如何續訂AWS Load Balancer中的letsencrypt證書？

Question

我用letsencrypt生成帶有獨立選項的SSL證書，然後我成功生成了一個SSL證書。

我去AWS負載平衡器的端口433來配置一個監聽器和使用，我之前生成的SSL證書在這種彈出的導入：

然後一切工作，現在我想要更新此SSL證書。我跟着這instruction續簽我的證書。

我想：

./certbot-auto更新--standalone

=> Checking for new version... 
Requesting root privileges to run certbot... 
    /root/.local/share/letsencrypt/bin/letsencrypt renew --standalone 
No renewals were attempted. 

或者重新取得該證書./certbot-auto certonly --standalone

Failed authorization procedure. www.atoha.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested ef39667c9d782884f8157f30f3e85e81.fb4436208f9bc7c8bdeb19356bb090f2.acme.invalid from 54.179.140.152:443. Received certificate containing 'www.my_domain.com' 

IMPORTANT NOTES: 
- The following errors were reported by the server: 

    Domain: www.my_domain.com 
    Type: unauthorized 
    Detail: Incorrect validation certificate for TLS-SNI-01 challenge. 
    Requested ef39667c9d782884f8157f30f3e85e81.fb4436208f9bc7c8bdeb1935 
    6bb090f2.acme.invalid from 54.179.140.152:443. Received certificate 
    containing 'www.my_domain.com' 

    To fix these errors, please make sure that your domain name was 
    entered correctly and the DNS A record(s) for that domain 
    contain(s) the right IP address. 

這意味着我的證書是正確生成的，現在我想知道如何更新它，因爲它已經快到期了！

謝謝！

Answer 1

你可以試試這個：

bash /opt/letsencrypt/letsencrypt-auto -t --renew-by-default --server https://acme-v01.api.letsencrypt.org/directory certonly --agree-tos --email 'your@email.com' --webroot --webroot-path 'yourwebdirectory_publichtml' -d yourdomain.com -d www.yourdomain.com

其中/opt/letsencrypt/ =您的letsencrypt目錄位置

，然後地方（複製粘貼）。質子交換膜的文件的內容到您的AWS ELB（我通常使用在Linux中的貓）：

• 私鑰---> privkey.pem

• 公鑰證書---> fullchain.pem

• 證書鏈--->無需填寫此

Answer 2

我用​​自動處理在AWS上自動續期。目前它唯一不做的事情是刪除舊證書。