FQDN を変更するの履歴(No.2)

履歴一覧
差分を表示
現在との差分を表示
ソースを表示
FQDN を変更するへ行く。
- 1 (2025-01-18 (土) 11:57:46)
- 2 (2025-01-18 (土) 11:58:28)

CONTENTS

FQDN を変更する

Lastmodified　2025-01-24 (金) 10:38:18

FQDN を変更する†

サーバダウンのため、急遽予備サーバのFQDNを変更することにした。

例えば www.smb.net というウエブサーバがダウン、sun1.smb.net というサーバを代替機としてみる。

sun1.smb.net/etc/rc.conf の2行をwww.smb.netの値に変更

hostname="blackcube.smb.net"
ifconfig_em1="inet 219.117.246.201 netmask 0xffffffe0"

再起動する。　www.smb.net へアクセスするもSSL証明書が元のsun1のままなので、https とならない。

以下編集中

 1001  8:36    cd /usr/local/etc
 1002  8:36    ll
 1003  8:37    tar cvfzp letsencrypt_tar.gz letsencrypt
 1004  8:37    ll
 1005  8:46    cd /usr/ports/security/py-certbot
 1006  8:46    make reinstall
 1007  8:54    apachectl stop
 1008  8:57    certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net

Stopping apache24.
Waiting for PIDS: 6238.
root@blackcube:/usr/ports/security/py-certbot:25_01_18:8:54 # certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): root@smb.net

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for www.smb.net

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: www.smb.net
  Type:   connection
  Detail: 219.117.246.201: Fetching http://www.smb.net/.well-known/acme-challenge/y7tazO3vpYAPeSLpOOW3SDqUwmJISkTRjiL-3ZGQYGE: Connection refused

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the pr ovided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more  details.
root@blackcube:/usr/ports/security/py-certbot:25_01_18:8:59 # cd
root@blackcube:~:25_01_18:9:02 #
root@blackcube:~:25_01_18:9:02 #
root@blackcube:~:25_01_18:9:02 #
root@blackcube:~:25_01_18:9:02 # certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for www.smb.net

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: www.smb.net
  Type:   connection
  Detail: 219.117.246.201: Fetching http://www.smb.net/.well-known/acme-challenge/miWELeNVP4ndM7h5xb1RMrJdFNvPxpCrVF95yTyuXIE: Connection refused

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the pr ovided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more  details.
root@blackcube:~:25_01_18:9:02 # apachectl start
Performing sanity check on apache24 configuration:
AH00526: Syntax error on line 23 of /usr/local/etc/apache24/extra/httpd-ssl.conf:
SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem' does not exist or is empty
Starting apache24.
AH00526: Syntax error on line 23 of /usr/local/etc/apache24/extra/httpd-ssl.conf:
SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem' does not exist or is empty
/usr/local/etc/rc.d/apache24: WARNING: failed to start apache24
root@blackcube:~:25_01_18:9:02 #
root@blackcube:~:25_01_18:9:03 #
root@blackcube:~:25_01_18:9:03 # apachectl start
Performing sanity check on apache24 configuration:
httpd: Syntax error on line 528 of /usr/local/etc/apache24/httpd.conf: Could not open configuration file /usr/local/etc/apache24/extra/httpd-ssl.conf: No such file  or directory
Starting apache24.
httpd: Syntax error on line 528 of /usr/local/etc/apache24/httpd.conf: Could not open configuration file /usr/local/etc/apache24/extra/httpd-ssl.conf: No such file  or directory
/usr/local/etc/rc.d/apache24: WARNING: failed to start apache24
root@blackcube:~:25_01_18:9:04 #
root@blackcube:~:25_01_18:9:12 #
root@blackcube:~:25_01_18:9:12 #
root@blackcube:~:25_01_18:9:12 # apachectl start
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
root@blackcube:~:25_01_18:9:12 # certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for www.smb.net

Successfully received certificate.
Certificate is saved at: /usr/local/etc/letsencrypt/live/www.smb.net/fullchain.pem
Key is saved at:         /usr/local/etc/letsencrypt/live/www.smb.net/privkey.pem
This certificate expires on 2025-04-17.
These files will be updated when the certificate renews.

NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to e nable that functionality. See https://certbot.org/renewal-setup for instructions.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@blackcube:~:25_01_18:9:12 # apachectl restart
Performing sanity check on apache24 configuration:
httpd: Syntax error on line 529 of /usr/local/etc/apache24/httpd.conf: Could not open configuration file /usr/local/etc/apache24/extra/httpd-ssl.conf: No such file  or directory
root@blackcube:~:25_01_18:9:14 # apachectl restart
Performing sanity check on apache24 configuration:
AH00526: Syntax error on line 23 of /usr/local/etc/apache24/extra/httpd-ssl.conf:
SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem' does not exist or is empty
root@blackcube:~:25_01_18:9:15 #
root@blackcube:~:25_01_18:9:16 #
root@blackcube:~:25_01_18:9:16 #
root@blackcube:~:25_01_18:9:16 # apachectl restart
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 9324.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
root@blackcube:~:25_01_18:9:16 #
root@blackcube:~:25_01_18:9:18 # df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/ada0p2    7.0T    1.0T    5.5T    15%    /
devfs          1.0K      0B    1.0K     0%    /dev
root@blackcube:~:25_01_18:10:14 #
[blackcube][                                                             (0* csh)                                                              ][01/18/25 10:16 AM]
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@blackcube:/usr/ports/security/py-certbot:25_01_18:8:59 # cd
root@blackcube:~:25_01_18:9:02 #
root@blackcube:~:25_01_18:9:02 #
root@blackcube:~:25_01_18:9:02 #
root@blackcube:~:25_01_18:9:02 # certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for www.smb.net

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: www.smb.net
  Type:   connection
  Detail: 219.117.246.201: Fetching http://www.smb.net/.well-known/acme-challenge/miWELeNVP4ndM7h5xb1RMrJdFNvPxpCrVF95yTyuXIE: Connection refused

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@blackcube:~:25_01_18:9:02 # apachectl start
Performing sanity check on apache24 configuration:
AH00526: Syntax error on line 23 of /usr/local/etc/apache24/extra/httpd-ssl.conf:
SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem' does not exist or is empty
Starting apache24.
AH00526: Syntax error on line 23 of /usr/local/etc/apache24/extra/httpd-ssl.conf:
SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem' does not exist or is empty
/usr/local/etc/rc.d/apache24: WARNING: failed to start apache24
root@blackcube:~:25_01_18:9:02 #
root@blackcube:~:25_01_18:9:03 #
root@blackcube:~:25_01_18:9:03 # apachectl start
Performing sanity check on apache24 configuration:
httpd: Syntax error on line 528 of /usr/local/etc/apache24/httpd.conf: Could not open configuration file /usr/local/etc/apache24/extra/httpd-ssl.conf: No such file or directory
Starting apache24.
httpd: Syntax error on line 528 of /usr/local/etc/apache24/httpd.conf: Could not open configuration file /usr/local/etc/apache24/extra/httpd-ssl.conf: No such file or directory
/usr/local/etc/rc.d/apache24: WARNING: failed to start apache24
root@blackcube:~:25_01_18:9:04 #
root@blackcube:~:25_01_18:9:12 #
root@blackcube:~:25_01_18:9:12 #
root@blackcube:~:25_01_18:9:12 # apachectl start
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
root@blackcube:~:25_01_18:9:12 # certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for www.smb.net

Successfully received certificate.
Certificate is saved at: /usr/local/etc/letsencrypt/live/www.smb.net/fullchain.pem
Key is saved at:         /usr/local/etc/letsencrypt/live/www.smb.net/privkey.pem
This certificate expires on 2025-04-17.
These files will be updated when the certificate renews.

NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@blackcube:~:25_01_18:9:12 # apachectl restart
Performing sanity check on apache24 configuration:
httpd: Syntax error on line 529 of /usr/local/etc/apache24/httpd.conf: Could not open configuration file /usr/local/etc/apache24/extra/httpd-ssl.conf: No such file or directory
root@blackcube:~:25_01_18:9:14 # apachectl restart
Performing sanity check on apache24 configuration:
AH00526: Syntax error on line 23 of /usr/local/etc/apache24/extra/httpd-ssl.conf:
SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem' does not exist or is empty
root@blackcube:~:25_01_18:9:15 #
root@blackcube:~:25_01_18:9:16 #
root@blackcube:~:25_01_18:9:16 #
root@blackcube:~:25_01_18:9:16 # apachectl restart
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 9324.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
root@blackcube:~:25_01_18:9:16 #

 1009  9:02    cd
 1010  9:02    certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net
 1011  9:02    apachectl start
 1012  9:04    apachectl start
 1013  9:12    apachectl start
 1014  9:12    certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net
 1015  9:14    apachectl restart
 1016  9:15    apachectl restart
 1017  9:16    apachectl restart

Total access 77：本日 2：昨日 0

Counter: 77, today: 2, yesterday: 0

FQDN を変更する の履歴(No.2)

FQDN を変更する†

FQDN を変更するの履歴(No.2)