背景
第一次在弄SSL证书的时候踩了不少坑,导致生成了多份重复的证书,且域名被官方给BAN了7天。但好在最后SSL证书能用了
三个月的时间到了,现在要进行证书续签,面对繁杂的目录和目录下秘钥,我直接懵逼。
so,不如回炉重造重新签一份证书?
一、整理目录,准备回炉重造
首先进入certbot的目录
cd /etc/letsencrypt
来到letsencrypt目录下,依次可以发现archive,live,renewal文件夹
删除里面的所有文件,不放心的话可以事先进行cp备份
rm -rf archive/*
rm -rf live/*
rm -rf renewal/*
二、使用 --standalone 模式进行证书下发请求
certbot certonly --standalone
根据提示输入域名,例如yongchin.xyz
等待好消息
[root@ikvmZ letsencrypt]# certbot certonly --standalone
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): yongchin.xyz
Requesting a certificate for yongchin.xyz
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yongchin.xyz/fullchain.pem
Key is saved at: /etc/letsencrypt/live/yongchin.xyz/privkey.pem
This certificate expires on 2021-12-16.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
剩下的就是愉快地重新服务,去页面插件证书有效期~☘