官网
安装
先安装 snapd,使用 snap 安装 certbot 可以隔离环境影响
yum install snapd
# 设置为开机启动并立即启动
sudo systemctl enable --now snapd
# 建立软链接
sudo ln -s /var/lib/snapd/snap /snap
# 安装内核
sudo snap install core
# 安装certbot
sudo snap install --classic certbot
# 添加软链接
sudo ln -s /snap/bin/certbot /usr/bin/certbot
异常处理
因为 DNS 被污染,需要修改 hosts,否则更新证书会报错
OCSP check failed for /etc/letsencrypt/archive/****/cert1.pem (are we offline?)
Traceback (most recent call last):
File "/var/lib/snapd/snap/certbot/652/lib/python3.8/site-packages/urllib3/connection.py", line 159, in _new_conn
conn = connection.create_connection(
File "/var/lib/snapd/snap/certbot/652/lib/python3.8/site-packages/urllib3/util/connection.py", line 84, in create_connection
raise err
File "/var/lib/snapd/snap/certbot/652/lib/python3.8/site-packages/urllib3/util/connection.py", line 74, in create_connection
sock.connect(sa)
socket.timeout: timed out
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/lib/snapd/snap/certbot/652/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/var/lib/snapd/snap/certbot/652/lib/python3.8/site-packages/urllib3/connectionpool.py", line 392, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/var/lib/snapd/snap/certbot/652/usr/lib/python3.8/http/client.py", line 1240, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/var/lib/snapd/snap/certbot/652/usr/lib/python3.8/http/client.py", line 1286, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/var/lib/snapd/snap/certbot/652/usr/lib/python3.8/http/client.py", line 1235, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/var/lib/snapd/snap/certbot/652/usr/lib/python3.8/http/client.py", line 1006, in _send_output
self.send(msg)
File "/var/lib/snapd/snap/certbot/652/usr/lib/python3.8/http/client.py", line 946, in send
self.connect()
File "/var/lib/snapd/snap/certbot/652/lib/python3.8/site-packages/urllib3/connection.py", line 187, in connect
conn = self._new_conn()
File "/var/lib/snapd/snap/certbot/652/lib/python3.8/site-packages/urllib3/connection.py", line 164, in _new_conn
raise ConnectTimeoutError(
urllib3.exceptions.ConnectTimeoutError: (<urllib3.connection.HTTPConnection object at 0x7f0b8b71cc10>, 'Connection to ocsp.int-x3.letsencrypt.org timed out. (connect timeout=10)')
修改 hosts 添加域名地址
vim /etc/hosts
23.32.3.72 ocsp.int-x3.letsencrypt.org
生成、更新证书
自动生成、安装证书,按提示操作
sudo certbot --nginx
测试是否可以正常执行
sudo certbot renew --dry-run
安装 snapd 时已经自动创建了定时任务更新证书,官网原文
The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration.
需要手动执行时,去掉 --dry-run正式执行
sudo certbot renew