Centos7升级TLS-SNI和Certbot版本

Centos7升级TLS-SNI和Certbot版本

12 Mar 2019

最近收到一封来自Let's Encrypt的邮件,说我的TLS-SNI版本马上要失去支持,需要更新版本,于是记录一下此次更新的过程

 

首先更新Certbot

查看当前版本:

certbot --version || /usr/bin/certbot/certbot-auto --version

查看当前可用最新版本:

[root@qf19910623 ~]# yum list certbot
Loaded plugins: fastestmirror
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Loading mirror speeds from cached hostfile
 * base: mirror.vpshosting.com.hk
 * epel: mirror.layeronline.com
 * extras: mirror.vpshosting.com.hk
 * updates: mirror.vpshosting.com.hk
Installed Packages
certbot.noarch   0.19.0-1.el7  @epel
Available Packages
certbot.noarch  0.31.0-2.el7  epel

emmm...版本确实落后太多,需要更新一波了,话不多说,直接更新最新版:

yum update certbot.noarch

先停掉apache

service httpd stop

按Let's Encrypt升级文章说的清理旧文件并重新运行:

sh -c "sed -i.bak -e 's/^\(pref_challs.*\)tls-sni-01\(.*\)/\1http-01\2/g' /etc/letsencrypt/renewal/*
rm -f /etc/letsencrypt/renewal/*.bak"
certbot renew --dry-run

顺便更新一下现有的证书

certbot certonly --standalone --renew-by-default --email xxx@gmail.com -d xxx.com

重新启动apache

service httpd start

搞定啦!smiley