Comments (11)
Hi, you will need to configure trusted CA:
# required to verify Let's Encrypt API
lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
lua_ssl_verify_depth 2;
the path is dependent on your OS.
from lua-resty-acme.
Hi.
These settings are written initially.
`lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
lua_ssl_verify_depth 2;
ssl_certificate /etc/openresty/default.pem;
ssl_certificate_key /etc/openresty/default.key;
ssl_certificate_by_lua_block {
require("resty.acme.autossl").ssl_certificate()
}
location /.well-known {
content_by_lua_block {
require("resty.acme.autossl").serve_http_challenge()
}
}
/ # ls -l /etc/ssl/certs/ca-certificates.crt
-rw-r--r-- 1 root root 231411 Sep 9 13:48 /etc/ssl/certs/ca-certificates.crt
/ #
`
from lua-resty-acme.
Ah I see, we will need that two lua_ssl_* directives in http{}
block. Since the renewal timer is started in init_worker phase. I'll update the readme. Thanks for spotting this!
from lua-resty-acme.
I just updated the readme, feel free to re-open if issue persists.
from lua-resty-acme.
taking out to the http level - it works. Thanks. The certificate has been updated.
I see a very strange situation. To exclude any cache in the middle, I make requests locally. But I get different certificates. Here's an example. Requests with a difference of several seconds. The domain is just changed.
root@dev:~# curl -v --resolve somesite:443:127.0.0.1 https://somesite > /dev/stdout 2>&1| grep expire
* expire date: Tue, 17 Nov 2020 09:27:03 GMT
root@dev:~# curl -v --resolve somesite:443:127.0.0.1 https://somesite > /dev/stdout 2>&1| grep expire
* expire date: Tue, 09 Feb 2021 15:33:24 GMT
root@dev:~# curl -v --resolve somesite:443:127.0.0.1 https://somesite > /dev/stdout 2>&1| grep expire
* expire date: Tue, 17 Nov 2020 09:27:03 GMT
root@dev:~# curl -v --resolve somesite:443:127.0.0.1 https://somesite > /dev/stdout 2>&1| grep expire
* expire date: Tue, 17 Nov 2020 09:27:03 GMT
root@dev:~# curl -v --resolve somesite:443:127.0.0.1 https://somesite > /dev/stdout 2>&1| grep expire
* expire date: Tue, 17 Nov 2020 09:27:03 GMT
root@dev:~# curl -v --resolve somesite:443:127.0.0.1 https://somesite > /dev/stdout 2>&1| grep expire
* expire date: Tue, 09 Feb 2021 15:33:24 GMT
from lua-resty-acme.
@constantineav There's a cache of 1 hr, we don't actively invalidate cache right now. This can be improvement.
from lua-resty-acme.
Can I renew the certificate automatically after it has expired ? @fffonion
from lua-resty-acme.
@wangyp0701 yes
from lua-resty-acme.
I have multiple domain names that have expired, but they have not been renewed automatically. I deleted the redis key of one of them and regenerated a new certificate @fffonion
from lua-resty-acme.
@wangyp0701 Which version of library are you using? Let's also open a new issue instead of discussing in a closed one.
from lua-resty-acme.
All expired certificates are updated at zero
from lua-resty-acme.
Related Issues (20)
- 按照Synopsis的步骤操作之后,没有生效,访问网站发现使用的是fallback证书,如何查找原因呢? HOT 4
- check_renew() function is run whenever the nginx workers are reloaded HOT 3
- http-01 failed HOT 4
- How do I use ZeroSSL? HOT 3
- Error while trying to use subdomain with "_" simbol HOT 2
- How to use it? HOT 3
- -
- - HOT 1
- ZeroSSL integration failing to create account HOT 5
- How to configure other storage configs when in DB-less? HOT 2
- Zerossl config api_uri but error ngx.timer HOT 5
- Storage adapter not connect redis HOT 1
- -
- BoringSSL not working HTTP3 HOT 2
- error during acme login HOT 2
- get_certkey_parsed: Pass stale certificate if getting certificate from storage fails HOT 2
- Problem with update locks HOT 4
- Option to delete none whitelisted domains in certificate update HOT 2
- Check cache from domain_whitelist_callback? HOT 7
- Ability to block the first request until certs are created? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lua-resty-acme.