Expiry Date: 2017-02-19 19:53:00+00:00 (VALID: 30 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
Certificate Name: example1.cn
Domains: example1.cn www.example1.cn
Expiry Date: 2021-05-08 13:57:26+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/example1.cn/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example1.cn/privkey.pem
Certificate Name: testapi.example2.com
Domains: www.example2.com api.example2.com cloud.example2.com data.example2.com f10.example2.com search.example2.com so.example2.com example2.com testapi.example2.com
Expiry Date: 2021-05-08 14:31:01+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/testapi.example2.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/testapi.example2.com/privkey.pem
域名证书名称为:Certificate Name: example.com,该证书中包含了域名:Domains: example.com, www.example.com
Step 2:删除过期证书
certbot delete --cert-name example.com
example.com为证书名称,即Certificate Name: example.com
or
certbot delete
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which certificate(s) would you like to delete?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: liuhaolin.com
2:iaspnetcore.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):1
Step 3.生成1个新的证书
certbot --nginx -d XXX.com
certonly是它的子命令,表示只颁发证书。
Step 4:在证书中新增加一个域名,例如:
certbot --nginx -d XXX.com www.xxx.com
Step 5:从证书中删除1个域名
直接重建,把要删除的域名从列表中移除即可。
certbot --nginx -d XXX.com
Step 6:renew a specific certificate
some times the renewal process fails for various reasons, and you need to issue the following manual command for forceful renewal:
certbot --force-renewal
certbot --force-renewal -d domain-name-1-here,domain-name-2-here
certbot --force-renewal -d www.nixcraft.com,nixcraft.com
证书所在的地方是/etc/letsencrypt/
https://www.cyberciti.biz/faq/how-to-forcefully-renew-lets-encrypt-certificate/