1 前言

一个问题，一篇文章，一出故事。
今天执行如下命令更新证书，

certbot certonly --nginx

可见如下错误输出，

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

然后执行如下命令检查nginx配置，

nginx -t

以下信息显示配置文件没有问题，

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

问题分析，
– Certbot在运行nginx -t时报告配置测试失败，但用户手动运行nginx -t却显示成功。
– Certbot是通过Snap安装的，那么它可能在沙盒环境中运行，权限受限，无法访问某些目录或文件。

2 最佳实践

certbot certonly --standalone -d www.cmdschool.org -d www.cmdschool.com -d www.cmdschool.cn

注：以上只是绕开插件获取证书的临时方案。