1. fabric证书过期替换

1.1 记录需要修改目录

## 记录需要修改目录
fabric-ca/ordererOrg/tls-cert.pem

fabric-ca/org1/tls-cert.pem

fabric-ca/org1/tls-cert.pem

organizations/ordererOrganizations/example.com/msp/signcerts/cert.pem
organizations/ordererOrganizations/example.com/msp/keystore

organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/signcerts/cert.pem
organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/keystore

organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key

organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/signcerts/cert.pem
organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/keystore

organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/signcerts/cert.pem
organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/keystore

organizations/peerOrganizations/org2.example.com/msp/signcerts/cert.pem
organizations/peerOrganizations/org2.example.com/msp/keystore

organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/signcerts/cert.pem
organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/keystore

organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key

organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/signcerts/cert.pem
organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore

organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/signcerts/cert.pem
organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore

organizations/peerOrganizations/org2.example.com/users/User2@org1.example.com/msp/signcerts/cert.pem
organizations/peerOrganizations/org1.example.com/users/User@org1.example.com/msp/keystore

1.2 系统通道配置和普通通道配置证书对应关系

## org1
write-> fabric_node_ous-> admin_ou_identifier-> certificate=org1.example.com/peers/peer0.org1.example.com/msp/cacerts/localhost-7054-ca-org1.pem

write-> fabric_node_ous-> client_ou_identifier-> certificate=org1.example.com/peers/peer0.org1.example.com/msp/cacerts/localhost-7054-ca-org1.pem

write-> fabric_node_ous-> orderer_ou_identifier-> certificate=org1.example.com/peers/peer0.org1.example.com/msp/cacerts/localhost-7054-ca-org1.pem

write-> fabric_node_ous-> peer_ou_identifier-> certificate=org1.example.com/peers/peer0.org1.example.com/msp/cacerts/localhost-7054-ca-org1.pem

write->root_certs=org1.example.com/peers/peer0.org1.example.com/msp/cacerts/localhost-7054-ca-org1.pem
write->tls_root_certs=org1.example.com/peers/peer0.org1.example.com/msp/cacerts/localhost-7054-ca-org1.pem
## org2 
write-> fabric_node_ous-> admin_ou_identifier-> certificate=org2.example.com/peers/peer0.org2.example.com/msp/cacerts/localhost-8054-ca-org2.pem

write-> fabric_node_ous-> client_ou_identifier-> certificate=org2.example.com/peers/peer0.org2.example.com/msp/cacerts/localhost-8054-ca-org2.pem

write-> fabric_node_ous-> orderer_ou_identifier-> certificate=org2.example.com/peers/peer0.org2.example.com/msp/cacerts/localhost-8054-ca-org2.pem

write-> fabric_node_ous-> peer_ou_identifier-> certificate=org2.example.com/peers/peer0.org2.example.com/msp/cacerts/localhost-8054-ca-org2.pem

write->root_certs=org2.example.com/peers/peer0.org2.example.com/msp/cacerts/localhost-8054-ca-org2.pem
write->tls_root_certs=org2.example.com/peers/peer0.org2.example.com/msp/cacerts/localhost-8054-ca-org2.pem
## orderer 
msp->write->下的所有证书路径都是
orderer.example.com/msp/cacerts/localhost-9054-ca-orderer.pem
## 不同地方
consenters->client_tls_cert=orderer.example.com/tls/server.crt

consenters->server_tls_cert=orderer.example.com/tls/server.crt
## org2
signatures -> creator -> id_bytes =org2.example.com/users/Admin@org2.example.com/msp/signcerts/cert.pem
## orderer
signatures -> creator -> id_bytes =example.com/orderers/orderer.example.com/msp/signcerts

