>我已经启动了certbot进程:
sudo certbot --nginx -d example.com -d www.example.com
但我忘了在"服务器"中添加"www.example.com"nginx 虚拟站点以 example.com
server {
(...)
server_name example.com www.example.com;
(...)
}
然后我有证书,但没有自动完成过程来使用 SSL 配置我的 nginx
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for examle.com
tls-sni-01 challenge for www.example.com
Cleaning up challenges
Cannot find a VirtualHost matching domain www.example.com. In order for Certbot to correctly perform the challenge please add a corresponding server_name directive to your nginx configuration: https://nginx.org/en/docs/http/server_names.html
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
就像我写的只是:
cerbot --certonly --standalone -d example.com
因为我只有证书,现在nginx上的配置没关系,我可以再次启动该过程并覆盖所有旧值? 让我们加密证书颁发机构是否有问题,再次为同一域调用新证书? 解决方案是什么? 再次删除所有内容,还是手动完成其余过程(nginx配置(?
cerbot 可以为已经创建的域再次启动 ssl。就我而言,当域失败时,这是您第一次使用certbot。Nginx配置已更改,但不是完全更改,因此当您第二次尝试时,将完成并更新nginx配置。Certbot只是更新域的配置,并注释它认为重复的旧行并插入新行,由Certbod添加 #manage,因此当您需要翻新证书时,Cerbot可以巧妙地更改行。
示例我的nginx配置,第一次尝试,第二次尝试:
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
# Redirect non-https traffic to https
# if ($scheme != "https") {
# return 301 https://$host$request_uri;
# } # managed by Certbot