{"id":2505,"date":"2024-07-14T17:19:24","date_gmt":"2024-07-14T09:19:24","guid":{"rendered":"https:\/\/yowlab.idv.tw\/wordpress\/?p=2505"},"modified":"2024-07-15T16:59:26","modified_gmt":"2024-07-15T08:59:26","slug":"%e8%ae%93-certbot-%e5%8f%af%e4%bb%a5%e6%af%8f90%e5%a4%a9%e8%87%aa%e5%8b%95%e6%9b%b4%e6%96%b0-lets-encrypt-%e6%86%91%e8%ad%89","status":"publish","type":"post","link":"https:\/\/yowlab.idv.tw\/wordpress\/?p=2505","title":{"rendered":"\u8b93 Certbot \u53ef\u4ee5\u6bcf90\u5929\u81ea\u52d5\u66f4\u65b0 Let&#8217;s Encrypt \u6191\u8b49"},"content":{"rendered":"<p>\u4e09\u5e74\u524d <a href=\"https:\/\/yowlab.idv.tw\/wordpress\/?p=1390\" rel=\"noopener\" target=\"_blank\">\u4f7f\u7528 Certbot \u4f86\u70ba\u7db2\u7ad9\u7533\u8acb Let&#8217;s  Encrtpt \u6191\u8b49 (CentOS 7)<\/a>\uff0c\u89e3\u6c7a\u4e86\u7db2\u7ad9\u9700\u8981\u52a0\u89e3\u5bc6\u50b3\u8f38\u7684\u554f\u984c\uff0c\u4f46\u6191\u8b49\u50c5\u670990\u5929\u7684\u6709\u6548\u671f\uff0c\u6240\u4ee5\u6bcf\u969490\u5929\u4fbf\u5f97\u91cd\u65b0\u7533\u8acb\u6191\u8b49\u3002<\/p>\n<p>\u5982\u679c\u6211\u82e5\u80fd<span class=\"highlight01\">(1)\u66f4\u65b0\u6191\u8b49(\u975e\u91cd\u65b0\u7533\u8acb)<\/span>\uff0c\u4e14<span class=\"highlight01\">(2)\u6bcf90\u5929\u671f\u9650\u4e00\u5230\uff0c\u4fbf\u80fd\u81ea\u52d5\u66f4\u65b0\u6191\u8b49\uff0c<\/span>\u90a3\u5c31\u592a\u597d\u4e86\u3002<\/span><\/p>\n<style type=\"text\/css\">\n    li.present01 {line-height:1.5em; background-color:#F5E5C9; padding:5px; border-radius:10px; font-weight:bold; margin:5px;}\n    li.present02 {line-height:1.5em; background-color:#D1EC87; padding:5px; border-radius:10px; font-weight:bold; margin:5px;}\n    li.present03 {line-height:1.5em; background-color:#b3dffa; padding:5px; border-radius:10px; font-weight:bold; margin:5px;}\n    li.present04 {line-height:1.5em; background-color:#FDF6FF; padding:10px; border-radius:10px; font-weight:bold; margin:5px;}\n    ol.lower-alpha {list-style-type:lower-alpha;}\n    ol.lower-roman {list-style-type:lower-roman;}\n    ul.none {list-style-type:none;line-height:1.5em; padding:10px;}\n    ul.note {line-height:1.5em; padding:10px;}\n    .highlight01 {font-weight:bold; line-height:1.5em; background-color:#e7f49c; padding:0px 2px; border:1px; border-radius:10px;}\n    .highlight02 {font-weight:bold; line-height:1.5em; background-color:#F2F26B; padding:1px 1px; border:1px;}\n    .highlight03 {font-weight:bold; line-height:1.5em; background-color:#F9BF72; padding:3px 10px; border:2px; border-radius:10px;}\n   .box01 {margin: 5px; border:1px #19130B solid; border-radius:5px; padding:10px;}\n    .box02 {margin: 5px; font-weight:bold; line-height:1.5em; padding:10px; border:1px #19130B solid; border-radius:5px; float: left;}\n    