有馬総一郎のブログ

(彼氏の事情)

2016年10月03日 01:16:00 JST - 2 minute read - Linux

Let's Encryptの証明書更新

Ubuntu 16.04

件名 Let’s Encrypt certificate expiration notice
差出人 expiry@letsencrypt.org

Let’s Encryptの証明書期限が切れかかっているとメールがきたので、証明書を更新することに。

その前にCertbotクライアントの更新。

arimasou16@ubuntu:~/certbot$ git pull

では、証明書更新ができるかテスト

arimasou16@ubuntu:~/certbot$ /home/arimasou16/certbot/certbot-auto renew --dry-run
Requesting root privileges to run certbot...
  /home/arimasou16/.local/share/letsencrypt/bin/letsencrypt renew --dry-run
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/success.co.jp.conf
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/failure.co.jp.conf
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
The program apache2 (process ID 6502) is already listening on TCP port 80. This
will prevent us from binding to that port. Please stop the apache2 program
temporarily and then try again. For automated renewal, you may want to use a
script that stops and starts your webserver. You can find an example at
https://letsencrypt.org/howitworks/#writing-your-own-renewal-script.
Alternatively you can use the webroot plugin to renew without needing to stop
and start your webserver.
-------------------------------------------------------------------------------
2016-10-02 23:26:54,817:WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/failure.co.jp.conf produced an unexpected error: At least one of the (possibly) required ports is already taken.. Skipping.
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)
The following certs were successfully renewed:
  /etc/letsencrypt/live/success.co.jp/fullchain.pem (success)
The following certs could not be renewed:
  /etc/letsencrypt/live/failure.co.jp/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

一つが成功して、もう一つは失敗。というか、そもそも下のドメイン使ってない…前に間違えて登録したドメインも更新しようとしてエラーになってるっぽい。

arimasou16@ubuntu:~/certbot$ sudo ls /etc/letsencrypt/archive/
failure.co.jp  success.co.jp
arimasou16@ubuntu:~/certbot$ sudo ls /etc/letsencrypt/live
failure.co.jp  success.co.jp
arimasou16@ubuntu:~/certbot$ sudo ls /etc/letsencrypt/renewal/
failure.co.jp.conf  success.co.jp.conf

failure.co.jpの方は削除。renewal の方は conf が付く。

arimasou16@ubuntu:~/certbot$ sudo rm -r /etc/letsencrypt/live/failure.co.jp
arimasou16@ubuntu:~/certbot$ sudo rm -r /etc/letsencrypt/archive/failure.co.jp
arimasou16@ubuntu:~/certbot$ sudo rm -r /etc/letsencrypt/renewal/failure.co.jp.conf

再度、実行。

arimasou16@ubuntu:~/certbot$ /home/arimasou16/certbot/certbot-auto renew --dry-run
Requesting root privileges to run certbot...
  /home/arimasou16/.local/share/letsencrypt/bin/letsencrypt renew --dry-run
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/success.co.jp.conf
-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/success.co.jp/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
arimasou16@ubuntu:~/certbot$

テストでなく、証明書更新を実行。

arimasou16@ubuntu:~/certbot$ /home/arimasou16/certbot/certbot-auto renew 
Requesting root privileges to run certbot...
  /home/arimasou16/.local/share/letsencrypt/bin/letsencrypt renew
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/success.co.jp.conf
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/success.co.jp/fullchain.pem
-------------------------------------------------------------------------------
Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/success.co.jp/fullchain.pem (success)
arimasou16@ubuntu:~/certbot$ 

成功したので、apache2を再起動

arimasou16@ubuntu:~/certbot$ sudo service apache2 restart 

証明書期限の更新を確認。

Tags: Ubuntu Server

Windows 10 インストールメモ Ubuntu16.04でお手軽になったZFSを使ってみる