我需要知道我的证书存在“不安全”问题的确切原因。我不是真的很精通这项技术,所以不确定要检查什么。这是我尝试重新运行脚本时收到的消息:
/certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d mwosa.com -d www.mwosa.com
Requesting to rerun ./certbot-auto with root privileges...
./certbot-auto has insecure permissions!
To learn how to fix them, visit https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/
Upgrading certbot-auto 0.39.0 to 1.2.0...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mwosa.com
http-01 challenge for www.mwosa.com
Using the webroot path /opt/bitnami/apps/wordpress/htdocs for all unmatched domains.
Waiting for verification...
Cleaning up challenges
这看起来像是一条权限消息,可能是letencrypt文件夹需要写保护,包含certbot-auto的目录路径(包括在certbot-auto的绝对路径中访问的每个目录)不允许写入低特权用户。您可以按照说明在Certbot-auto deployment best practices中解决此问题。
如果必须写对/ opt的访问权限,那么任何人都可以做:
mv /opt/letsencrypt /opt/somethingelse
mkdir /opt/letsencrypt
echo 'echo owned >> /root/owned' > /opt/letsencrypt/letsencrypt-auto
chmod -R a+x /opt/letsencrypt
并且下次在根cronjob运行时将以root特权运行letencrypt-auto。