知识分享

分享、变通、创造、创新

certbot自动签发非80端口ssl证书

· 2026年2月22日

一、certbot手动签发非80端口ssl证书

 

远程连接阿里云轻量级服务器IP47.100.252.46

Certificate is saved at:      /etc/letsencrypt/live/c.zhonjin.com/fullchain.pem

Key is saved at:         /etc/letsencrypt/live/c.zhonjin.com/privkey.pem

Successfully deployed certificate for c.zhonjin.com to

 /etc/apache2/sites-available/000-default-le-ssl.conf

 

/etc/letsencrypt/archive/z.zhonjin.com

 sudo chown stevenroc:stevenroc /etc/letsencrypt/archive/

 

ubuntu 目录下面文件夹下面所有子文件夹及文件都改为用户及用户组stevenroc

 

sudo chown -R stevenroc:stevenroc /etc/letsencrypt/archive

 

 

2SSL证书位置调整

cd /etc/apache2/sites-available/

sudo nano default-ssl.conf

3

cd /etc/apache2/cert/

 

SSLCertificateFile       /etc/apache2/cert/chanking.zhonjin.com.crt

SSLCertificateChainFile  /etc/apache2/cert/chanking.zhonjin.com_chain.pem

SSLCertificateKeyFile    /etc/apache2/cert/chanking.zhonjin.com_key.key

更新如下:

SSLCertificateFile /etc/letsencrypt/archive/chanking.zhonjin.com/fullchain1.pem
SSLCertificateChainFile /etc/letsencrypt/archive/chanking.zhonjin.com/chain1.pem
SSLCertificateKeyFile /etc/letsencrypt/archive/chanking.zhonjin.com/privkey1.pem

SSLCertificateFile /etc/apache2/cert/fullchain1.pem
SSLCertificateChainFile /etc/apache2/cert/chain1.pem
SSLCertificateKeyFile /etc/apache2/cert/privkey1.pem

sudo systemctl restart apache2

======================================================

 

stevenroc@stevenroc:~ $ sudo apt update
stevenroc@stevenroc:~ $ sudo apt install -y python3-venv python3-full certbot
stevenroc@stevenroc:~ $ sudo mkdir -p /opt/certbot
stevenroc@stevenroc:~ $ sudo python3 -m venv /opt/certbot
stevenroc@stevenroc:~ $ sudo /opt/certbot/bin/pip install certbot certbot-dns-aliyun
stevenroc@stevenroc:~ $ sudo ln -sf /opt/certbot/bin/certbot /usr/local/bin/certbot
stevenroc@stevenroc:~ $ certbot –version
certbot 5.3.1
stevenroc@stevenroc:~ $ certbot plugins | grep aliyun
* dns-aliyun
Entry point: EntryPoint(name=’dns-aliyun’,
value=’certbot_dns_aliyun.dns_aliyun:Authenticator’, group=’certbot.plugins’)
stevenroc@stevenroc:~ $ sudo tee /etc/letsencrypt/aliyun.ini > /dev/null <<EOF
> dns_aliyun_access_key =LTAI5tL5WczcEjZTQRov3sGa
> dns_aliyun_access_key_secret =mudlqruUKkaaVdiyW9FFmjMsEIHkSb
> EOF
输入EOF回车
stevenroc@stevenroc:~ $ sudo chmod 600 /etc/letsencrypt/aliyun.ini
stevenroc@stevenroc:~ $ sudo chown stevenroc:stevenroc /etc/letsencrypt/aliyun.ini

 

stevenroc@stevenroc:~ $ sudo certbot certonly –authenticator dns-aliyun  –dns-aliyun-credentials /etc/letsencrypt/aliyun.ini   -d zhonjin.com -d chanking.zhonjin.com

stevenroc@stevenroc:~ $ sudo certbot certonly –authenticator dns-aliyun –dns-aliyun-credentials /etc/letsencrypt/aliyun.ini -d git.zhonjin.com

stevenroc@stevenroc:~ $ sudo certbot certonly –authenticator dns-aliyun –dns-aliyun-credentials /etc/letsencrypt/aliyun.ini -d k.zhonjin.com

 

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for c.zhonjin.com
Waiting 30 seconds for DNS changes to propagate

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/c.zhonjin.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/c.zhonjin.com/privkey.pem
This certificate expires on 2026-05-23.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – -再次确认stevenroc权限
stevenroc@stevenroc:~ $ sudo chown stevenroc:stevenroc /etc/letsencrypt/archive

sudo chown -R stevenroc:stevenroc /etc/letsencrypt/archive

复制ssl证书备用

ubuntu 复制目录文件夹下面所有子文件夹及文件到另一个位置,并都改为用户及用户组

sudo rsync -av –chown=stevenroc:stevenroc /etc/letsencrypt/archive/ /etc/letsencrypt/archiveex/

sudo rsync -av –chown=stevenroc:stevenroc  /etc/apache2/sites-available/  /etc/apache2/sites-availableex/

 

二、自动90天签发ssl证书,复制下列脚本

sudo tee /usr/local/bin/certbot-renew.sh > /dev/null <<‘EOF’
#!/bin/bash

# 日志文件
LOG_FILE=”/var/log/letsencrypt/renewal.log”

# 创建日志目录
mkdir -p /var/log/letsencrypt

echo “========== $(date) ==========” >> “$LOG_FILE”

# 续期证书
/opt/certbot/bin/certbot renew \
–authenticator dns-aliyun \
–dns-aliyun-credentials /etc/letsencrypt/aliyun.ini \
–quiet \
–no-random-sleep-on-renew \
>> “$LOG_FILE” 2>&1

RENEW_STATUS=$?

if [ $RENEW_STATUS -eq 0 ]; then
echo “证书续期成功: $(date)” >> “$LOG_FILE”

# 在这里添加重启服务的命令(根据你的web服务器选择)
# Nginx
# systemctl reload nginx

# Apache
# systemctl reload apache2

# 或者同时支持两者
if systemctl is-active –quiet nginx; then
systemctl reload nginx
echo “Nginx已重载” >> “$LOG_FILE”
fi

if systemctl is-active –quiet apache2; then
systemctl reload apache2
echo “Apache已重载” >> “$LOG_FILE”
fi

else
echo “证书续期失败: $(date)” >> “$LOG_FILE”
fi

# 同步证书文件,有问题注销掉。

rsync -av –chown=stevenroc:stevenroc /etc/letsencrypt/archive/ /etc/letsencrypt/archiveex/

echo “” >> “$LOG_FILE”
EOF
sudo chmod +x /usr/local/bin/certbot-renew.sh

三、添加certbot-renew.sh自动执行

3. 添加定时任务(cron)
sudo crontab -e

添加以下内容(每月1日和15日执行,避免在整点执行以减少服务器负载):
# Certbot SSL证书自动续期 – 每月1日和15日的凌晨2:30执行
#30 2 1,15 * * /usr/local/bin/certbot-renew.sh

# 或者每周执行一次(推荐)
30 2 * * 1 /usr/local/bin/certbot-renew.sh

 

4. 验证定时任务

# 查看root的cron任务
sudo crontab -l

# 测试脚本是否能正常运行
sudo /usr/local/bin/certbot-renew.sh

# 查看日志
sudo tail -f /var/log/letsencrypt/renewal.log

5. 检查证书有效期
bash
# 查看所有证书
sudo certbot certificates

# 查看特定证书到期时间
echo | openssl s_client -servername chanking.zhonjin.com -connect chanking.zhonjin.com:40717 2>/dev/null | openssl x509 -noout -dates

 

/etc/letsencrypt/archive/chanking.zhonjin.com

 

/etc/letsencrypt/archive/chanking.zhonjin.com

四、

Let’s Encrypt 证书有两个目录:
• ❌ archive/:实际存储证书文件,续期后会生成 fullchain2.pem、fullchain3.pem,路径会变,导致网站证书失效
• ✅ live/:软链接(快捷方式),永远指向最新的证书,官方唯一推荐使用

四、1)、更新SSL证书2个域名证书 bug修复如下
sudo nano /etc/apache2/sites-available/default-ssl.conf

SSLCertificateFile /etc/letsencrypt/archive/zhonjin.com/fullchain1.pem
SSLCertificateChainFile /etc/letsencrypt/archive/zhonjin.com/chain1.pem
SSLCertificateKeyFile /etc/letsencrypt/archive/zhonjin.com/privkey1.pem

