记一次certbot重新签约SSL证书经验

2021-09-18 02:00:00

背景

第一次在弄SSL证书的时候踩了不少坑,导致生成了多份重复的证书,且域名被官方给BAN了7天。但好在最后SSL证书能用了

三个月的时间到了,现在要进行证书续签,面对繁杂的目录和目录下秘钥,我直接懵逼。

so,不如回炉重造重新签一份证书?

一、整理目录,准备回炉重造

首先进入certbot的目录

cd /etc/letsencrypt

来到letsencrypt目录下,依次可以发现archive,live,renewal文件夹

删除里面的所有文件,不放心的话可以事先进行cp备份

rm -rf archive/*
rm -rf live/*
rm -rf renewal/*

二、使用 --standalone 模式进行证书下发请求

certbot certonly --standalone

根据提示输入域名,例如yongchin.xyz

等待好消息

[root@ikvmZ letsencrypt]# certbot certonly --standalone
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): yongchin.xyz
Requesting a certificate for yongchin.xyz

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yongchin.xyz/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/yongchin.xyz/privkey.pem
This certificate expires on 2021-12-16.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

剩下的就是愉快地重新服务,去页面插件证书有效期~☘