#author("2018-12-15T04:20:38+09:00","default:kuji","kuji") CONTENTS #contents ---- Lastmodified &lastmod; ---- *No renewals were attempted [#wac051bb] Let's Encrypt certificate expiration notice for domain "FQDN" というメールが来たので、・・・ ** # certbot renew [#b075ae89] したら、・・・ Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - No renewals were attempted. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - え”!? /var/log/letsencrypt/letsencrypt.log 2018-12-11 06:35:50,075:DEBUG:certbot.main:certbot version: 0.29.1 2018-12-11 06:35:50,076:DEBUG:certbot.main:Arguments: [] 2018-12-11 06:35:50,076:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2018-12-11 06:35:50,162:DEBUG:certbot.log:Root logging level set at 20 2018-12-11 06:35:50,163:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2018-12-11 06:35:50,224:DEBUG:certbot.renewal:no renewal failures ** # certbot [#t525bb80] Saving debug log to /var/log/letsencrypt/letsencrypt.log Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate. * py-certbotを再インストールする [#w2060974] 450 11:25 cd /usr/ports/security/py-certbot 451 11:25 ll 452 11:25 make deinstall 453 11:25 portinstall security/py-certbot # certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/blackcube.smb.net.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/www.smb.net.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/blackcube.smb.net/fullchain.pem expires on 2019-03-10 (skipped) /etc/letsencrypt/live/www.smb.net/fullchain.pem expires on 2019-03-10 (skipped) No renewals were attempted. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ありゃ!? .pem の位置が変わっとるではないかっ! 結局、&color(red){ports のインストール場所がかわっていて、certbot renew の結果が反映されていなかった、という落ち}; orz /usr/local/etc/letsencrypt ⇒ /etc/letsencrypt/ もう・・・・ と、思っていたら、 *【2018年12月15日】 [#g358a6ab] Name : py27-certbot Version : 0.29.1_2,1 Installed on : Sat Dec 15 04:13:13 2018 JST &color(red){でインストール先が本へ戻りました。}; orz もう・・・・・・ * # certbot certonly --standalone -d piano2nd.smb.net [#xfd60e1e] /usr/local/etc/letsencrypt以下のキーなどを移動しても、シンボリックリンクなどの動作がささくれるので、一から再作成するほうがクリーンかも。 ということで、Apacheをいったん止めてから作成。 * /usr/local/etc/apache24/extra/httpd-ssl.conf 改訂 [#v40311e6] pemの在処を "/etc/letsencrypt/live/www.smb.net/fullchain.pem" へと変更(/user/localを消去)。 <VirtualHost _default_:443> : : SSLCertificateFile "/etc/letsencrypt/live/www.smb.net/fullchain.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/www.smb.net/privkey.pem" : : </VirtualHost> 【参考URL】 https://freebsd.sing.ne.jp/daily/13/03.html https://qiita.com/ma7ma7pipipi/items/679c555b66de99e01e58 ---- Total access &counter(total);:本日 &counter(today);:昨日 &counter(yesterday); #counter([total|today|yesterday]);