背景
由于我们使用Let’s Encrypt证书进行https部署 那么存在一个问题 证书有效期是3个月。因此需要定时更新!
在https的第三步之配置nginx 我们使用了crontab进行部署
但是发现证书并未更新~
报错如下
certbot: error: unrecognized arguments: –renew-hook /usr/bin/openresty -s reload
分析
首先查看对应的文档发现renew-hook被拆分了两个分别是pre-hook和post-hook
/data/certificate/certbot-auto -h renew
--pre-hook PRE_HOOK Command to be run in a shell before obtaining any
certificates. Intended primarily for renewal, where it
can be used to temporarily shut down a webserver that
might conflict with the standalone plugin. This will
only be called if a certificate is actually to be
obtained/renewed. When renewing several certificates
that have identical pre-hooks, only the first will be
executed. (default: None)
--post-hook POST_HOOK
Command to be run in a shell after attempting to
obtain/renew certificates. Can be used to deploy
renewed certificates, or to restart any servers that
were stopped by --pre-hook. This is only run if an
attempt was made to obtain/renew a certificate. If
multiple renewed certificates have identical post-
hooks, only one will be run. (default: None)
OK 那就更换一下名称结果仍然报错
/data/certificate/certbot-auto renew -–post-hook="/usr/bin/openresty -s reload"
usage:
certbot-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: -–post-hook /usr/bin/openresty -s reload
这个问题比较麻烦 如果真的出现https证书没有续期成功可能导致客户无法访问。
使出Google大法 发现如下issue
letsencrypt: error: unrecognized arguments: --renew-hook
I think the problem here is the hyphens before
post-hook
. Looking at what you posted above, the first hyphen is the "En Dash" Unicode character not found in standard ASCII, while the 2nd hyphen is the conventional one found in ASCII and most UNIX command lines. I expect fixing this so your command becomes:/opt/letsencrypt/certbot-auto renew --post-hook='nginx -s reload'
用普通话来说就是
我认为这里的问题是post-hook之前连字符。看你上面贴,第一个字符是“短破折号Unicode字符中没有标准ASCII,而第二个字符是传统的ASCII和大多数UNIX命令行中找到。我希望解决这个所以你的命令是:
因此删除自己的指令重新老老实实一个字一个字输入~
解决
/data/certificate/certbot-auto renew --post-hook='/usr/bin/openresty -s reload'
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/if-trial.f6car.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
一切OK