修改如下
SSLCertificateFile /etc/letsencrypt/archive/zhonjin.com/fullchain.pem
SSLCertificateChainFile /etc/letsencrypt/archive/zhonjin.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/archive/zhonjin.com/privkey.pem

2)、
sudo nano /etc/apache2/sites-available/git.zhonjin.com-ssl.conf

SSLCertificateFile /etc/letsencrypt/archive/git.zhonjin.com/fullchain1.pem
SSLCertificateChainFile /etc/letsencrypt/archive/git.zhonjin.com/chain1.pem
SSLCertificateKeyFile /etc/letsencrypt/archive/git.zhonjin.com/privkey1.pem

修改如下
SSLCertificateFile /etc/letsencrypt/archive/git.zhonjin.com/fullchain.pem
SSLCertificateChainFile /etc/letsencrypt/archive/git.zhonjin.com/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/archive/git.zhonjin.com/privkey.pem

五、
certbot 自动90天更新证书。命令核心作用
把 Apache 配置里「旧的、带数字编号的证书绝对路径」,替换成 Let's Encrypt 官方推荐的「标准软链接路径」**
涉及两个域名:
1. 主域名 `zhonjin.com`(配置文件:`default-ssl.conf`)
2. 子域名 `git.zhonjin.com`(配置文件:`git.zhonjin.com-ssl.conf`)

sudo sed -i 's|/etc/letsencrypt/archive/zhonjin.com/fullchain1.pem|/etc/letsencrypt/live/zhonjin.com/fullchain.pem|g' /etc/apache2/sites-available/default-ssl.conf
sudo sed -i 's|/etc/letsencrypt/archive/zhonjin.com/privkey1.pem|/etc/letsencrypt/live/zhonjin.com/privkey.pem|g' /etc/apache2/sites-available/default-ssl.conf

sudo sed -i 's|/etc/letsencrypt/archive/git.zhonjin.com/fullchain1.pem|/etc/letsencrypt/live/git.zhonjin.com/fullchain.pem|g' /etc/apache2/sites-available/git.zhonjin.com-ssl.conf
sudo sed -i 's|/etc/letsencrypt/archive/git.zhonjin.com/privkey1.pem|/etc/letsencrypt/live/git.zhonjin.com/privkey.pem|g' /etc/apache2/sites-available/git.zhonjin.com-ssl.conf

2. 为什么要替换路径?(核心知识点)
Let's Encrypt 证书有两个目录:
- ❌ `archive/`:**实际存储证书文件**,续期后会生成 `fullchain2.pem`、`fullchain3.pem`,路径会变,导致网站证书失效
- ✅ `live/`:**软链接(快捷方式)**,永远指向最新的证书,**官方唯一推荐使用**

 

六、撤销https SSL证书

# 撤销指定域名的证书sudo /opt/certbot/bin/certbot revoke –cert-name chanking.zhonjin.com

 

sudo /opt/certbot/bin/certbot revoke –cert-name zhonjin.com

sudo /opt/certbot/bin/certbot revoke –cert-name git.zhonjin.com

sudo /opt/certbot/bin/certbot revoke –cert-name k.zhonjin.com

 

——————————————————————————————————
stevenroc@stevenroc:~ $ sudo mkdir -p /etc/letsencrypt/archive
stevenroc@stevenroc:~ $ sudo chown stevenroc:stevenroc /etc/letsencrypt/archive

