Normal letsencrypt free SSL certificate renewal, often need to stop nginx
step:
Nginx service is the first stop, then renewed operations on the server that is:
1. Direct renewed certificate
the Find / -name "certbot-Auto"
/ root / letsencrypt / certbot-Auto
/ root / certbot-Auto
/root/letsencrypt/certbot-auto/certbot-auto renew --force-renew --no-self-upgrade
--force-renew force an update
--no-self-upgrade does not update letsencrypt
2. The failure to renew the certificate (re-registration certificate)
执行: /root/letsencrypt/certbot-auto certonly --standalone --no-self-upgrade -d xxxxx.com
If the execution reported the following error
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxx.com
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.
停止nginx
sudo /usr/sbin/nginx -s stop
启动nginx
nginx -c /etc/nginx/nginx.conf
nginx -s reload
New fullchain.pem privkey.pem and replace the last generation of the original with two old, you can
cp /etc/letsencrypt/live/xxx.com-0001/fullchain.pem /etc/letsencrypt/live/xxx.com/fullchain.pem
cp /etc/letsencrypt/live/xxx.com-0001/privkey.pem /etc/letsencrypt/live/xxx.com/privkey.pem
sudo /usr/sbin/nginx -t
sudo /usr/sbin/nginx -s reload
Visit the Web site, you can see the certificate has been renewed! !
letsencrypt configure https Links:
https://www.jianshu.com/p/0d455c7a9326
https://www.jianshu.com/p/e4def1f789c1