$ sudo ./acme.sh --upgrade
./acme.sh: line 6192: cd: /home/username/.acme.sh: No such file or directory
[Fri Apr 30 09:47:22 CST 2021] Installing from online archive.
[Fri Apr 30 09:47:22 CST 2021] Downloading https://github.com/Neilpang/acme.sh/archive/master.tar.gz
touch: cannot touch '/home/username/.acme.sh/http.header': No such file or directory
[Fri Apr 30 09:48:36 CST 2021] Extracting master.tar.gz
[Fri Apr 30 09:48:36 CST 2021] It is recommended to install socat first.
[Fri Apr 30 09:48:36 CST 2021] We use socat for standalone server if you use standalone mode.
[Fri Apr 30 09:48:36 CST 2021] If you don't use standalone mode, just ignore this warning.
[Fri Apr 30 09:48:36 CST 2021] Installing to /home/username/.acme.sh
[Fri Apr 30 09:48:36 CST 2021] Installed to /home/username/.acme.sh/acme.sh
[Fri Apr 30 09:48:36 CST 2021] Good, bash is found, so change the shebang to use bash as preferred.
[Fri Apr 30 09:48:37 CST 2021] OK
[Fri Apr 30 09:48:37 CST 2021] Install success!
[Fri Apr 30 09:48:37 CST 2021] Upgrade success!

升级后的文件是放在 home 目录下的，所以要 cp 过来：
1
$ sudo cp ~/.acme.sh/acme.sh .

手动执行一次定时任务。注意加上 —force，原因：sudo · acmesh-official/acme.sh Wiki

$ sudo "/etc/letsencrypt"/acme.sh --cron --home "/etc/letsencrypt"
[Fri Apr 30 09:53:20 CST 2021] ===Starting cron===
[Fri Apr 30 09:53:21 CST 2021] Renew: 'northcloudgate.com'
[Fri Apr 30 09:53:22 CST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Fri Apr 30 09:53:22 CST 2021] Single domain='northcloudgate.com'
[Fri Apr 30 09:53:22 CST 2021] Getting domain auth token for each domain
[Fri Apr 30 09:53:25 CST 2021] Getting webroot for domain='northcloudgate.com'
[Fri Apr 30 09:53:25 CST 2021] Verifying: northcloudgate.com
[Fri Apr 30 09:53:30 CST 2021] Success
[Fri Apr 30 09:53:30 CST 2021] Verify finished, start to sign.
[Fri Apr 30 09:53:30 CST 2021] Lets finalize the order.
[Fri Apr 30 09:53:30 CST 2021] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/64051473/9381845272'
[Fri Apr 30 09:53:31 CST 2021] Downloading cert.
[Fri Apr 30 09:53:31 CST 2021] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/03175a17da415b526b37dedf518750770ddc'
[Fri Apr 30 09:53:32 CST 2021] Cert success.
-----BEGIN CERTIFICATE-----
CERTIFICATE CONTENT==
-----END CERTIFICATE-----
[Fri Apr 30 09:53:32 CST 2021] Your cert is in  /etc/letsencrypt/northcloudgate.com/northcloudgate.com.cer
[Fri Apr 30 09:53:32 CST 2021] Your cert key is in  /etc/letsencrypt/northcloudgate.com/northcloudgate.com.key
[Fri Apr 30 09:53:32 CST 2021] The intermediate CA cert is in  /etc/letsencrypt/northcloudgate.com/ca.cer
[Fri Apr 30 09:53:32 CST 2021] And the full chain certs is there:  /etc/letsencrypt/northcloudgate.com/fullchain.cer
[Fri Apr 30 09:53:32 CST 2021] Run reload cmd: nginx -s reload
[Fri Apr 30 09:53:32 CST 2021] Reload success
[Fri Apr 30 09:53:32 CST 2021] ===End cron===

重启 Ghost：

$ cd /var/www/ghost
$ ghost restart
+ sudo systemctl is-active ghost_northcloudgate-com
+ sudo systemctl restart ghost_northcloudgate-com
✔ Restarting Ghost

然后，就又可以看到安全的小白锁了，证书也有效了：

博客恢复]

彩蛋

在 Google ”您的连接不是私密连接“这个问题的时候，意外发现了一个神奇操作：

”thisisunsafe“：这是我见过的最神奇最离奇的操作了，没有之一。当你遇到”您的连接不是私密连接“错误的时候，直接在当前页面”凭空“输入这个字符串，就可以进去页面了。注意是凭空，不是地址栏，你看不到你所输入的东西。#有用而有趣的冷知识 https://t.co/TnZ5a5o5LN
— Alan Lee (@bluekirin93) April 30, 2021

即，当你遇到“您的连接不是私密连接”错误的时候，直接在当前页面“凭空”输入 thisisunsafe，就可以进去页面了。注意是凭空，不是地址栏，你是看不到你所输入的东西的。

而且根据 reddit 上的说法，

这个 bypass word 之前是 badidea，再之前是 danger。
Chrome 65 的时候把 badidea 改成了 thisisnotsafe 又改成了 thisisunsafe。而且还用 base64 加密了。

bypass word 更改

此外前文提到的 flask 服务也恢复正常了。

Ghost SSL 证书过期的解决办法

目录

问题

原因

解决

彩蛋

Reference

END

Alan Lee