h3 {border:2px #000 solid; border-width:0px 0px 1px 0px; padding-width:0px 0px 3px 0px;}\n    h4 {border:2px #000 solid; border-width:0px 0px 1px 0px; padding-width:3px 0px 3px 0px;margin: 3px 0px 10px 0px ;font-weight:bold; line-height:1.5em;  }\n<\/style>\n<h4>(1)\u66f4\u65b0\u7db2\u7ad9\u6191\u8b49\uff08\u975e\u624b\u52d5\u91cd\u65b0\u7533\u8acb\uff09<\/h4>\n<p>\u4f9d\u64da certbot \u7684\u529f\u80fd\uff0c\u53ea\u8981\u8f38\u5165<span class=\"highlight01\"> sudo certbot renew <\/span>\uff0c\u4fbf\u53ef\u4ee5\u66f4\u65b0\u6191\u8b49\u3002<\/p>\n<p>\u4f46\u6211\u4e00\u958b\u59cb\u5728\u8f38\u5165\u4e4b\u5f8c\uff0c\u51fa\u73fe\u4ee5\u4e0b\u932f\u8aa4\u8a0a\u606f\uff1a<\/p>\n<blockquote class=\"highlight03\"><p>\nFailed to renew certificate yowlab.idv.tw with error: The manual plugin is not working; there may be problems with your existing configuration.<\/p>\n<p>The error was: PluginError(&#8216;An authentication script must be provided with &#8211;manual-auth-hook when using the manual plugin non-interactively.&#8217;)\n<\/p><\/blockquote>\n<p>&nbsp;<\/p>\n<p>\u539f\u4f86\u662f\u6211\u7684\u7db2\u7ad9(yowlab.idv.tw)\u4f7f\u7528\u4e86\u624b\u52d5\u65b9\u5f0f\u4f86\u7372\u53d6\u8b49\u66f8\uff0c\u800c\u6191\u8b49\u66f4\u65b0\u6642\uff0cCertbot \u9700\u8981\u4e00\u500b\u8eab\u4efd\u9a57\u8b49\u8173\u672c\u4f86\u8b49\u660e\u6211\u5c0d\u6211\u7684\u7db2\u57df\u540d\u7a31(yowlab.idv.tw)\u64c1\u6709\u63a7\u5236\u6b0a\u3002<\/p>\n<p>\u9069\u5408\u6211\u7684\u89e3\u6c7a\u65b9\u6cd5\uff1a<br \/>\n<span class=\"highlight01\"> sudo certbot renew &#8211;manual-auth-hook  \/etc\/letsencrypt\/renewal\/auth-hook.sh <\/span><\/p>\n<p>\u4f46\u662f\uff0c\u4ec0\u9ebc\u662f\u300cauth-hook.sh\u300d\uff1f\u7cfb\u7d71\u88e1\u9762\u4e26\u6c92\u6709\u9019\u500b\u6771\u897f\uff01<\/p>\n<p>\u65e2\u7136\u6c92\u6709\u9019\u500b\u6a94\u6848\uff0c\u6211\u5c31\u81ea\u5df1\u4f86\u65b0\u589e\u4e00\u500b\uff0c\u56e0\u70ba\u6211\u662f\u4f7f\u7528\u300cHTTP \u9a57\u8b49\u300d\u65b9\u5f0f\u4f86\u7533\u8acb\u6191\u8b49\uff0c\u6240\u4ee5 auth-hook.sh \u5167\u5bb9\u5982\u4e0b\uff1a<\/p>\n<div class=\"box01\">\n<pre>\r\n#!\/bin\/bash\r\n\r\n# \u78ba\u4fdd\u50b3\u5165\u4e86\u6240\u6709\u5fc5\u8981\u7684\u74b0\u5883\u8b8a\u6578\r\nif [ -z \"$CERTBOT_TOKEN\" ] || [ -z \"$CERTBOT_VALIDATION\" ] || [ -z \"$CERTBOT_DOMAIN\" ]; then\r\n    echo \"\u7f3a\u5c11\u5fc5\u8981\u7684\u74b0\u5883\u8b8a\u6578\" >&2\r\n    exit 1\r\nfi\r\n\r\n# \u8a2d\u5b9a Web \u670d\u52d9\u5668\u6839\u76ee\u9304\uff0c\u4f9d\u64da\u81ea\u5df1\u7db2\u7ad9\u76ee\u9304\u4f86\u505a\u8a2d\u5b9a\r\nWEBROOT=\"\/var\/www\/html\"\r\n\r\n# \u5275\u5efa\u9a57\u8b49\u6587\u4ef6\r\nmkdir -p \"$WEBROOT\/.well-known\/acme-challenge\"\r\necho \"$CERTBOT_VALIDATION\" > \"$WEBROOT\/.well-known\/acme-challenge\/$CERTBOT_TOKEN\"\r\n\r\n# \u7d66\u4e88\u8db3\u5920\u7684\u6642\u9593\u8b93\u8b8a\u66f4\u751f\u6548\r\nsleep 10\r\n\r\necho \"HTTP \u9a57\u8b49\u6587\u4ef6\u5df2\u5275\u5efa\"\r\n<\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<p>\u5728\u65b0\u589e\u300cauth-hook.sh\u300d\u6a94\u6848\u8207\u57f7\u884c <span class=\"highlight01\"> sudo certbot renew &#8211;manual-auth-hook  \/etc\/letsencrypt\/renewal\/auth-hook.sh <\/span> \u5f8c\uff0c\u4fbf\u53ef\u4ee5\u9054\u6210\u66f4\u65b0\u6191\u8b49\u76ee\u7684\u3002<\/p>\n<p>\u4f46\u82e5\u5c07<span class=\"highlight01\"> manual_auth_hook = \/etc\/letsencrypt\/renewal\/auth-hook.sh  <\/span> \u9019\u4e00\u884c\u653e\u5165\u8a2d\u5b9a\u6a94\uff1a<span class=\"highlight01\"> \/etc\/letsencrypt\/renewal\/(\u57df\u540d).conf <\/span> \u88e1\u9762\uff0c\u4fbf\u80fd\u7c21\u5316\u6210\u53ea\u8981\u8f38\u5165\uff1a<span class=\"highlight01\"> sudo certbot renew <\/span>\uff0c\u4fbf\u53ef\u4ee5\u9054\u6210\u66f4\u65b0\u6191\u8b49\u76ee\u7684\u3002<\/p>\n<p>&nbsp;<\/p>\n<h4>(2)\u6bcf90\u5929\uff0c\u81ea\u52d5\u81ea\u52d5\u66f4\u65b0\u6191\u8b49<\/h4>\n<p><span class=\"highlight01\">\u8981\u9054\u6210\u6bcf90\u5929\uff0c\u81ea\u52d5\u81ea\u52d5\u66f4\u65b0\u6191\u8b49<\/span>\u9019\u4e00\u4ef6\u4e8b\uff0c\u7c21\u55ae\u8aaa\uff0c\u53ea\u8981\u8b93 cron \u6bcf 90 \u5929\u57f7\u884c\u4e00\u6b21<span class=\"highlight01\"> sudo certbot renew <\/span> \u52d5\u4f5c\u5c31\u597d\u3002<\/p>\n<p>\u554f\u984c\u662f\uff5e \/etc\/crontab \u4e26\u7121\u6cd5\u505a\u51fa\u6bcf90\u5929\u57f7\u884c\u4e00\u6b21\u7684\u8a2d\u5b9a\u3002<\/p>\n<p>\u800c\u53ef\u4ee5\u9054\u6210\u9019\u500b\u76ee\u6a19\u7684\u65b9\u6cd5\u6709\u4e0d\u5c11\uff0c\u6211\u63a1\u7528\u4ee5\u4e0b\u65b9\u6cd5\u3002<\/p>\n<ol>\n<li>\u5148\u5efa\u7acb\u4e00\u500b\u5224\u65b7\u662f\u5426 90\u5929\u671f\u9650\u5df2\u5230\u7684\u7a0b\u5f0f\uff1a<span class=\"highlight01\"> run_every_90_days.sh <\/span><\/li>\n<div class=\"box01\">\n<pre>\r\n#!\/usr\/bin\/bash\r\n\r\nLAST_RUN_FILE=\"\/etc\/letsencrypt\/renewal\/last_run_file\"\r\nCURRENT_TIME=$(date +%s)\r\n\r\nif [ ! -f \"$LAST_RUN_FILE\" ]; then\r\n    # \u5982\u679c\u6587\u4ef6\u4e0d\u5b58\u5728\uff0c\u5275\u5efa\u5b83\u4e26\u57f7\u884c\u547d\u4ee4\r\n    echo $CURRENT_TIME > \"$LAST_RUN_FILE\"\r\n    \/usr\/bin\/certbot renew \r\nelse\r\n    LAST_RUN_TIME=$(cat \"$LAST_RUN_FILE\")\r\n    DAYS_SINCE_LAST_RUN=$(( ($CURRENT_TIME - $LAST_RUN_TIME) \/ 86400 ))\r\n    \r\n    if [ $DAYS_SINCE_LAST_RUN -ge 90 ]; then\r\n        # \u5982\u679c\u8ddd\u96e2\u4e0a\u6b21\u57f7\u884c\u5df2\u7d93\u904e\u4e86 90 \u5929\u6216\u66f4\u9577\u6642\u9593\uff0c\u57f7\u884c\u547d\u4ee4\r\n        echo $CURRENT_TIME > \"$LAST_RUN_FILE\"\r\n       \/usr\/bin\/certbot renew \r\n    fi\r\nfi\r\n<\/pre>\n<\/div>\n<p>&nbsp;<\/p>\n<li>\u518d\u5230<span class=\"highlight01\"> \/etc\/crontab <\/span>\u8a2d\u5b9a\u6bcf\u5929\u51cc\u66680\u6642\u5b9a\u6642\u57f7\u884c<\/li>\n<div class=\"box01\">\n0  0  *  *   *  root    \/etc\/letsencrypt\/renewal\/run_every_90_days.sh\n<\/div>\n<p>&nbsp;<\/p>\n<li>\u6700\u5f8c\u8a18\u5f97\u91cd\u65b0\u555f\u52d5 cron \u670d\u52d9\uff0c\u597d\u8b93\u7cfb\u7d71\u80fd\u5920\u8a18\u5f97\u57f7\u884c\u3002<\/li>\n<p><span class=\"highlight01\"> sudo service cron restart<\/span><\/p>\n<p>&nbsp;<\/p>\n<\/ol>\n<h3>\u88dc\u5145\u4e8b\u9805<\/h3>\n<ol>\n<li>\u300ccertbot renew &#8211;dry-run\u300d\uff0c\u6a21\u64ec\u6191\u8b49\u66f4\u65b0\u52d5\u4f5c<\/li>\n<p>\u5728\u505a\u6191\u8b49\u66f4\u65b0\u6642\uff1a\u300ccertbot renew\u300d\uff0c\u53ef\u4ee5\u5148\u4e0b\uff1a\u300ccertbot renew &#8211;dry-run\u300d\uff0c\u6a21\u64ec\u6191\u8b49\u66f4\u65b0\u662f\u5426\u6b63\u78ba\uff0c\u4ee5\u514d\u767c\u751f\u4e0d\u5bb9\u6613\u633d\u56de\u7684\u932f\u8aa4\u3002<\/p>\n<li>\u300ccertbot certificates\u300d\uff0c\u53ef\u4ee5\u89c0\u770b\u76ee\u524d\u6191\u8b49\u72c0\u6cc1\u3002<\/li>\n<li>\u6191\u8b49\u66f4\u65b0\u5b8c\u6210\u5f8c\uff0c\u8a18\u5f97\u8981\u5c07\u6240\u6709\u8207\u6191\u8b49\u6709\u76f8\u95dc\u7684\u670d\u52d9\u91cd\u65b0\u555f\u52d5\u3002<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>\u4e09\u5e74\u524d \u4f7f\u7528 Certbot \u4f86\u70ba\u7db2\u7ad9\u7533\u8acb Let&#8217;s Encrtpt <a class=\"more-link\" href=\"https:\/\/yowlab.idv.tw\/wordpress\/?p=2505\">Continue reading <span class=\"screen-reader-text\">  \u8b93 Certbot \u53ef\u4ee5\u6bcf90\u5929\u81ea\u52d5\u66f4\u65b0 Let&#8217;s Encrypt \u6191\u8b49<\/span><span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[59,60,61],"class_list":["post-2505","post","type-post","status-publish","format-standard","hentry","category-3","tag-certbot","tag-lets-encrypt","tag-ssl"],"_links":{"self":[{"href":"https:\/\/yowlab.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yowlab.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/yowlab.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/yowlab.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/yowlab.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2505"}],"version-history":[{"count":38,"href":"https:\/\/yowlab.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2505\/revisions"}],"predecessor-version":[{"id":2593,"href":"https:\/\/yowlab.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/2505\/revisions\/2593"}],"wp:attachment":[{"href":"https:\/\/yowlab.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/yowlab.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/yowlab.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}