這2天差點網站的SSL憑證就過期了,原因是因為acme.sh他不會自動更新憑證。
查了一下acme.sh的log後,發現從7月底就已經出現更新失敗的訊息。
看了一下應該是沒有更新acme.sh的關係,所以使用下列指令更新。
acme.sh --upgrade --auto-upgrade
如果是使用Let’s Encrypt的人必須注意,acme.sh在2021/8月的更新中,將預設的認證單位從原先的Let’s Encrypt改成ZeroSSL。
所以要繼續使用 Let’s Encrypt 的話就必須使用下列指令將預設改回來。
acme.sh --set-default-ca --server letsencrypt
然後再重新使用–renew就可以順利的完成跟新SSL憑證囉
[Wed Aug 25 18:04:19 CST 2021] ^[[1;32mCert success.^[[0m [Wed Aug 25 18:04:19 CST 2021] Your cert is in: ^[[1;32m/root/.acme.sh/www.est.idv.tw/www.est.idv.tw.cer^[[0m [Wed Aug 25 18:04:19 CST 2021] Your cert key is in: ^[[1;32m/root/.acme.sh/www.est.idv.tw/www.est.idv.tw.key^[[0m [Wed Aug 25 18:04:19 CST 2021] The intermediate CA cert is in: ^[[1;32m/root/.acme.sh/www.est.idv.tw/ca.cer^[[0m [Wed Aug 25 18:04:19 CST 2021] And the full chain certs is there: ^[[1;32m/root/.acme.sh/www.est.idv.tw/fullchain.cer^[[0m [Wed Aug 25 18:04:19 CST 2021] Installing cert to: /etc/ssl/certificate.crt [Wed Aug 25 18:04:19 CST 2021] Installing key to: /etc/ssl/private/private.key [Wed Aug 25 18:04:19 CST 2021] Installing full chain to: /etc/ssl/certs/ca_bundle.crt [Wed Aug 25 18:04:19 CST 2021] Run reload cmd: service apache2 restart [Wed Aug 25 18:04:20 CST 2021] ^[[1;32mReload success^[[0m [Wed Aug 25 18:04:20 CST 2021] _on_issue_success