——————————-
stevenroc@stevenroc:~ $ sudo apt update
Hit:1 http://deb.debian.org/debian bookworm InRelease
Hit:2 http://deb.debian.org/debian-security bookworm-security InRelease
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
Hit:4 http://archive.raspberrypi.com/debian bookworm InRelease
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
All packages are up to date.
stevenroc@stevenroc:~ $ sudo apt install -y python3-venv python3-full certbot
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
python3-venv is already the newest version (3.11.2-1+b1).
certbot is already the newest version (2.1.0-4).
The following packages were automatically installed and are no longer required:
avahi-utils chromium-browser chromium-browser-l10n chromium-codecs-ffmpeg-extra edid-decode gir1.2-handy-1 gir1.2-packagekitglib-1.0
gir1.2-polkit-1.0 libbasicusageenvironment1 libc++1-16 libc++abi1-16 libcamera0.3 libcamera0.4 libgroupsock8 liblivemedia77
libqt5qmlworkerscript5 libqt5quickcontrols2-5 libqt5quicktemplates2-5 libunwind-16 libwlroots12 libxcb-cursor0
linux-headers-6.12.20+rpt-common-rpi linux-headers-6.12.20+rpt-rpi-2712 linux-headers-6.12.20+rpt-rpi-v8
linux-headers-6.12.25+rpt-common-rpi linux-headers-6.12.25+rpt-rpi-2712 linux-headers-6.12.25+rpt-rpi-v8
linux-headers-6.12.34+rpt-common-rpi linux-headers-6.12.34+rpt-rpi-2712 linux-headers-6.12.34+rpt-rpi-v8
linux-headers-6.6.31+rpt-common-rpi linux-headers-6.6.31+rpt-rpi-2712 linux-headers-6.6.31+rpt-rpi-v8 linux-headers-6.6.47+rpt-common-rpi
linux-headers-6.6.47+rpt-rpi-2712 linux-headers-6.6.47+rpt-rpi-v8 linux-headers-6.6.51+rpt-common-rpi linux-headers-6.6.51+rpt-rpi-2712
linux-headers-6.6.51+rpt-rpi-v8 linux-headers-6.6.62+rpt-common-rpi linux-headers-6.6.62+rpt-rpi-2712 linux-headers-6.6.62+rpt-rpi-v8
linux-headers-6.6.74+rpt-common-rpi linux-headers-6.6.74+rpt-rpi-2712 linux-headers-6.6.74+rpt-rpi-v8 linux-image-6.12.20+rpt-rpi-2712
linux-image-6.12.20+rpt-rpi-v8 linux-image-6.12.25+rpt-rpi-2712 linux-image-6.12.25+rpt-rpi-v8 linux-image-6.12.34+rpt-rpi-2712
linux-image-6.12.34+rpt-rpi-v8 linux-image-6.6.31+rpt-rpi-2712 linux-image-6.6.31+rpt-rpi-v8 linux-image-6.6.47+rpt-rpi-2712
linux-image-6.6.47+rpt-rpi-v8 linux-image-6.6.51+rpt-rpi-2712 linux-image-6.6.51+rpt-rpi-v8 linux-image-6.6.62+rpt-rpi-2712
linux-image-6.6.62+rpt-rpi-v8 linux-image-6.6.74+rpt-rpi-2712 linux-image-6.6.74+rpt-rpi-v8 linux-kbuild-6.12.20+rpt
linux-kbuild-6.12.25+rpt linux-kbuild-6.12.34+rpt linux-kbuild-6.6.31+rpt linux-kbuild-6.6.47+rpt linux-kbuild-6.6.51+rpt
linux-kbuild-6.6.62+rpt linux-kbuild-6.6.74+rpt lxplug-network python3-v4l2 qml-module-qtgraphicaleffects qml-module-qtquick-controls2
qml-module-qtquick-layouts qml-module-qtquick-templates2 qml-module-qtquick-window2 qml-module-qtquick2
Use ‘sudo apt autoremove’ to remove them.
The following additional packages will be installed:
2to3 fonts-mathjax idle idle-python3.11 libjs-mathjax libpython3.11-testsuite python3-doc python3-examples python3-gdbm python3.11-doc
python3.11-examples python3.11-full
Suggested packages:
fonts-mathjax-extras fonts-stix libjs-mathjax-doc python3-gdbm-dbg
The following NEW packages will be installed:
2to3 fonts-mathjax idle idle-python3.11 libjs-mathjax libpython3.11-testsuite python3-doc python3-examples python3-full python3-gdbm
python3.11-doc python3.11-examples python3.11-full
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 25.1 MB of archives.