1.3 证书服务和节点签名和tls证书过期复原操作过程

## 背景
fabic-ca-server的tls-cert.pem证书过期
orderer peer里的所有msp目录下 keystore signcerts证书过期 
orderer peer里的所有tls目录下 keystore signcerts server.crt server.key证书过期 
并且其他证书没有过期
1.3.1 证书备份
## 1. 一定把过期的证书备份 后边还需要用到
sudo cp -r organizations organizations.bak
1.3.2 更新fabric-server的tls-cert.pem证书
1.3.2.1 移除fabric-server的tls-cert.pem证书
# ordererOrg org1 org2的tls-cert.pem都需要移除
## ordererorg
cd organizations/fabric-ca/ordererOrg
mv tls-cert.pem tls-cert.pem.bak
## org1
cd organizations/fabric-ca/org1
mv tls-cert.pem tls-cert.pem.bak
## org2
cd organizations/fabric-ca/org2
mv tls-cert.pem tls-cert.pem.bak
1.3.2.2 删掉所有fabric-server容器
docker stop ca_orderer
docker rm -f ca_orderer

docker stop ca_org1
docker rm -f ca_org1

docker stop ca_org2
docker rm -f ca_org2
1.3.2.3 重新启动所有fabric-server容器 生成新的tls-cert.pem
## 注意 这里只要没有删除tls-cert.pem其他目录,重启启动只有tls-cert.pem文件变了,其他文件都不变
## 这里是启动所有 如果你是每一个ca一个yaml都要启动 
docker-compose -f docke/docker-compose-ca.yaml up -d
1.3.3 更新节点过期证书
1.3.3.1 删除orderer过期证书
##### ##切记 一定把原来旧过期证书整体备份一下
## 1. 
cd organizations/ordererOrganizations/example.com/msp
rm -rf keystore/ signcerts/
## 2. 
cd organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp
rm -rf keystore/ signcerts/
## 3. 
cd organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls
rm -rf keystore/ signcerts/ server.crt server.key
## 4. 
cd organizations/ordererOrganizations/example.com/users/Admin@example.com/msp
rm -rf keystore/ signcerts/
1.3.3.2 删除org1 过期证书
## 1.
cd organizations/peerOrganizations/org1.example.com/msp
rm -rf keystore/ signcerts/
## 2.
cd organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp
rm -rf keystore/ signcerts/
## 3. 
cd organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls
rm -rf keystore/ signcerts/ server.crt server.key
## 4. 
cd organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
rm -rf keystore/ signcerts/
## 5. 
cd organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp
rm -rf keystore/ signcerts/
1.3.3.3 删除org2过期证书
## 1.
cd organizations/peerOrganizations/org2.example.com/msp
rm -rf keystore/ signcerts/
## 2.
cd organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp
rm -rf keystore/ signcerts/
## 3. 
cd organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls
rm -rf keystore/ signcerts/ server.crt server.key
## 4. 
cd organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
rm -rf keystore/ signcerts/
## 5. 
cd organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp
rm -rf keystore/ signcerts/
1.3.3.4 设置系统时间
## 此时间设置过期内的并临近过期时间,是为了生成证书在通道配置更新的时候,能够识别证书时间 
## 就是两套证书时间有个交集
## 或者当前系统时间生成证书有效期限包含过期时间,可以不需要设置过去系统时间
## 如果不确定设不设置,可以先执行重新生成证书,一旦证书不对,可以重新执行删除原先过期证书目录和文件,再确定设不设置,然后执行重新生成证书
sudo timedatectl set-ntp no
sudo date -s "2022-02-18 18:00:00"
1.3.3.5 重新生成过期的证书
## 脚本内容如下 就可以吧以上删除文件重新生成 并且原来没过期CA不变
## 脚本放在single目录下
#!/bin/bash

################ orderer ###############################

 export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com


# orderer organizations/ordererOrganizations/example.com/msp
./bin/fabric-ca-client enroll -u https://admin:adminpw@localhost:9054 --caname ca-orderer --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem


## orderer organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp
 ./bin/fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem


## orderer organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls
./bin/fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls --enrollment.profile tls --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem

## orderer  organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt server.key
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/signcerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/keystore/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key

## orderer organizations/ordererOrganizations/example.com/users/Admin@example.com/msp
./bin/fabric-ca-client enroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/ordererOrg/tls-cert.pem


################# org1 peer0 ###################

export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/

## peer organizations/peerOrganizations/org1.example.com/msp
./bin/fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 --caname ca-org1 --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem

## peer organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp
./bin/fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp --csr.hosts peer0.org1.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem

## peer  organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls
./bin/fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls --enrollment.profile tls --csr.hosts peer0.org1.example.com --csr.hosts localhost --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem

## peer organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt server.key
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/* ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key

## peer organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
./bin/fabric-ca-client enroll -u https://org1admin:org1adminpw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem

## peer organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp
./bin/fabric-ca-client enroll -u https://user1:user1pw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem



##################### org2 peer0 ###################

export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/

## peer organizations/peerOrganizations/org2.example.com/msp
./bin/fabric-ca-client enroll -u https://admin:adminpw@localhost:8054 --caname ca-org2 --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem

## peer organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp
./bin/fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp --csr.hosts peer0.org2.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem

## peer organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls
./bin/fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls --enrollment.profile tls --csr.hosts peer0.org2.example.com --csr.hosts localhost --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem

## peer  organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt server.key
cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/signcerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt
cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/keystore/* ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key

## peer organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
./bin/fabric-ca-client enroll -u https://org2admin:org2adminpw@localhost:8054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem

## peer organizations/peerOrganizations/org2.example.com/users/User2@org1.example.com/msp
./bin/fabric-ca-client enroll -u https://user1:user1pw@localhost:8054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
1.3.4 新的证书备份
mv  organizations organizations.new
1.3.5 改回旧的证书,调整系统时间回到证书没有过期时间
1.3.5.1 证书回归
cp organizations.bak organizations
1.3.5.2 设置系统时间
## 查看系统时间是否是过期证书有效期内 没有的话需要设置
sudo timedatectl set-ntp no
sudo date -s "2022-02-18 18:00:00"
1.3.6 重启停掉orderer peer容器
docker start orderer.example.com
docker start peer0.org1.example.com
docker start peer0.org2.example.com
1.3.7 修改系统通道过期证书
# system-channel
## 1. 环境变量 系统通道需要orderer 管理员身份修改
export FABRIC_CFG_PATH=${PWD}/config
export CORE_PEER_LOCALMSPID=OrdererMSP
export CORE_PEER_ADDRESS=localhost:7050
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp

export CHANNEL_NAME=system-channel

## 2. 拉取配置块
./bin/peer channel fetch config config_block.pb -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c system-channel --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

## 3. 解析配置块成json
./bin/configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > Sconfig.json

## 4. 
cp Sconfig.json  Modififid_config.json

## 5. 修改配置里证书
vim Modififid_config.json
修改证书,都是经过base64编码放入配置中的
### 具体对应 这些不用修改
Org1Msp.values.msp.value.config里的证书都是org1.example.com/peers/peer0.org1.example.com/msp/cacerts/localhost-7054-ca-org1.pem  的base64编码的

Org1Msp.values.msp.value.config里的证书都是org2.example.com/peers/peer0.org2.example.com/msp/cacerts/localhost-8054-ca-org2.pem  的base64编码的

orderer.group.values.msp.value.config里的证书都是orderer.example.com/msp/cacerts/localhost-9054-ca-orderer.pem 的base64编码的

### 要修改地方 是使用新的证书 经过base64编码替换相应位置的
配置里的orderer.group.values.ConsensusType里的证书都是
organizations/ordererOrganizations/example.com/orderers、orderer.example.com/tls/server.crt的base64编码的

