Let's Encrypt is a free certificate, valid for three months, renewed success, the record about the process.
Server environment: CentOS7.6, Python2.7.5
The first step: In the pagoda will be the site of the SSL disabled renewal execute command : / git / letsencrypt / certbot-Auto certonly --renew-by-default --email [email protected] -d abc.xxx.com
Implementation process:
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Nginx Web Server plugin (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3
Input the webroot for lingshi.xinlz.net: (Enter 'c' to cancel): /mnt/vdb1/abc.xxx.com
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/abc.xxx.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/abc.xxx.com/privkey.pem
Your cert will expire on 2020-06-17. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
==================================================
Step two: Check the Nginx configuration of the current site in reference to the certificate path is correct
The third step: as Nginx configuration changed, you need to restart the service
service nginx restart
========= successful deployment ======================================= ===========
And the process is simple in principle, but in the actual implementation process, will encounter endless possibilities uncertainty leads to failure. The following general rules listed several problems encountered:
1. Renewal command has been stuck in Installing Python packages when performing ...
Solution:
the ~ / .pip / pip.conf
[, Ltd. Free Join]
# https://pypi.doubanio.com/simple/ index-url =
# = index-HTTPS url: //pypi.tuna.tsinghua.edu.cn/simple/ # Tsinghua mirror, 99% of online articles recommend this, after numerous unsuccessful test
index-url = http://mirrors.aliyun.com/pypi/simple/ # Ali cloud, a success.
[install]
#trusted-host=pypi.doubanio.com
#trusted-host=pypi.huna.tsinghua.edu.cn
trusted-host=mirrors.aliyun.com 阿里云
After saving pip.conf re-execute the renewal of command.
2. Tip .well-known 403 error, the directory is not accessible.
Solution: Increase in Nginx configuration allows access settings:
location ~ /.well-known {
allow all;
}