Comments (8)
更新证书时,如果 crontab 脚本不生效,或者执行 certbot renew
等出现如下错误时:
The manual plugin is not working; there may be problems with your existing configuration ......
.....
PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',
则需要运行下列命令手动更新
certbot certonly -d *.xxx.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
// 或者
path/to/certbot-auto certonly -d *.xxx.com --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
链接:Failed authorization procedure via DNS
So, certbot renew is a non-interactive command. The reason it will not run without passing the auth-hook scripts is that Certbot needs to be able to update your TXT records automatically with new challenge values. That is what the hooks are for.
The initial TXT records you created are most likely no longer valid. In the best case, they only authorize you to issue certificates for the domain for 30 days. After that time (or earlier), the value of the challenge changes, and the TXT records must be updated to a new challenge value.
The way you are calling certbot renew does not do this, because your empty scripts are meant to be updating the TXT records, but they do nothing.
If you wish to do the manual DNS challenge again (interactively, rather than non-interactively), then you need to run certbot certonly using the same parameters that you used the first time. certbot renew doesn’t do what you want.
更新完毕之后重新启动服务器
from blog.
-
升级到通配符证书可能出现的问题:https://community.letsencrypt.org/t/certbot-the-currently-selected-acme-ca-endpoint-does-not-support-issuing-wildcard-certificates/55667
-
certbot-auto
升级到 0.22.x,进行certbot-auto renew --dry-run
可能出现类似如下错误:
An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively
修复方案是运行 certbot-auto renew
certbot renew
的时间问题: https://community.letsencrypt.org/t/renew-says-cert-not-yet-due-for-renewal-though-it-is-more-than-30-days-old/21182/7
from blog.
@dwqs 我阿里云配置certbot后可以上https,但是要翻墙才能上,这是什么原因?之前是不用翻墙的,今天发现网站打不开,log里面也没有错,翻墙后就能正常访问了。请问这是什么原因?谢谢
from blog.
@Fabriceli 这个我也不是很清楚了 之前我在阿里云上配置的时候 没有出现你的这种情况
from blog.
你好,我用-d参数配置多个域名合在一个证书中时,浏览器检查是ok的,myssl检查不匹配,我不知道是不是因为我负载均衡的问题,请问你有测试过这样吗
from blog.
@Victorkangsh 这个我没测试过
from blog.
@dwqs 我弄明白了,阿里云slb分默认证书和多域名证书,当把san证书加为多域名证书时,也就是默认证书不是san证书,san证书的非主域名检测会指向默认证书,只有san的主域名是正确指向san证书的。至于普通nginx没有测试,不知道情况
from blog.
@Victorkangsh 多谢分享
from blog.
Related Issues (20)
- [译]JavaScript 的时间消耗 HOT 4
- Webpack 4 不完全迁移指北 HOT 23
- 从一道题浅说 JavaScript 的事件循环 HOT 36
- 列表数据的展示优化 HOT 2
- 处理 undefined 值的7个建议 HOT 1
- How to escape async/await hell HOT 8
- 数制基础 HOT 1
- ES6 Class Methods 定义方式的差异 HOT 15
- 浅说 XSS 和 CSRF HOT 18
- 浅说移动前端中 Viewport 和 Viewport units HOT 4
- 浅说虚拟列表的实现原理 HOT 25
- react-tiny-virtual-list的源码解读 HOT 5
- react-virtualized 组件的虚拟列表实现
- react-virtualized 组件的虚拟列表优化分析 HOT 1
- 图片和视频的懒加载 HOT 2
- 从 Hello World 看 RN 的启动流程(一) HOT 2
- 从 Hello World 看 RN 的启动流程(二) HOT 1
- 这样就产生了反射型 XSS 攻击。攻击者可以注入任意的恶意脚本进行攻击,可能注入恶作剧脚本,或者注入能获取用户隐私数据(如cookie)的脚本,这取决于攻击者的目的。
- dom型xss攻击中,我没有理解具体的危害。输入内容是用户自己控制的,即使他输入恶意内容,又能干些什么呢?能用一个具体的案例,讲下攻击者的什么行为给受害者造成了什么危害吗? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from blog.