Ssl
EC2 實例仍在提供舊的 LetsEncrypt SSL 證書
我正在為我的網站更新 SSL 證書。它們都在具有相同 Apache 伺服器的相同 EC2 實例上執行。我的兩個域最近過期了,所以我也嘗試從證書中刪除它們。
我想我正確地更新了證書,因為當我執行以下命令時,它似乎表明證書是最新的:
$ /usr/local/bin/certbot-auto certonly --webroot -w /var/www/html -d apptic.me -d www.apptic.me -d athenaforyou.com -d www.athenaforyou.com -d cloudlease.me -d www.cloudlease.me -d foleyrounds.com -d www.foleyrounds.com -d ugba198.com -d www.ugba198.com -d wildcattribune.com -d www.wildcattribune.com Requesting to rerun /usr/local/bin/certbot-auto with root privileges... Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Cert not yet due for renewal You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry. (ref: /etc/letsencrypt/renewal/apptic.me.conf) What would you like to do? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Keep the existing certificate for now 2: Renew & replace the cert (limit ~5 per 7 days) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 Keeping the existing certificate - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Certificate not yet due for renewal; no action taken.
然後我用 重新啟動 Apache
sudo systemctl restart httpd
,它不會產生任何輸出。但是當我導航到我的網站 www.apptic.me 時,我看到仍然存在 SSL 錯誤,提示證書已過期。會發生什麼?
我正在執行 Apache 2.4:
$ yum info httpd Loaded plugins: extras_suggestions, langpacks, priorities, update-motd 236 packages excluded due to repository priority protections Installed Packages Name : httpd Arch : x86_64 Version : 2.4.43 Release : 1.amzn2 Size : 4.0 M Repo : installed From repo : amzn2-core Summary : Apache HTTP Server URL : https://httpd.apache.org/ License : ASL 2.0 Description : The Apache HTTP Server is a powerful, efficient, and extensible : web server.
事實證明我沒有在原始問題中提供足夠的資訊,但我正在記錄對我有用的東西,以防它碰巧幫助任何人。首先,我刪除了舊的 vhosts 文件以及
vhost_*-le-ssl.conf
我不再擁有的域的對應文件。我還意外刪除了
/etc/letsencrypt/live/
and中的一個文件夾/etc/letsencrypt/renewal/
(違反自述文件的建議)。這使它certbot
不再工作,因為它無法執行sudo systemctl restart httpd
。謝天謝地,這些文件還在
/etc/letsencrypt/archive
,所以我從那裡恢復了文件夾。(我只是將存檔文件夾複製到每個目錄並在certbot
告訴我時重命名了文件。)最終在修復文件夾並停止+啟動
httpd
服務之後,我certbot
再次執行並輸出了這樣的連結,確認證書已正確安裝:https://www.ssllabs.com/ssltest/analyze.html?d=apptic。我