@lniwn
2017-07-04T10:37:49.000000Z
字数 3967
阅读 685
博客
对于一些小型VPS,内存小于512M的,运行letsencrypt-auto -renew命令会报错,如下
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]:
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: reading manifest file 'src/cryptography.egg-info/SOURCES.txt'
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: reading manifest template 'MANIFEST.in'
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: no previously-included directories found matching 'docs/_build'
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: warning: no previously-included files matching '*' found under directory 'vectors'
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: writing manifest file 'src/cryptography.egg-info/SOURCES.txt'
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: running build_ext
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: generating cffi module 'build/temp.linux-x86_64-2.7/_padding.c'
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: creating build/temp.linux-x86_64-2.7
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: generating cffi module 'build/temp.linux-x86_64-2.7/_constant_time.c'
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: generating cffi module 'build/temp.linux-x86_64-2.7/_openssl.c'
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: building '_openssl' extension
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: creating build/temp.linux-x86_64-2.7/build
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: creating build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-lMBuS3/python2.7-2.7.12=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -I/usr/include/python2.7 -c build/temp.linux-x86_64-2.7/_openssl.c -o build/temp.linux-x86_64-2.7/build/temp.linux-x86_64-2.7/_openssl.o
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: x86_64-linux-gnu-gcc: internal compiler error: Killed (program cc1)
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: Please submit a full bug report,
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: with preprocessed source if appropriate.
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: See <file:///usr/share/doc/gcc-6/README.Bugs> for instructions.
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: error: command 'x86_64-linux-gnu-gcc' failed with exit status 4
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]:
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: ----------------------------------------
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: Command "/root/.local/share/letsencrypt/bin/python2.7 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-BIXRnF/cryptography/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: ', '
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: '), __file__, 'exec'))" install --record /tmp/pip-5L88MD-record/install-record.txt --single-version-externally-managed --compile --install-headers /root/.local/share/letsencrypt/include/site/python2.7/cryptography" failed with error code 1 in /tmp/pip-build-BIXRnF/cryptography
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: You are using pip version 8.0.3, however version 9.0.1 is available.
Jul 03 17:01:49 oaoa-sgp1 letsencrypt-auto[5462]: You should consider upgrading via the 'pip install --upgrade pip' command.
找了很久,终于在官网找到解决方案:
1.先申请虚拟内存
user@webserver:~$ sudo fallocate -l 1G /tmp/swapfile
user@webserver:~$ sudo chmod 600 /tmp/swapfile
user@webserver:~$ sudo mkswap /tmp/swapfile
user@webserver:~$ sudo swapon /tmp/swapfile
2.更新证书
3.销毁虚拟内存
user@webserver:~$ sudo swapoff /tmp/swapfile
user@webserver:~$ sudo rm /tmp/swapfile
1.安装python-certbot-nginx
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx
2.根据提示修改配置文件/etc/letsencrypt/renewal/.conf
post_hook = /bin/run-parts /etc/letsencrypt/post-hook.d/
renew_hook = /bin/run-parts /etc/letsencrypt/renew-hook.d/
pre_hook = /bin/run-parts /etc/letsencrypt/pre-hook.d/
3.测试自动更新是否正常
sudo certbot renew --dry-run