After this operation, 150 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main arm64 2to3 all 3.11.2-1 [10.0 kB]
Get:2 http://deb.debian.org/debian bookworm/main arm64 fonts-mathjax all 2.7.9+dfsg-1 [2,210 kB]
Get:3 http://deb.debian.org/debian bookworm/main arm64 libjs-mathjax all 2.7.9+dfsg-1 [5,667 kB]
Get:4 http://deb.debian.org/debian bookworm/main arm64 idle-python3.11 all 3.11.2-6+deb12u6 [357 kB]
Get:5 http://deb.debian.org/debian bookworm/main arm64 idle all 3.11.2-1 [2,824 B]
Get:6 http://deb.debian.org/debian bookworm/main arm64 libpython3.11-testsuite all 3.11.2-6+deb12u6 [3,370 kB]
Get:7 http://deb.debian.org/debian bookworm/main arm64 python3.11-doc all 3.11.2-6+deb12u6 [12.6 MB]
Get:8 http://deb.debian.org/debian bookworm/main arm64 python3-doc all 3.11.2-1 [9,208 B]
Get:9 http://deb.debian.org/debian bookworm/main arm64 python3.11-examples all 3.11.2-6+deb12u6 [798 kB]
Get:10 http://deb.debian.org/debian bookworm/main arm64 python3-examples all 3.11.2-1 [1,032 B]
Get:11 http://deb.debian.org/debian bookworm/main arm64 python3-gdbm arm64 3.11.2-3 [14.7 kB]
Get:12 http://deb.debian.org/debian bookworm/main arm64 python3.11-full arm64 3.11.2-6+deb12u6 [1,288 B]
Get:13 http://deb.debian.org/debian bookworm/main arm64 python3-full arm64 3.11.2-1+b1 [1,332 B]
Fetched 25.1 MB in 3s (7,923 kB/s)
Selecting previously unselected package 2to3.
(Reading database … 394769 files and directories currently installed.)
Preparing to unpack …/00-2to3_3.11.2-1_all.deb …
Unpacking 2to3 (3.11.2-1) …
Selecting previously unselected package fonts-mathjax.
Preparing to unpack …/01-fonts-mathjax_2.7.9+dfsg-1_all.deb …
Unpacking fonts-mathjax (2.7.9+dfsg-1) …
Selecting previously unselected package libjs-mathjax.
Preparing to unpack …/02-libjs-mathjax_2.7.9+dfsg-1_all.deb …
Unpacking libjs-mathjax (2.7.9+dfsg-1) …
Selecting previously unselected package idle-python3.11.
Preparing to unpack …/03-idle-python3.11_3.11.2-6+deb12u6_all.deb …
Unpacking idle-python3.11 (3.11.2-6+deb12u6) …
Selecting previously unselected package idle.
Preparing to unpack …/04-idle_3.11.2-1_all.deb …
Unpacking idle (3.11.2-1) …
Selecting previously unselected package libpython3.11-testsuite.
Preparing to unpack …/05-libpython3.11-testsuite_3.11.2-6+deb12u6_all.deb …
Unpacking libpython3.11-testsuite (3.11.2-6+deb12u6) …
Selecting previously unselected package python3.11-doc.
Preparing to unpack …/06-python3.11-doc_3.11.2-6+deb12u6_all.deb …
Unpacking python3.11-doc (3.11.2-6+deb12u6) …
Selecting previously unselected package python3-doc.
Preparing to unpack …/07-python3-doc_3.11.2-1_all.deb …
Unpacking python3-doc (3.11.2-1) …
Selecting previously unselected package python3.11-examples.
Preparing to unpack …/08-python3.11-examples_3.11.2-6+deb12u6_all.deb …
Unpacking python3.11-examples (3.11.2-6+deb12u6) …
Selecting previously unselected package python3-examples.
Preparing to unpack …/09-python3-examples_3.11.2-1_all.deb …
Unpacking python3-examples (3.11.2-1) …
Selecting previously unselected package python3-gdbm:arm64.
Preparing to unpack …/10-python3-gdbm_3.11.2-3_arm64.deb …
Unpacking python3-gdbm:arm64 (3.11.2-3) …
Selecting previously unselected package python3.11-full.
Preparing to unpack …/11-python3.11-full_3.11.2-6+deb12u6_arm64.deb …
Unpacking python3.11-full (3.11.2-6+deb12u6) …
Selecting previously unselected package python3-full.
Preparing to unpack …/12-python3-full_3.11.2-1+b1_arm64.deb …
