如何续订AWS Load Balancer中的letsencrypt证书？

Question

我用letsencrypt生成带有独立选项的SSL证书，然后我成功生成了一个SSL证书。

我去AWS负载平衡器的端口433来配置一个监听器和使用，我之前生成的SSL证书在这种弹出的导入：

然后一切工作，现在我想要更新此SSL证书。我跟着这instruction续签我的证书。

我想：

./certbot-auto更新--standalone

=> Checking for new version... 
Requesting root privileges to run certbot... 
    /root/.local/share/letsencrypt/bin/letsencrypt renew --standalone 
No renewals were attempted. 

或者重新取得该证书./certbot-auto certonly --standalone

Failed authorization procedure. www.atoha.com (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Incorrect validation certificate for TLS-SNI-01 challenge. Requested ef39667c9d782884f8157f30f3e85e81.fb4436208f9bc7c8bdeb19356bb090f2.acme.invalid from 54.179.140.152:443. Received certificate containing 'www.my_domain.com' 

IMPORTANT NOTES: 
- The following errors were reported by the server: 

    Domain: www.my_domain.com 
    Type: unauthorized 
    Detail: Incorrect validation certificate for TLS-SNI-01 challenge. 
    Requested ef39667c9d782884f8157f30f3e85e81.fb4436208f9bc7c8bdeb1935 
    6bb090f2.acme.invalid from 54.179.140.152:443. Received certificate 
    containing 'www.my_domain.com' 

    To fix these errors, please make sure that your domain name was 
    entered correctly and the DNS A record(s) for that domain 
    contain(s) the right IP address. 

这意味着我的证书是正确生成的，现在我想知道如何更新它，因为它已经快到期了！

谢谢！

Answer 1

你可以试试这个：

bash /opt/letsencrypt/letsencrypt-auto -t --renew-by-default --server https://acme-v01.api.letsencrypt.org/directory certonly --agree-tos --email 'your@email.com' --webroot --webroot-path 'yourwebdirectory_publichtml' -d yourdomain.com -d www.yourdomain.com

其中/opt/letsencrypt/ =您的letsencrypt目录位置

，然后地方（复制粘贴）。质子交换膜的文件的内容到您的AWS ELB（我通常使用在Linux中的猫）：

• 私钥---> privkey.pem

• 公钥证书---> fullchain.pem

• 证书链--->无需填写此

Answer 2

我用​​自动处理在AWS上自动续期。目前它唯一不做的事情是删除旧证书。