Let's Encrypt再設定
dukehideLet's Encrypt関連のエラー…ではなく、期限が切れたとのメールが来てしまったのですが…ナニソレ、イミワカンナイ!
≫記事『Let's Encryptインストールと設定』
何とも運悪く更新1日の差で期限が切れてしまいましたが、こうなるとHTTPS接続ができません。HTTPで接続しようにもHSTSの設定があるので、ブラウザのキャッシュを削除する必要があります。
再度Let's Encryptの設定をしないとなりませんが、その前に以下のフォルダ内にあるデータを削除しないとダメなようです。
/etc/letsencrypt/live/
/etc/letsencrypt/archive/
/etc/letsencrypt/renewal/
/etc/letsencrypt/archive/
/etc/letsencrypt/renewal/
# /usr/local/certbot/certbot-auto certonly --webroot -w /var/www/html/ -m mailaddress@dukehide.dip.jp -d dukehide.dip.jp --agree-tos
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dukehide.dip.jp
Using the webroot path /data/web/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/dukehide.dip.jp/fullchain.pem. Your cert will
expire on 2017-09-01. To obtain a new or tweaked version of this
certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for dukehide.dip.jp
Using the webroot path /data/web/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/dukehide.dip.jp/fullchain.pem. Your cert will
expire on 2017-09-01. To obtain a new or tweaked version of this
certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
ともあれこれで再びHTTPS接続が可能となりました。更新スクリプトが『/etc/cron.monthly/』にあると今回のように数日の差で期限切れとなってしまう可能性もあるので、『/etc/cron.d/』に移動しました。
# mv /etc/cron.monthly/certbot /root/certbot.sh
# touch /etc/cron.d/certbot
# echo 00 0 1 * * root /root/certbot.sh >> /etc/cron.d/certbot
# touch /etc/cron.d/certbot
# echo 00 0 1 * * root /root/certbot.sh >> /etc/cron.d/certbot
毎月1日0:00に更新するようにしました。これでダメなら期限切れ直前に手動更新で対応します。
Follow me!