Unpacking python3-full (3.11.2-1+b1) …
Setting up fonts-mathjax (2.7.9+dfsg-1) …
Setting up libjs-mathjax (2.7.9+dfsg-1) …
Setting up libpython3.11-testsuite (3.11.2-6+deb12u6) …
Setting up python3-gdbm:arm64 (3.11.2-3) …
Setting up 2to3 (3.11.2-1) …
Setting up python3.11-doc (3.11.2-6+deb12u6) …
Setting up python3.11-examples (3.11.2-6+deb12u6) …
Setting up idle-python3.11 (3.11.2-6+deb12u6) …
Setting up python3-doc (3.11.2-1) …
Setting up idle (3.11.2-1) …
Setting up python3-examples (3.11.2-1) …
Setting up python3.11-full (3.11.2-6+deb12u6) …
Setting up python3-full (3.11.2-1+b1) …
Processing triggers for mailcap (3.70+nmu1) …
Processing triggers for fontconfig (2.14.1-4) …
Processing triggers for desktop-file-utils (0.26-1) …
Processing triggers for gnome-menus (3.36.0-1.1) …
Processing triggers for man-db (2.11.2-2) …
stevenroc@stevenroc:~ $ sudo mkdir -p /opt/certbot
stevenroc@stevenroc:~ $ sudo python3 -m venv /opt/certbot
stevenroc@stevenroc:~ $ sudo /opt/certbot/bin/pip install certbot certbot-dns-aliyun
Looking in indexes: https://pypi.org/simple, https://www.piwheels.org/simple
Collecting certbot
Downloading https://www.piwheels.org/simple/certbot/certbot-5.3.1-py3-none-any.whl (412 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 413.0/413.0 kB 20.8 kB/s eta 0:00:00
Collecting certbot-dns-aliyun
Downloading https://archive1.piwheels.org/simple/certbot-dns-aliyun/certbot_dns_aliyun-2.0.0-py2.py3-none-any.whl (11 kB)
Collecting acme>=5.3.1
Downloading https://www.piwheels.org/simple/acme/acme-5.3.1-py3-none-any.whl (94 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 95.0/95.0 kB 179.7 kB/s eta 0:00:00
Collecting ConfigArgParse>=1.5.3
Downloading https://www.piwheels.org/simple/configargparse/configargparse-1.7.1-py3-none-any.whl (25 kB)
Collecting configobj>=5.0.6
Downloading https://www.piwheels.org/simple/configobj/configobj-5.0.9-py2.py3-none-any.whl (35 kB)
Collecting cryptography>=43.0.0
Downloading cryptography-46.0.5-cp311-abi3-manylinux_2_34_aarch64.whl (4.3 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 4.3/4.3 MB 6.9 MB/s eta 0:00:00
Collecting distro>=1.0.1
Downloading https://www.piwheels.org/simple/distro/distro-1.9.0-py3-none-any.whl (20 kB)
Collecting josepy>=2.0.0
Downloading https://www.piwheels.org/simple/josepy/josepy-2.2.0-py3-none-any.whl (29 kB)
Collecting parsedatetime>=2.6
Downloading https://www.piwheels.org/simple/parsedatetime/parsedatetime-2.6-py3-none-any.whl (42 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 42.5/42.5 kB 3.6 MB/s eta 0:00:00
Collecting pyrfc3339
Downloading https://www.piwheels.org/simple/pyrfc3339/pyrfc3339-2.1.0-py3-none-any.whl (6.8 kB)
Collecting mock
Downloading https://www.piwheels.org/simple/mock/mock-5.2.0-py3-none-any.whl (31 kB)
Requirement already satisfied: setuptools in /opt/certbot/lib/python3.11/site-packages (from certbot-dns-aliyun) (66.1.1)
Collecting PyOpenSSL>=25.0.0
Downloading https://www.piwheels.org/simple/pyopenssl/pyopenssl-25.3.0-py3-none-any.whl (57 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 57.3/57.3 kB 4.2 MB/s eta 0:00:00
Collecting requests>=2.25.1
Downloading https://www.piwheels.org/simple/requests/requests-2.32.5-py3-none-any.whl (64 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 64.7/64.7 kB 100.8 kB/s eta 0:00:00
Collecting cffi>=2.0.0
Downloading cffi-2.0.0-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl (216 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 216.5/216.5 kB 7.6 MB/s eta 0:00:00
