- 追加された行はこの色です。
- 削除された行はこの色です。
#author("2018-12-11T12:55:49+09:00","default:kuji","kuji")
#author("2018-12-14T05:42:38+09:00","default:kuji","kuji")
CONTENTS
#contents
----
Lastmodified &lastmod;
----
*No renewals were attempted [#wac051bb]
Let's Encrypt certificate expiration notice for domain "FQDN"
というメールが来たので、・・・
** # certbot renew [#b075ae89]
したら、・・・
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
え”!?
/var/log/letsencrypt/letsencrypt.log
2018-12-11 06:35:50,075:DEBUG:certbot.main:certbot version: 0.29.1
2018-12-11 06:35:50,076:DEBUG:certbot.main:Arguments: []
2018-12-11 06:35:50,076:DEBUG:certbot.main:Discovered plugins:
PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-12-11 06:35:50,162:DEBUG:certbot.log:Root logging level set at 20
2018-12-11 06:35:50,163:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-12-11 06:35:50,224:DEBUG:certbot.renewal:no renewal failures
** # certbot [#t525bb80]
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn't know how to automatically configure the web server on this system.
However, it can still get a certificate for you. Please run "certbot certonly" to do so.
You'll need to manually configure your web server to use the resulting certificate.
* py-certbotを再インストールする [#w2060974]
450 11:25 cd /usr/ports/security/py-certbot
451 11:25 ll
452 11:25 make deinstall
453 11:25 portinstall security/py-certbot
# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/blackcube.smb.net.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.smb.net.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certs are not due for renewal yet:
/etc/letsencrypt/live/blackcube.smb.net/fullchain.pem expires on 2019-03-10 (skipped)
/etc/letsencrypt/live/www.smb.net/fullchain.pem expires on 2019-03-10 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ありゃ!? .pem の位置が変わっとるではないかっ!
結局、&color(red){ports のインストール場所がかわっていて、certbot renew の結果が反映されていなかった、という落ち}; orz
/usr/local/etc/letsencrypt ⇒ /etc/letsencrypt/
もう・・・・
* # certbot certonly --standalone -d piano2nd.smb.net [#xfd60e1e]
/usr/local/etc/letsencrypt以下のキーなどを移動しても、シンボリックリンクなどの動作がささくれるので、一から再作成するほうがクリーンかも。
ということで、Apacheをいったん止めてから作成。
* /usr/local/etc/apache24/extra/httpd-ssl.conf 改訂 [#v40311e6]
pemの在処を "/etc/letsencrypt/live/www.smb.net/fullchain.pem" へと変更(/user/localを消去)。
<VirtualHost _default_:443>
: :
SSLCertificateFile "/etc/letsencrypt/live/www.smb.net/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/www.smb.net/privkey.pem"
: :
</VirtualHost>
【参考URL】
https://freebsd.sing.ne.jp/daily/13/03.html
https://qiita.com/ma7ma7pipipi/items/679c555b66de99e01e58
----
Total access &counter(total);:本日 &counter(today);:昨日 &counter(yesterday);
#counter([total|today|yesterday]);