Let's Encrypt错误:expected ../cert.pem to be a symlink, Renewal configuration file ....conf is broken
發表於 : 2019-09-28 10:12:03
https://blog.csdn.net/qq285744011/artic ... s/90214729
错误提示
certbot renew
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/xxx.com/cert.pem to be a symlink
Renewal configuration file /etc/letsencrypt/renewal/xxx.com.conf is broken. Skipping.
certbot update_symlinks
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Expected /etc/letsencrypt/live/xxx.com/cert.pem to be a symlink
问题关键
我们换了VPS服务器以后(使用了rsync远程复制文件),let‘s encrypt不能更新了。
问题的关键是:
/etc/letsencrypt/live/xxx.com/cert.pem等文件不是软连接了,造成写入失败。
解决办法
(请将以下的xxx.com修改为你的域名)
cd /etc/letsencrypt/
chmod -R 0755 live/
chmod -R 0755 renewal/
chmod -R 0755 archive/
cd live/xxx.com/
rm ./*.*
ln -s ../../archive/xxx.com/cert1.pem .
ln -s ../../archive/xxx.com/chain1.pem .
ln -s ../../archive/xxx.com/fullchain1.pem .
ln -s ../../archive/xxx.com/privkey1.pem .
mv cert1.pem cert.pem
mv chain1.pem chain.pem
mv fullchain1.pem fullchain.pem
mv privkey1.pem privkey.pem
cd /etc/letsencrypt/
然后就可以certbot renew了,建议先certbot update_symlinks
来看一下正确的子文件列表:(软连接指向的文件为最新的文件,如cert9.pem)
root@vps:/etc/letsencrypt/live/xxx.com# ls -al
total 28
drwxr-xr-x 2 root root 4096 May 13 10:25 ./
drwxr-xr-x 354 root root 20480 May 13 10:00 ../
lrwxrwxrwx 1 root root 37 May 13 10:25 cert.pem -> ../../archive/xxx.com/cert9.pem
lrwxrwxrwx 1 root root 38 May 13 10:25 chain.pem -> ../../archive/xxx.com/chain9.pem
lrwxrwxrwx 1 root root 42 May 13 10:25 fullchain.pem -> ../../archive/xxx.com/fullchain9.pem
lrwxrwxrwx 1 root root 40 May 13 10:25 privkey.pem -> ../../archive/xxx.com/privkey9.pem
-rw-r--r-- 1 root root 543 Mar 6 10:43 README
————————————————
版权声明:本文为CSDN博主「Rudon滨海渔村」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/qq285744011/artic ... s/90214729
错误提示
certbot renew
certbot.errors.CertStorageError: expected /etc/letsencrypt/live/xxx.com/cert.pem to be a symlink
Renewal configuration file /etc/letsencrypt/renewal/xxx.com.conf is broken. Skipping.
certbot update_symlinks
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Expected /etc/letsencrypt/live/xxx.com/cert.pem to be a symlink
问题关键
我们换了VPS服务器以后(使用了rsync远程复制文件),let‘s encrypt不能更新了。
问题的关键是:
/etc/letsencrypt/live/xxx.com/cert.pem等文件不是软连接了,造成写入失败。
解决办法
(请将以下的xxx.com修改为你的域名)
cd /etc/letsencrypt/
chmod -R 0755 live/
chmod -R 0755 renewal/
chmod -R 0755 archive/
cd live/xxx.com/
rm ./*.*
ln -s ../../archive/xxx.com/cert1.pem .
ln -s ../../archive/xxx.com/chain1.pem .
ln -s ../../archive/xxx.com/fullchain1.pem .
ln -s ../../archive/xxx.com/privkey1.pem .
mv cert1.pem cert.pem
mv chain1.pem chain.pem
mv fullchain1.pem fullchain.pem
mv privkey1.pem privkey.pem
cd /etc/letsencrypt/
然后就可以certbot renew了,建议先certbot update_symlinks
来看一下正确的子文件列表:(软连接指向的文件为最新的文件,如cert9.pem)
root@vps:/etc/letsencrypt/live/xxx.com# ls -al
total 28
drwxr-xr-x 2 root root 4096 May 13 10:25 ./
drwxr-xr-x 354 root root 20480 May 13 10:00 ../
lrwxrwxrwx 1 root root 37 May 13 10:25 cert.pem -> ../../archive/xxx.com/cert9.pem
lrwxrwxrwx 1 root root 38 May 13 10:25 chain.pem -> ../../archive/xxx.com/chain9.pem
lrwxrwxrwx 1 root root 42 May 13 10:25 fullchain.pem -> ../../archive/xxx.com/fullchain9.pem
lrwxrwxrwx 1 root root 40 May 13 10:25 privkey.pem -> ../../archive/xxx.com/privkey9.pem
-rw-r--r-- 1 root root 543 Mar 6 10:43 README
————————————————
版权声明:本文为CSDN博主「Rudon滨海渔村」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/qq285744011/artic ... s/90214729