124
使用 Systemd 自动续期 Let's Encrypt 证书
source link: https://blog.nswebfrog.com/2017/12/14/letsencrypt-renew/?amp%3Butm_medium=referral
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
使用 Systemd 自动续期 Let's Encrypt 证书
Blogs New Blog Github About Subscribe 2017-12-14
| categories: server
今早发现 Melisandre 官网的 Let’s Encrypt 证书过期了,可是明明记得自己之前是配置了自动续期的啊。经过一番排查发现,原来之前使用的 certbot 官网推荐的 autorenew 方式,证书是刷新了,但是由于 nginx 没有重启,所以新证书没有生效。那准备改为使用 Systemd 来自动给证书续期。
先来添加一个 service:
$ sudo vim /etc/systemd/system/letsencrypt.service
[Unit]
Description=Let's Encrypt renewal
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew --quiet --agree-tos
ExecStartPost=/bin/systemctl reload nginx.service
然后添加一个 systemd timer 来定时触发这个服务:
$ sudo vim /etc/systemd/system/letsencrypt.timer
[Unit]
Description=Daily renewal of Let's Encrypt's certificates
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target
启动服务,开启 timer:
$ sudo systemctl enable letsencrypt.timer
$ sudo systemctl start letsencrypt.timer
可以通过命令 systemctl list-timers 来查看 systemd 所有的定时服务。
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK