問題描述:
我們使用certbot的https秘鑰生成服務,創建了https網站。不過在使用”certbot renew”命令更新https秘鑰時遇到如下問題,
Tue Dec 28 14:13:02 CST 2021=> certbot renew…
/usr/lib/python2.7/site-packages/OpenSSL/crypto.py:14: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.
from cryptography import utils, x509
Failed to renew certificate xxx.com with error: HTTPSConnectionPool(host=’acme-v02.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)],)”,),))
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/xxx.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
格式有點亂,問題的截圖如下:
這個問題不太常見,在google/baidu一頓猛搜沒有找到合適的答案。
後來經過不斷反複嘗試,發現一個簡單命令可以解決問題。
解決方案:
使用命令”yum install ca-certificates”, 安裝相關的組件,然後重新執行certbot renew即可。
注意:我的服務器是centos操作係統,用yum這個安裝命令。其他的係統可用”apt install ca-certificates”等。
執行”yum install ca-certificates”命令後,安裝的package如下
以上。