如何使SSL允许在Ubuntu上加密证书自动更新

Question

如何使这个证书每次都能自动更新，这样我就不必手动更新它，否则它就会自动更新？

ssl_certificate /etc/letsencrypt/live/www.vgopromo.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.vgopromo.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot




add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot


ssl_trusted_certificate /etc/letsencrypt/live/www.vgopromo.com/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot

我有ubuntu，nginx等等，我使用的是letsencrypt。

编辑:就像杰拉尔德·施耐德()建议的那样，默认情况下，在ubuntu自动更新上安装certbot，我该如何检查呢？

root@ubuntu-s-1vcpu-1gb-amd-sfo3-01:~# certbot -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: vgopromo.com
2: www.vgopromo.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 

Answer 1

/etc/cron.day/certbot

#!/bin/sh

/usr/local/bin/certbot renew --renew-hook "systemctl reload nginx"

(或apache2代替nginx)

但无论如何，我建议您注意证书，有时更新可能会失败(因为cron失败，或者有人更改了网站的根，或者添加了重写规则或一些DNS名称停止工作)，我建议使用陈列品。

sudo showcert -q :le -w20 || echo panic

(当证书即将到期时，请给自己发送邮件或做任何其他警告)

免责声明:展示是我的业余爱好。