更新 SSL 证书时出现如下问题:
$ certbot renew --dry-run
...
Attempting to renew cert (banana-6lfueg4a.pai.tcloudbase.com) from /etc/letsencrypt/renewal/banana-6lfueg4a.pai.tcloudbase.com.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/banana-6lfueg4a.pai.tcloudbase.com/fullchain.pem (failure)
...
原因:
更新 SSL 证书时需占用 80 端口,但该端口已经被 nginx 占用了。
解决方式 1(只解决一次):
$ yum install python-certbot-nginx -y
$ certbot renew --nginx
解决方式 2(一劳永逸):
$ yum install python-certbot-nginx -y
$ sed -i "s/renew/renew --nginx/g" /usr/lib/systemd/system/certbot-renew.service
$ systemctl daemon-reload
$ systemctl start certbot-renew.service
参考
https://stackoverflow.com/questions/44855359/letencrypt-renewal-fails-could-not-bind-to-ipv4-or-ipv6-skipping/46415630