sslエラーが出たので期限が切れた証明書を更新する

自動更新していたはずだがなぜか切れてしまったので手動更新する

cd /root/certbot/
root@plusload:~/certbot# ./certbot-auto renew
Your system is not supported by certbot-auto anymore.
Certbot will no longer receive updates.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/plusload.net.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
Attempting to renew cert (plusload.net) from /etc/letsencrypt/renewal/plusload.net.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/plusload.net/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/plusload.net/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
root@plusload:~/certbot#

うわ!失効したら更新できないなので証明書を新規で入れなおす。

こちらを参考に一応バックアップをとって新規取得してみる。

このとおり「ドメイン」-0001のディレクトリが出来ていて証明書へのパスが変更されている。

root@plusload:~/certbot# ll /etc/letsencrypt/live/
合計 20
drwx------ 4 root root 4096 12月 19 10:39 ./
drwxr-xr-x 9 root root 4096 12月 19 10:39 ../
-rwxr-xr-x 1 root root  740  9月 19 13:15 README*
drwxr-xr-x 3 root root 4096 12月 19 10:37 _bk/
drwxr-xr-x 2 root root 4096 12月 19 10:39 plusload.net-0001/

なので一旦nginxを停めて再起動すると起動できずにエラー。

root@plusload:~/certbot# systemctl start nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.

なので

root@plusload:~/certbot# vi /etc/nginx/sites-available/default

で以下を修正する。

ssl_certificate   /etc/letsencrypt/live/plusload.net-0001/fullchain.pem;
ssl_certificate_key  /etc/letsencrypt/live/plusload.net-0001/privkey.pem;

これで

systemctl start nginx

元に戻る

で、crontabを確認する

user@plusload:~$ crontab -e
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
#
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h  dom mon dow   command
0 0,4,8,12,16,20 * * * /usr/bin/wget -O - 'http://ieserver.net/cgi-bin/dip.cgi?username=plusload&domain=dip.jp&password=pass&updatehost=1' > /dev/null

あれ?ieserverしかない?なんで?書き忘れた?なので以下を追記

# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
#
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h  dom mon dow   command
0 1 1 * * root /root/certbot/certbot-auto renew -force-renew && systemctl restart nginx
0 0,4,8,12,16,20 * * * /usr/bin/wget -O - 'http://ieserver.net/cgi-bin/dip.cgi?username=plusload&domain=dip.jp&password=pass&updatehost=1' > /dev/null

まあ、これでいけんだろ。

コメントを残す

メールアドレスが公開されることはありません。必須項目には印がついています *

日本語が含まれない投稿は無視されますのでご注意ください。(スパム対策)