更新 SSL 證書時出現如下問題:
$ certbot renew --dry-run
...
Attempting to renew cert (banana-6lfueg4a.pai.tcloudbase.com) from /etc/letsencrypt/renewal/banana-6lfueg4a.pai.tcloudbase.com.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/banana-6lfueg4a.pai.tcloudbase.com/fullchain.pem (failure)
...
原因:
更新 SSL 證書時需佔用 80 端口,但該端口已經被 nginx 佔用了。
解決方式 1(只解決一次):
$ yum install python-certbot-nginx -y
$ certbot renew --nginx
解決方式 2(一勞永逸):
$ yum install python-certbot-nginx -y
$ sed -i "s/renew/renew --nginx/g" /usr/lib/systemd/system/certbot-renew.service
$ systemctl daemon-reload
$ systemctl start certbot-renew.service
參考
https://stackoverflow.com/questions/44855359/letencrypt-renewal-fails-could-not-bind-to-ipv4-or-ipv6-skipping/46415630