以下是伺服器環境:
1. 安裝snap
sudo snap install core; sudo snap refresh core
安裝完成會出現如下的訊息
core 16-2.58.2 from Canonical✓ installed
snap "core" has no updates available
2. 安裝certbot
sudo snap install --classic certbot
3. 設置cerbot cmd
sudo ln -s /snap/bin/certbot /usr/bin/certbot
4. 設置apache cerbot
然後按照問題去填寫就可以了
5. 啟動自動更新
sudo vim /etc/systemd/system/certbot.service
填寫以下設置
[Unit]
Description=Lets Encrypt renewal
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew --quiet --agree-tos
ExecStartPost=/bin/systemctl reload apache2.service
再開啟下面檔案
sudo vim /etc/systemd/system/certbot.timer
寫入以下設置:
[Unit]
Description=Twice daily renewal of Let's Encrypts certificates
[Timer]
OnCalendar=0/12:00:00
RandomizedDelaySec=1h
Persistent=true
[Install]
WantedBy=timers.target
啟動服務
systemctl enable --now certbot.timer
檢查服務執行狀況
sudo systemctl status certbot.timer
如果沒問題會出現下方訊息
● certbot.timer - Twice daily renewal of Let's Encrypts certificates
Loaded: loaded (/etc/systemd/system/certbot.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Wed 2023-02-22 08:12:45 CST; 35s ago
Trigger: Wed 2023-02-22 12:51:33 CST; 4h 38min left
Triggers: ● certbot.service
Feb 22 08:12:45 keenchief systemd[1]: Started Twice daily renewal of Let's Encrypt's certificates.
6. 測試更新
sudo certbot renew --dry-run
參考:
安裝certbot
https://certbot.eff.org/instructions?ws=apache&os=ubuntufocal&tab=standard
設置自動更新服務
https://gist.github.com/dbirks/0b659a149cab038ef696fd8a6274c48b 
