Recently, it was found that the SSL certificate of a website built on a VPS has expired, and accessing the HTTPS link will prompt that it is unsafe. After checking, the environment used by the server is the LNMP environment package. This certificate is automatically created and deployed Let's Encrypt free certificate using the lnmp dnsssl command in LNMP 1.5. The validity period of Let's Encrypt certificate is three months. If you use the API provided by the DNS service provider, it can be automatically renewed. However, this machine seems to fail to update automatically for some reasons.
Since the relevant parameters have been configured before, it is better to update them manually. However, after checking, it is found that although LNMP 1.5 supports automatic update of certificates on a regular basis, there is no command for manual update after automatic update fails. However, it was found that LNMP started from version 1.5, and the processing of SSL certificates was implemented through the acme.sh script.
In short, acme.sh is a program (script) that can be used to generate free certificates from Let's Encryption. If certificates and APIs have been configured before, new certificates can be generated directly by "one click", so it is good to manually run acme.sh to update certificates.
Note that if you manually install acme.sh, the default path is "~/acme. sh/", while the LNMP environment places the file under "/usr/local/acme. sh/". You can see this on the relevant page of LNMP and the prompt under the shell.
Operation command
After knowing the situation, the next step is simple. First, enter the directory where acme.sh is located at the command line. The command is as follows
cd /usr/local/acme.sh/
Execute the ls command to see the files in the directory
Then execute the following command to manually update the certificate of the domain name
Acme.sh -- renew - d domain name
Note that this command is for domain names for which certificates have been created before; The "domain name" is replaced by the domain name of the SSL certificate to be updated, which needs to be the same as the domain name used when adding the certificate in LNMP at that time
If there is no accident, acme.sh will start to work. It will automatically update the DNS record using the API, and then apply for issuing a new SSL certificate. If successful, it will prompt“ Cert success. ”And will automatically restart nginx to make the new certificate effective (it needs to wait at least two minutes)
OK, So far, the SSL certificate has been successfully updated manually
Of course, one more thing needs to be emphasized. This method of manually updating certificates is aimed at the situation that in the LNMP environment, the APIs provided by DNS service providers have been used to automatically create SSL certificates. If the original way of adding a certificate does not support automatic renewal, you still need to manually recreate the certificate in LNMP.
Attachment: Related Links
If you need more information about the automatic renewal of certificates in the VPS environment, perhaps the following content can help you
