![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
CONTENTS
Lastmodified 2023-09-04 (月) 17:52:43
明日が某サイトの「サイト証明書」の期限なので、certbot renew すると、なんと・・・エラー!!!
# certbot renew
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot==2.6.0', 'console_scripts', 'certbot')())
File "/usr/local/bin/certbot", line 25, in importlib_load_entry_point
return next(matches).load()
File "/usr/local/lib/python3.9/importlib/metadata.py", line 86, in load
module = import_module(match.group('module'))
File "/usr/local/lib/python3.9/importlib/__init__.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 850, in exec_module
File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
File "/usr/local/lib/python3.9/site-packages/certbot/main.py", line 6, in <module>
from certbot._internal import main as internal_main
File "/usr/local/lib/python3.9/site-packages/certbot/_internal/main.py", line 21, in <module>
import josepy as jose
File "/usr/local/lib/python3.9/site-packages/josepy/__init__.py", line 40, in <module>
from josepy.json_util import (
File "/usr/local/lib/python3.9/site-packages/josepy/json_util.py", line 14, in <module>
from OpenSSL import crypto
File "/usr/local/lib/python3.9/site-packages/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import crypto, SSL
File "/usr/local/lib/python3.9/site-packages/OpenSSL/crypto.py", line 3279, in <module>
_lib.OpenSSL_add_all_algorithms()
AttributeError: module 'lib' has no attribute 'OpenSSL_add_all_algorithms'
certbot実行時のエラーを見て、こりゃ大変だと思いましたが、とりあえず、
portupgrade -ar --batch
してから、certbot renew したら・・・
# certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /usr/local/etc/letsencrypt/renewal/sun1.smb.net.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Hook 'pre-hook' ran with output: Stopping apache24. Waiting for PIDS: 44612. Renewing an existing certificate for sun1.smb.net - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded: /usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Hook 'post-hook' ran with output: Performing sanity check on apache24 configuration: Starting apache24. Hook 'post-hook' ran with error output: Syntax OK
と、通った!! ギリ・セーフw
Let's Encrypt certificate expiration notice for domain "FQDN"
というメールが来たので、・・・
したら、・・・
Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - No renewals were attempted. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
え”!?
/var/log/letsencrypt/letsencrypt.log
2018-12-11 06:35:50,075:DEBUG:certbot.main:certbot version: 0.29.1 2018-12-11 06:35:50,076:DEBUG:certbot.main:Arguments: [] 2018-12-11 06:35:50,076:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot) 2018-12-11 06:35:50,162:DEBUG:certbot.log:Root logging level set at 20 2018-12-11 06:35:50,163:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2018-12-11 06:35:50,224:DEBUG:certbot.renewal:no renewal failures
Saving debug log to /var/log/letsencrypt/letsencrypt.log Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
450 11:25 cd /usr/ports/security/py-certbot 451 11:25 ll 452 11:25 make deinstall 453 11:25 portinstall security/py-certbot
# certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/blackcube.smb.net.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/www.smb.net.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/blackcube.smb.net/fullchain.pem expires on 2019-03-10 (skipped) /etc/letsencrypt/live/www.smb.net/fullchain.pem expires on 2019-03-10 (skipped) No renewals were attempted. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ありゃ!? .pem の位置が変わっとるではないかっ!
結局、ports のインストール場所がかわっていて、certbot renew の結果が反映されていなかった、という落ち orz
/usr/local/etc/letsencrypt ⇒ /etc/letsencrypt/
もう・・・・
と、思っていたら、
Name : py27-certbot Version : 0.29.1_2,1 Installed on : Sat Dec 15 04:13:13 2018 JST
でインストール先が本へ戻りました。 orz
もう・・・・・・
/usr/local/etc/letsencrypt以下のキーなどを移動しても、シンボリックリンクなどの動作がささくれるので、一から再作成するほうがクリーンかも。
ということで、Apacheをいったん止めてから作成。
pemの在処を "/etc/letsencrypt/live/www.smb.net/fullchain.pem" へと変更(/user/localを消去)。
<VirtualHost _default_:443>
: :
SSLCertificateFile "/etc/letsencrypt/live/www.smb.net/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/www.smb.net/privkey.pem"
: :
</VirtualHost>
【参考URL】
https://freebsd.sing.ne.jp/daily/13/03.html
https://qiita.com/ma7ma7pipipi/items/679c555b66de99e01e58
Total access 1188:本日 2:昨日 0
