Let’s Encrypt 更新失敗解決方式

Let’s Encrypt 是一個免費的 SSL 憑證服務,他提供您 90天期的免費 SSL 憑證,該服務會在憑證到期前通知您,您必須在過期前後再更新憑證,以保持憑證的有效性,而我呢,第一次遇到過期,雖然我有設定cron job 去更新,結果發現憑證還是沒有更新,進去console上手動再執行一次更新,出現下列錯誤。

Attempting to renew cert (www.xxxx.com) from /etc/letsencrypt/renewal/xxxxxx.conf produced an unexpec
ted error: Problem binding to port 443: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/XXXXXXXXXX/fullchain.pem (failure)
-------------------------------------------------------------------------------
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/XXXXXXXXX/fullchain.pem (failure)
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)

在網路上尋解決方案,普遍上都是 Nginx 來解答,但不管你是用 Nginx or Apache,解決方式是:
– 關閉 Nginx or Apache
– 更新憑證
– 開啟 Nginx or Apache

Cron 也要改一下
0 0 10 2,5,8,11 * /etc/init.d/nginx stop && ~/certbot-auto renew && /etc/init.d/nginx start

就是這樣而已,去試試吧。

Related Posts

發佈留言