Last update at :2024-06-28,Edit by888u
A few days ago, I received feedback from a customer of the company that their website could not be opened. In fact, after checking, it was because the free Let’s Encrypt certificate used did not renew automatically. Generally, it is recommended to pay for a certificate on the customer website. Generally, the purchase period is two years. This saves the need to replace the certificate and upgrade it during renewal, or the trouble caused by the Let\\’s Encrypt certificate not being automatically renewed this time.
I have encountered the problem of automatic renewal of Let\\'s Encrypt before, and I was too lazy to look up the specific problem. After encountering the problem, I directly issued a manual command to upgrade the certificate. Most of the time, the upgrade can be successful, because The built-in certificate scheduled tasks can be seen in crontab. You can directly copy the script manually to upgrade, and then restart Nginx.
It took me more than ten minutes to find a solution. It seems that this server is not configured by me. I usually configure Nginx and this server is Apache. So in order to save time, I will not solve this problem anymore. I plan to configure it from Tencent Cloud. Apply for a free SSL certificate for one year, and then replace this one. At least it will not need to be renewed for one year.
Snail has previously shared related articles about SSL certificates:
1. Methods to merge or back up the Let\\’s Encrypt SSL certificate in the server
2. LNMP one-click environment quick configuration Let\\’s Encrypt pan-analytic SSL certificate tutorial
3. Use Alibaba Cloud DNS API to quickly apply for Let\\’s Encrypt pan-domain SSL certificate
First, apply for a free certificate from Tencent Cloud
Here we go directly to the Tencent Cloud backend to apply for the free certificate shown in the picture above.
Here we continue following the wizard normally.
Enter the domain name and email address as prompted, and then verify ownership as required.
The snail will not be repeated here, we will verify the ownership as needed. After the verification is completed, it will automatically succeed, which will take a few minutes, and then the certificate will be downloaded.
Second, replace the Let\\’s Encrypt certificate
Replace the downloaded certificate file with the certificate file in the directory corresponding to \\\"/usr/local/apache/conf/ssl\\\". The direct name should be consistent, thus saving the need to replace the configuration file.
After downloading the Tencent Cloud free certificate, you can see that there are Nginx, Apache, IIS and other environments. Here I see that the current server is Apache, so I use the files in the Apache package. Merge 1_root_bundle.crt into the crt file of the domain name suffix.
service httpd restart
Then restart Apache to take effect.
Problem solved.
In this way, temporarily replace this website that does not have a regularly renewed Let\\'s Encrypt certificate with a temporary Tencent Cloud free one-year SSL certificate. It is guaranteed to be open. There will be more questions later about why there is no automatic renewal. Time to study again.
Recommended site search: server in the United States, free cn domain name registration, how to query IP address, domain name registration website website registration information, .net virtual host, monthly payment space, domain name query, godaddy registered domain name, Hong Kong host high defense, < /p>
发表评论