Walf's questions

当使用https://dkimvalidator.com/之类的工具来验证 DKIM、SPF、DMARC 等的配置以从 Web 服务器发送邮件时，我收到如下警告：

0.0 SPF_HELO_NONE SPF：HELO 不发布 SPF 记录

即使分数没有受到真正的影响，这似乎是一个不好的信号。我该如何摆脱它？

该certbot命令提供了两个在自动续订后运行的挂钩，来自文档：

 --post-hook POST_HOOK
                       Command to be run in a shell after attempting to
                       obtain/renew certificates. Can be used to deploy
                       renewed certificates, or to restart any servers that
                       were stopped by --pre-hook. This is only run if an
                       attempt was made to obtain/renew a certificate. If
                       multiple renewed certificates have identical post-
                       hooks, only one will be run. (default: None)
 --deploy-hook DEPLOY_HOOK
                       Command to be run in a shell once for each
                       successfully issued certificate. For this command, the
                       shell variable $RENEWED_LINEAGE will point to the
                       config live subdirectory (for example,
                       "/etc/letsencrypt/live/example.com") containing the
                       new certificates and keys; the shell variable
                       $RENEWED_DOMAINS will contain a space-delimited list
                       of renewed certificate domains (for example,
                       "example.com www.example.com" (default: None)

这个问题在这个（现已关闭的）LE 线程中进行了概述，基本上是关于最大限度地减少对服务的中断。POST_HOOK每次尝试更新时都会执行，即使没有颁发证书，但只有一次。这使得不必要地重新启动服务成为可能。DEPLOY_HOOK为每个成功的证书续订运行。如果一个人使用DEPLOY_HOOK, 并且有多个证书，则每个服务可能会在一次足够的情况下重新启动多次。有关更新挂钩的更多信息，请点击此处。

我使用一种完全不会中断我的服务的发行方法，例如：

certbot certonly --webroot ...

或者

certbot certonly --dns-PROVIDER ...

我只想重新启动/重新加载每个依赖服务一次，并且只有在其证书实际更改的情况下。