I-LetsEncrypt, enikezela ngezitifiketi ze-SSL zamahhala zokubethela, iphoqeleka ukuthi ihoxise ezinye izitifiketi.
Inkinga ihlobene ne
Yini iphutha? Uma isicelo sesitifiketi siqukethe izizinda ezingu-N ezidinga ukuqinisekiswa okuphindaphindiwe kwe-CAA, i-Boulder ikhetha esisodwa sazo futhi isiqinisekise izikhathi ezingu-N. Ngenxa yalokho, ukwazile ukukhipha isitifiketi ngisho noma kamuva (kufika ezinsukwini ezingu-X+30) usethe irekhodi le-CAA elivimbela ukukhishwa kwesitifiketi se-LetsEncrypt.
Ukuze uqinisekise izitifiketi, inkampani isilungisile
Abasebenzisi abathuthukile bangenza yonke into ngokwabo besebenzisa imiyalo elandelayo:
# ΠΏΡΠΎΠ²Π΅ΡΠΊΠ° https
openssl s_client -connect example.com:443 -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# Π²Π°ΡΠΈΠ°Π½Ρ ΠΏΡΠΎΠ²Π΅ΡΠΊΠΈ ΠΎΡ @simpleadmin
echo | openssl s_client -connect example.com:443 |& openssl x509 -noout -serial
# ΠΏΡΠΎΠ²Π΅ΡΠΊΠ° ΠΏΠΎΡΡΠΎΠ²ΠΎΠ³ΠΎ ΡΠ΅ΡΠ²Π΅ΡΠ°, ΠΏΡΠΎΡΠΎΠΊΠΎΠ» SMTP
openssl s_client -connect example.com:25 -starttls smtp -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# ΠΏΡΠΎΠ²Π΅ΡΠΊΠ° ΠΏΠΎΡΡΠΎΠ²ΠΎΠ³ΠΎ ΡΠ΅ΡΠ²Π΅ΡΠ°, ΠΏΡΠΎΡΠΎΠΊΠΎΠ» SMTP
openssl s_client -connect example.com:587 -starttls smtp -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# ΠΏΡΠΎΠ²Π΅ΡΠΊΠ° ΠΏΠΎΡΡΠΎΠ²ΠΎΠ³ΠΎ ΡΠ΅ΡΠ²Π΅ΡΠ°, ΠΏΡΠΎΡΠΎΠΊΠΎΠ» IMAP
openssl s_client -connect example.com:143 -starttls imap -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# ΠΏΡΠΎΠ²Π΅ΡΠΊΠ° ΠΏΠΎΡΡΠΎΠ²ΠΎΠ³ΠΎ ΡΠ΅ΡΠ²Π΅ΡΠ°, ΠΏΡΠΎΡΠΎΠΊΠΎΠ» IMAP
openssl s_client -connect example.com:993 -showcerts </dev/null 2>/dev/null | openssl x509 -text -noout | grep -A 1 Serial Number | tr -d :
# Π² ΠΏΡΠΈΠ½ΡΠΈΠΏΠ΅ Π°Π½Π°Π»ΠΎΠ³ΠΈΡΠ½ΠΎ ΠΏΡΠΎΠ²Π΅ΡΡΡΡΡΡ ΠΈ Π΄ΡΡΠ³ΠΈΠ΅ ΡΠ΅ΡΠ²ΠΈΡΡ
Okulandelayo udinga ukubheka
Ukuze ubuyekeze izitifiketi, ungasebenzisa i-certbot:
certbot renew --force-renewal
Inkinga yatholwa ngoFebhuwari 29, 2020; ukuze kuxazululwe inkinga, ukukhishwa kwezitifiketi kwamiswa kusukela ku-3:10 UTC kuya ku-5:22 UTC. Ngokophenyo lwangaphakathi, iphutha lenziwe ngoJulayi 25, 2019; inkampani izohlinzeka ngombiko onemininingwane eminingi kamuva.
I-UPD: isevisi yokuqinisekisa isitifiketi eku-inthanethi ingase ingasebenzi kumakheli ase-IP aseRussia.
Source: www.habr.com