为了提高对搜索引擎SEO的友好性,网站开启了https。但是最近访问个人网站时发现浏览器提示不安全,原因是 https证书失效了,但是当初使用的 certbot 本应该自动更新 https 证书的。于是查找原因,先尝试手动更新证书。执行命令:
# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Processing /etc/letsencrypt/renewal/codebye.com.conf
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for codebye.com
Cleaning up challenges
Attempting to renew cert (codebye.com) from /etc/letsencrypt/renewal/codebye.com.conf produced an unexpected error: ‘ascii’ codec can’t decode byte 0xe5 in position 2: ordinal not in range(128). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/codebye.com/fullchain.pem (failure)
调查发现错误原因: nginx 配置文件中包含中文注释,去掉中文字符即可。估计下次到期应该会自动更新网站的https证书了,等过期时间再观察一下。