时间戳

首页 > 解决方案 > 使用 Certbot 续订 SSL 证书,无需使用不需要的域

nginx - 使用 Certbot 续订 SSL 证书,无需使用不需要的域

问题描述

目前我的 certbot 无法续订,因为其中一个子域不再有效:unneededsubdomain.foo.co.ukwww.unneededsubdomain.foo.co.uk.

这是因为我已删除域记录,因为我不再需要将它链接到此服务器。但是,我仍然想更新所有其他子域的证书,例如:foo.co.uk www.foo.co.ukapi.foo.co.uk.

这就是我的输出与运行时的相似certbot renew

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/foo.co.uk-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/foo.co.uk.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for unneededsubdomain.foo.co.uk
http-01 challenge for www.unneededsubdomain.foo.co.uk
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (foo.co.uk) from /etc/letsencrypt/renewal/foo.co.uk.conf produced an unexpected error: Failed authorization procedure. www.unneededsubdomain.foo.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from ... :: The client lacks sufficient authorization :: Invalid response from .... Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/foo.co.uk/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/foo.co.uk-0001/fullchain.pem expires on 2019-07-06 (skipped)
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/foo.co.uk/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.unneededsubdomain.foo.co.uk
   Type:   unauthorized
   Detail: Invalid response from
   ...

   Domain: unneededsubdomain.foo.co.uk
   Type:   unauthorized
   Detail: Invalid response from
   ...

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

如您所见,续订失败是因为它尝试续订不再需要的证书。如果没有这个不需要的子域,我如何成功更新我的证书?

(注意:foo.co.uk 当然不是我的实际站点。我只是用一个虚拟名称替换它)

标签: nginxcertbot

解决方案

推荐阅读