## 6. 
./bin/configtxlator proto_encode --input Sconfig.json --type common.Config >original_config.pb

## 7. 
./bin/configtxlator proto_encode --input Modififid_config.json --type common.Config >Smodified_config.pb

## 8.
./bin/configtxlator compute_update --channel_id system-channel --original original_config.pb --updated Smodified_config.pb >Sconfig_update.pb

## 9.
./bin/configtxlator proto_decode --input Sconfig_update.pb --type common.ConfigUpdate >Sconfig_update.json

## 10.
echo '{"payload":{"header":{"channel_header":{"channel_id":"system-channel", "type":2}},"data":{"config_update":'$(cat Sconfig_update.json)'}}}' | jq . >Sconfig_update_in_envelope.json

## 11.
./bin/configtxlator proto_encode --input Sconfig_update_in_envelope.json --type common.Envelope >Sconfig_update_in_envelope.pb

##12. 统一用orderer身体提交即可
./bin/peer channel update -f Sconfig_update_in_envelope.pb -c system-channel -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
## 出现以下结果就可
2022-02-18 19:19:49.882 CST [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2022-02-18 19:19:49.900 CST [channelCmd] update -> INFO 002 Successfully submitted channel update
1.3.8 修改普通通道过期证书
# hxyz
## 1. 设置org1 peer0环境变量
export FABRIC_CFG_PATH=${PWD}/config
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=localhost:7051
export CHANNEL_NAME=hxyz

## 2.使用peer0 org1拉取普通通道区块配置
./bin/peer channel fetch config config_block.pb -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c hxyz --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

## 3. 
./bin/configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json

## 4. 
cp config.json  Modififid_config.json

## 5. 替换证书
vim Modififid_config.json
修改证书,都是经过base64编码放入配置中的
### 具体对应
Org1Msp.values.msp.value.config里的证书都是org1.example.com/peers/peer0.org1.example.com/msp/cacerts/localhost-7054-ca-org1.pem  的base64编码的

Org1Msp.values.msp.value.config里的证书都是org2.example.com/peers/peer0.org2.example.com/msp/cacerts/localhost-8054-ca-org2.pem  的base64编码的

orderer.group.values.msp.value.config里的证书都是orderer.example.com/msp/cacerts/localhost-9054-ca-orderer.pem 的base64编码的

### 要修改地方 使用新的证书 base64编码替换相应位置
orderer.group.values.ConsensusType里的证书都是
organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt的base64编码的

## 6.
./bin/configtxlator proto_encode --input config.json --type common.Config >original_config.pb

## 7. 
./bin/configtxlator proto_encode --input Modififid_config.json --type common.Config >modified_config.pb

## 8.
./bin/configtxlator compute_update --channel_id hxyz --original original_config.pb --updated modified_config.pb >config_update.pb

## 9.
./bin/configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate >config_update.json

## 10.
echo '{"payload":{"header":{"channel_header":{"channel_id":"hxyz", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json

## 11.
./bin/configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope >config_update_in_envelope.pb

## 12 .
### org1 签名
./bin/peer channel signconfigtx -f config_update_in_envelope.pb


##13. 使用orderer身份提交 不再是org1或者org2 Admin身份提交了
./bin/peer channel update -f config_update_in_envelope.pb -c hxyz -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
## 出现以下结果就可
2022-02-18 19:19:49.882 CST [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2022-02-18 19:19:49.900 CST [channelCmd] update -> INFO 002 Successfully submitted channel update
1.3.9 停掉容器
docker stop orderer.example.com
docker stop peer0.org1.example.com
docker stop peer0.org2.example.com
1.3.10 重新使用新的证书
rm -rf organizations
cp -r organizations.new organizations
1.3.11 重新启动容器
docker start orderer.example.com
docker start peer0.org1.example.com
docker start peer0.org2.example.com
1.3.12 验证链码读写数据
1.3.13 恢复系统数据自动检查配置
timedatectl set-ntp yes