Trojan 服务器证书续期操作方法
Trojan 服务器证书续期操作方法
之前使用一键脚本安装了trojan:https://raw.githubusercontent.com/V2RaySSR/Trojan/master/Trojan.sh
一段时间后发现证书过期了
[2020-09-05 09:08:18] [ERROR] 223.167.65.67:22013 SSL handshake failed: sslv3 alert certificate expired
[2020-09-05 09:08:18] [INFO] 223.167.65.67:22013 disconnected, 0 bytes received, 0 bytes sent, lasted for 1 seconds
[2020-09-05 09:08:23] [ERROR] 223.167.65.67:22021 SSL handshake failed: sslv3 alert certificate expired
[2020-09-05 09:08:23] [INFO] 223.167.65.67:22021 disconnected, 0 bytes received, 0 bytes sent, lasted for 3 seconds
故提取出一个脚本来续签证书:
服务端:
重新对旧域名进行重新申请证书:
[root@iZj6c4791g6txxko9zveo2Z ~]# cd /usr/src/trojan-cert/
[root@iZj6c4791g6txxko9zveo2Z trojan-cert]# ls
4864369_trojan.hxdevs.com.key 4864369_trojan.hxdevs.com.pem fullchain.cer private.key
[root@iZj6c4791g6txxko9zveo2Z trojan-cert]#
curl https://get.acme.sh | sh
~/.acme.sh/acme.sh --issue -d 域名 --webroot /usr/share/nginx/html/
~/.acme.sh/acme.sh --installcert -d 域名 --key-file /usr/src/trojan-cert/private.key --fullchain-file /usr/src/trojan-cert/fullchain.cer --reloadcmd "systemctl force-reload nginx.service"
+++
~/.acme.sh/acme.sh --issue -d trojan.hxdevs.com --webroot /usr/share/nginx/html/
~/.acme.sh/acme.sh --installcert -d trojan.hxdevs.com --key-file /usr/src/trojan-cert/4864369_trojan.hxdevs.com.key --fullchain-file /usr/src/trojan-cert/4864369_trojan.hxdevs.com.pem --reloadcmd "systemctl force-reload nginx.service"
+++
然后重启trojan
systemctl stop trojan.service
systemctl start trojan.service
客户端:
将服务端的fullchain.cer文件也就是4864369_trojan.hxdevs.com.pem文件,复制到客户端对应的fullchain.cer文件,重启客户端的服务
以上就完成了trojan证书的续期
