今天登录服务器,想增加一个新的子域名,又想到了很久之前一直想折腾的这个泛域名证书,现在每次新增子域名都得重新申请子域名证书,过于麻烦,所以决定折腾一下。
certbot certonly --cert-name xwenliang.cn -d xwenliang.cn -d *.xwenliang.cn
报错:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
原来泛域名证书需要指定 --preferred-challenges dns
certbot certonly --manual --preferred-challenges dns --cert-name xwenliang.cn -d xwenliang.cn -d *.xwenliang.cn
按照提示去域名服务商后台配置 TXT 类型的记录后,等待几分钟再进行下一步
通过后有一个警告:
this certificate will not be renewed automatically
尝试执行: certbot renew --force-renewal
报错:
Failed to renew certificate xwenliang.cn with error: The manual plugin is not working; there may be problems with your existing configuration. The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.')
certbot certonly --cert-name xwenliang.cn -d xwenliang.cn -d *.xwenliang.cn
选择覆盖原来的证书
certbot renew --force-renewal
更新成功,但不知道这么做有没有什么坑,记录一下。
全文完,觉得本文对你有帮助吗?
讨论(0)