本文最后更新于 788 天前,其中的信息可能已经有所发展或是发生改变。
请把文章内出现的xxx.com换成你自己的域名
问题
当我在ssh中输入sudo certbot renew时,certbot出现错误:
Renewal configuration file /etc/letsencrypt/renewal/xxx.com.conf is broken.
The error was: expected /etc/letsencrypt/live/xxx.com/cert.pem to be a symlink
Skipping.问题分析
/etc/letsencrypt/live/xxx.com/*.pem文件不是软连接形式存在,certbot无法进行证书更新。
解决方法
删除live/xxx.com/中已存在的pem文件,并重新建立软连接。
输入以下命令:
sudo chmod -R 0755 /etc/letsencrypt/live/
sudo chmod -R 0755 /etc/letsencrypt/renewal/
sudo chmod -R 0755 /etc/letsencrypt/archive/
sudo rm /etc/letsencrypt/live/xxx.com/*.pem
sudo ln -s /etc/letsencrypt/archive/xxx.com/cert1.pem /etc/letsencrypt/live/xxx.com/cert.pem
sudo ln -s /etc/letsencrypt/archive/xxx.com/chain1.pem /etc/letsencrypt/live/xxx.com/chain.pem
sudo ln -s /etc/letsencrypt/archive/xxx.com/fullchain1.pem /etc/letsencrypt/live/xxx.com/fullchain.pem
sudo ln -s /etc/letsencrypt/archive/xxx.com/privkey1.pem /etc/letsencrypt/live/xxx.com/privkey.pem
sudo certbot update_symlinks
sudo certbot renew现在应该就能正常更新证书了。
自动脚本
如果需要更新证书的域名很多的话,这样一个一个更新还是太慢了,所以我写了个脚本,可以自动化创建软连接这一步。
请在执行脚本前运行以下命令:
sudo chmod -R 0755 /etc/letsencrypt/live/
sudo chmod -R 0755 /etc/letsencrypt/renewal/
sudo chmod -R 0755 /etc/letsencrypt/archive/脚本代码:
(↑请解压后使用)
#!/bin/bash
# author: NuoTian
files=$(ls /etc/letsencrypt/archive/)
for filename in $files
do
rm /etc/letsencrypt/live/$filename/*.pem
ln -s /etc/letsencrypt/archive/$filename/cert1.pem /etc/letsencrypt/live/$filename/cert.pem
ln -s /etc/letsencrypt/archive/$filename/chain1.pem /etc/letsencrypt/live/$filename/chain.pem
ln -s /etc/letsencrypt/archive/$filename/fullchain1.pem /etc/letsencrypt/live/$filename/fullchain.pem
ln -s /etc/letsencrypt/archive/$filename/privkey1.pem /etc/letsencrypt/live/$filename/privkey.pem
echo "$filename更新完成"
done
echo "文件更新完成"
如果运行脚本时提示“ $’\r’: command not found ”,请先执行 dos2unix symlink.sh
脚本运行完之后执行:
sudo certbot update_symlinks
sudo certbot renew现在检查网站证书信息,看看有没有更新成功。
