Мне нужно запланировать автоматическое обновление сертификатов TLS моего сайта. Я использую Let's Encrypt в среде Amazon Lightsail Bitnami nginx. Я настроил его по инструкции на Документация Amazon Lightsail.
Однако когда я пытаюсь бежать sudo certbot renew Я получаю сообщение об ошибке:
Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
Attempting to renew cert from /etc/letsencrypt/renewal/domain.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
Итак, я пытаюсь выполнить следующую команду:
sudo certbot renew --dry-run --manual-auth-hook ./authenticate-hook.sh --manual-cleanup-hook ./authenticate-cleanup-hook.sh --authenticator standalone --pre-hook "/home/bitnami/stack/ctlscript.sh stop nginx" --post-hook "/home/bitnami/stack/ctlscript.sh start nginx"
Есть еще одна ошибка:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/domain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Running pre-hook command: /home/bitnami/stack/ctlscript.sh stop nginx
Output from ctlscript.sh:
Unmonitored nginx
/opt/bitnami/nginx/scripts/ctl.sh : Nginx stopped
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.
Attempting to renew cert (domain.com) from /etc/letsencrypt/renewal/domain.com.conf produced an unexpected error: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.. Skipping.
All renewal attempts failed. The following certs could not be renewed
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
All renewal attempts failed. The following certs could not be renewed
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Running post-hook command: /home/bitnami/stack/ctlscript.sh start nginx
Output from ctlscript.sh:
/opt/bitnami/nginx/scripts/ctl.sh : Nginx started
Monitored nginx
1 renew failure(s), 0 parse failure(s)
#!/bin/bash
mkdir -p /home/bitnami/apps/Domain/public/.well-known/acme-challenge
echo $CERTBOT_VALIDATION > /home/bitnami/apps/Domain/public/.well-known/acme-challenge/$CERTBOT_TOKEN
#!/bin/bash
rm -fr /home/bitnami/apps/Domain/public/.well-known
Кто-нибудь здесь успешно настроил Let's Encrypt на экземпляре, похожем на мой? Есть ли явные ошибки в командах, которые я запускаю? Спасибо!