問題描述
無法使用 certbot renew/Letsencrypt 續訂證書 (Cannot renew certificates with certbot renew/Letsencrypt)
certbot 與 NGINX 一起用於創建證書。我們的服務器上只為生產構建、暫存構建和 jenkins 網絡服務器創建了一個證書。
當我運行 certbot renew 時,一切都很好,直到它嘗試挑戰 jenkins 服務器。我收到以下錯誤
Attempting to renew cert (my.domain) from /etc/letsencrypt/renewal/my.domain.conf produced an unexpected error: Missing command line flag or config entry for this setting:
Select the webroot for jenkins.my.domain:
Choices: ['Enter a new webroot']
(You can set this with the ‑‑webroot‑path flag). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/my.domain/mykey.pem (failure)
我不確定jenkins webroot的位置,但我認為它不像將它添加到webroot底部的letsencrypt conf文件中那樣簡單,或者可能是嗎。無論哪種方式,任何幫助表示讚賞!:)
參考解法
方法 1:
‑‑webroot‑path is the path which should be accessible via http using your domain name. This is given when you first procure the certificates at the time of renewal there is no need to supply that explicitly. I think there could be something wrong with the renewal configuration file.
When a certificate is issued, by default Certbot creates a renewal configuration file that tracks the options that were selected when Certbot was run. This allows Certbot to use those same options again when it comes time for renewal.
https://certbot.eff.org/docs/using.html#modifying‑the‑renewal‑configuration‑file
I would suggest try generating new certificates instead of renewing. That would correct the renewal configuration file.
(by JDiGz、Yogeshwar Singh)