社区论坛上的许多用户报告说,他们在尝试扩展现有证书时遇到了困难。 我能够使用certbot
0.10.0 在干净的 Ubuntu 16.04 安装上进行复制。 我测试了独立和 apache,所以它可能不是特定于插件的。
要重现的命令,包括输出:
root<strong i="8">@debug</strong>:~# ./certbot-auto certonly --standalone -d 1.debug.le.pf.vc -d 2.debug.le.pf.vc --staging --register-unsafely-without-email
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for 1.debug.le.pf.vc
tls-sni-01 challenge for 2.debug.le.pf.vc
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/1.debug.le.pf.vc/fullchain.pem. Your cert
will expire on 2017-04-13. To obtain a new or tweaked version of
this certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
root<strong i="9">@debug</strong>:~# ./certbot-auto certonly --standalone -d 1.debug.le.pf.vc -d 2.debug.le.pf.vc -d 3.debug.le.pf.vc --staging --register-unsafely-without-email
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/1.debug.le.pf.vc.conf)
It contains these names: 1.debug.le.pf.vc, 2.debug.le.pf.vc
You requested these names for the new certificate: 1.debug.le.pf.vc,
2.debug.le.pf.vc, 3.debug.le.pf.vc.
Do you want to expand and replace this existing certificate with the new
certificate?
-------------------------------------------------------------------------------
(E)xpand/(C)ancel: e
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for 1.debug.le.pf.vc
tls-sni-01 challenge for 2.debug.le.pf.vc
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/1.debug.le.pf.vc/fullchain.pem. Your cert
will expire on 2017-04-13. To obtain a new or tweaked version of
this certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
root<strong i="10">@debug</strong>:~# openssl x509 -text -noout -in /etc/letsencrypt/live/1.debug.le.pf.vc/cert.pem | grep DNS
DNS:1.debug.le.pf.vc, DNS:2.debug.le.pf.vc
原始报告:
https://community.letsencrypt.org/t/expands-not-working-on-pre-existing-cert-requests/25605?u=pfg
https://community.letsencrypt.org/t/workaround-for-5-domain-limit/25651?u=pfg
感谢错误报告@patf。 我们希望今天能解决这个问题。
我在 Ubuntu 17.04 和 certbot 0.17.0 上仍然有这个确切的问题。 在 certbot 日志中一切正常,直到我在 Web 浏览器中尝试子域,在这种情况下,我会发现名称不匹配。
@BadassOverlord ,这个精确的错误已经关闭,所以听起来它可能是一个具有类似效果的不同问题。 我建议在社区论坛上发布有关此内容的信息,包括“新主题”页面推荐的所有信息,以帮助调试问题。
最有用的评论
感谢错误报告@patf。 我们希望今天能解决这个问题。