Collecting pycparser
Downloading https://www.piwheels.org/simple/pycparser/pycparser-3.0-py3-none-any.whl (48 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 48.2/48.2 kB 160.1 kB/s eta 0:00:00
Collecting typing-extensions>=4.9
Downloading https://www.piwheels.org/simple/typing-extensions/typing_extensions-4.15.0-py3-none-any.whl (44 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 44.6/44.6 kB 3.6 MB/s eta 0:00:00
Collecting charset_normalizer<4,>=2
Downloading charset_normalizer-3.4.4-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl (147 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 147.3/147.3 kB 6.4 MB/s eta 0:00:00
Collecting idna<4,>=2.5
Downloading https://www.piwheels.org/simple/idna/idna-3.11-py3-none-any.whl (71 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 71.0/71.0 kB 246.3 kB/s eta 0:00:00
Collecting urllib3<3,>=1.21.1
Downloading https://www.piwheels.org/simple/urllib3/urllib3-2.6.3-py3-none-any.whl (131 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 131.6/131.6 kB 484.9 kB/s eta 0:00:00
Collecting certifi>=2017.4.17
Downloading https://www.piwheels.org/simple/certifi/certifi-2026.1.4-py3-none-any.whl (152 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 152.9/152.9 kB 573.2 kB/s eta 0:00:00
Installing collected packages: parsedatetime, urllib3, typing-extensions, pyrfc3339, pycparser, mock, idna, distro, configobj, ConfigArgParse, charset_normalizer, certifi, requests, cffi, cryptography, PyOpenSSL, josepy, acme, certbot, certbot-dns-aliyun
Successfully installed ConfigArgParse-1.7.1 PyOpenSSL-25.3.0 acme-5.3.1 certbot-5.3.1 certbot-dns-aliyun-2.0.0 certifi-2026.1.4 cffi-2.0.0 charset_normalizer-3.4.4 configobj-5.0.9 cryptography-46.0.5 distro-1.9.0 idna-3.11 josepy-2.2.0 mock-5.2.0 parsedatetime-2.6 pycparser-3.0 pyrfc3339-2.1.0 requests-2.32.5 typing-extensions-4.15.0 urllib3-2.6.3
stevenroc@stevenroc:~ $ sudo ln -sf /opt/certbot/bin/certbot /usr/local/bin/certbot
stevenroc@stevenroc:~ $ certbot –version
certbot 5.3.1
stevenroc@stevenroc:~ $ certbot plugins | grep aliyun
* dns-aliyun
Entry point: EntryPoint(name=’dns-aliyun’,
value=’certbot_dns_aliyun.dns_aliyun:Authenticator’, group=’certbot.plugins’)
stevenroc@stevenroc:~ $ sudo tee /etc/letsencrypt/aliyun.ini > /dev/null <<EOF
> dns_aliyun_access_key =LTAI5tL5WczcEjZTQRov3sGa
> dns_aliyun_access_key_secret =mudlqruUKkaaVdiyW9FFmjMsEIHkSb
> EOF
stevenroc@stevenroc:~ $ sudo chmod 600 /etc/letsencrypt/aliyun.ini
stevenroc@stevenroc:~ $ sudo chown stevenroc:stevenroc /etc/letsencrypt/aliyun.ini
stevenroc@stevenroc:~ $ sudo mkdir -p /etc/letsencrypt/archive
stevenroc@stevenroc:~ $ sudo chown stevenroc:stevenroc /etc/letsencrypt/archive
stevenroc@stevenroc:~ $ sudo certbot certonly –authenticator dns-aliyun –dns-aliyun-credentials /etc/letsencrypt/aliyun.ini -d c.zhonjin.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for c.zhonjin.com
Waiting 30 seconds for DNS changes to propagate

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/c.zhonjin.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/c.zhonjin.com/privkey.pem
This certificate expires on 2026-05-23.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – -再次确认stevenroc权限
stevenroc@stevenroc:~ $ sudo chown stevenroc:stevenroc /etc/letsencrypt/archive/

标签:

您可能还喜欢...

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注