![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
#author("2025-01-24T10:28:19+09:00","default:kuji","kuji") #author("2025-01-24T10:38:18+09:00","default:kuji","kuji") CONTENTS #contents ---- Lastmodified &lastmod; ---- *FQDN を変更する [#o989c3b4] サーバダウンのため、急遽予備サーバのFQDNを変更することにした。 例えば www.smb.net というウエブサーバがダウン、sun1.smb.net というサーバを代替機としてみる。 sun1.smb.net/etc/rc.conf の2行をwww.smb.netの値に変更 hostname="blackcube.smb.net" ifconfig_em1="inet 219.117.246.201 netmask 0xffffffe0" 再起動する。 www.smb.net へアクセスするもSSL証明書が元のsun1のままなので、https とならない。 以下編集中 1001 8:36 cd /usr/local/etc 1002 8:36 ll 1003 8:37 tar cvfzp letsencrypt_tar.gz letsencrypt 1004 8:37 ll 1005 8:46 cd /usr/ports/security/py-certbot 1006 8:46 make reinstall 1007 8:54 apachectl stop 1008 8:57 certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net Stopping apache24. Waiting for PIDS: 6238. root@blackcube:/usr/ports/security/py-certbot:25_01_18:8:54 # certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): root@smb.net - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Account registered. Requesting a certificate for www.smb.net Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: www.smb.net Type: connection Detail: 219.117.246.201: Fetching http://www.smb.net/.well-known/acme-challenge/y7tazO3vpYAPeSLpOOW3SDqUwmJISkTRjiL-3ZGQYGE: Connection refused Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the pr ovided --webroot-path/-w and that files created there can be downloaded from the internet. Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. root@blackcube:/usr/ports/security/py-certbot:25_01_18:8:59 # cd root@blackcube:~:25_01_18:9:02 # root@blackcube:~:25_01_18:9:02 # root@blackcube:~:25_01_18:9:02 # root@blackcube:~:25_01_18:9:02 # certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for www.smb.net Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: www.smb.net Type: connection Detail: 219.117.246.201: Fetching http://www.smb.net/.well-known/acme-challenge/miWELeNVP4ndM7h5xb1RMrJdFNvPxpCrVF95yTyuXIE: Connection refused Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the pr ovided --webroot-path/-w and that files created there can be downloaded from the internet. Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. root@blackcube:~:25_01_18:9:02 # apachectl start Performing sanity check on apache24 configuration: AH00526: Syntax error on line 23 of /usr/local/etc/apache24/extra/httpd-ssl.conf: SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem' does not exist or is empty Starting apache24. AH00526: Syntax error on line 23 of /usr/local/etc/apache24/extra/httpd-ssl.conf: SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem' does not exist or is empty /usr/local/etc/rc.d/apache24: WARNING: failed to start apache24 root@blackcube:~:25_01_18:9:02 # root@blackcube:~:25_01_18:9:03 # root@blackcube:~:25_01_18:9:03 # apachectl start Performing sanity check on apache24 configuration: httpd: Syntax error on line 528 of /usr/local/etc/apache24/httpd.conf: Could not open configuration file /usr/local/etc/apache24/extra/httpd-ssl.conf: No such file or directory Starting apache24. httpd: Syntax error on line 528 of /usr/local/etc/apache24/httpd.conf: Could not open configuration file /usr/local/etc/apache24/extra/httpd-ssl.conf: No such file or directory /usr/local/etc/rc.d/apache24: WARNING: failed to start apache24 root@blackcube:~:25_01_18:9:04 # root@blackcube:~:25_01_18:9:12 # root@blackcube:~:25_01_18:9:12 # root@blackcube:~:25_01_18:9:12 # apachectl start Performing sanity check on apache24 configuration: Syntax OK Starting apache24. root@blackcube:~:25_01_18:9:12 # certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for www.smb.net Successfully received certificate. Certificate is saved at: /usr/local/etc/letsencrypt/live/www.smb.net/fullchain.pem Key is saved at: /usr/local/etc/letsencrypt/live/www.smb.net/privkey.pem This certificate expires on 2025-04-17. These files will be updated when the certificate renews. NEXT STEPS: - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to e nable that functionality. See https://certbot.org/renewal-setup for instructions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - root@blackcube:~:25_01_18:9:12 # apachectl restart Performing sanity check on apache24 configuration: httpd: Syntax error on line 529 of /usr/local/etc/apache24/httpd.conf: Could not open configuration file /usr/local/etc/apache24/extra/httpd-ssl.conf: No such file or directory root@blackcube:~:25_01_18:9:14 # apachectl restart Performing sanity check on apache24 configuration: AH00526: Syntax error on line 23 of /usr/local/etc/apache24/extra/httpd-ssl.conf: SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem' does not exist or is empty root@blackcube:~:25_01_18:9:15 # root@blackcube:~:25_01_18:9:16 # root@blackcube:~:25_01_18:9:16 # root@blackcube:~:25_01_18:9:16 # apachectl restart Performing sanity check on apache24 configuration: Syntax OK Stopping apache24. Waiting for PIDS: 9324. Performing sanity check on apache24 configuration: Syntax OK Starting apache24. root@blackcube:~:25_01_18:9:16 # root@blackcube:~:25_01_18:9:18 # df -h Filesystem Size Used Avail Capacity Mounted on /dev/ada0p2 7.0T 1.0T 5.5T 15% / devfs 1.0K 0B 1.0K 0% /dev root@blackcube:~:25_01_18:10:14 # [blackcube][ (0* csh) ][01/18/25 10:16 AM] Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. root@blackcube:/usr/ports/security/py-certbot:25_01_18:8:59 # cd root@blackcube:~:25_01_18:9:02 # root@blackcube:~:25_01_18:9:02 # root@blackcube:~:25_01_18:9:02 # root@blackcube:~:25_01_18:9:02 # certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for www.smb.net Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: www.smb.net Type: connection Detail: 219.117.246.201: Fetching http://www.smb.net/.well-known/acme-challenge/miWELeNVP4ndM7h5xb1RMrJdFNvPxpCrVF95yTyuXIE: Connection refused Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet. Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details. root@blackcube:~:25_01_18:9:02 # apachectl start Performing sanity check on apache24 configuration: AH00526: Syntax error on line 23 of /usr/local/etc/apache24/extra/httpd-ssl.conf: SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem' does not exist or is empty Starting apache24. AH00526: Syntax error on line 23 of /usr/local/etc/apache24/extra/httpd-ssl.conf: SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem' does not exist or is empty /usr/local/etc/rc.d/apache24: WARNING: failed to start apache24 root@blackcube:~:25_01_18:9:02 # root@blackcube:~:25_01_18:9:03 # root@blackcube:~:25_01_18:9:03 # apachectl start Performing sanity check on apache24 configuration: httpd: Syntax error on line 528 of /usr/local/etc/apache24/httpd.conf: Could not open configuration file /usr/local/etc/apache24/extra/httpd-ssl.conf: No such file or directory Starting apache24. httpd: Syntax error on line 528 of /usr/local/etc/apache24/httpd.conf: Could not open configuration file /usr/local/etc/apache24/extra/httpd-ssl.conf: No such file or directory /usr/local/etc/rc.d/apache24: WARNING: failed to start apache24 root@blackcube:~:25_01_18:9:04 # root@blackcube:~:25_01_18:9:12 # root@blackcube:~:25_01_18:9:12 # root@blackcube:~:25_01_18:9:12 # apachectl start Performing sanity check on apache24 configuration: Syntax OK Starting apache24. root@blackcube:~:25_01_18:9:12 # certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for www.smb.net Successfully received certificate. Certificate is saved at: /usr/local/etc/letsencrypt/live/www.smb.net/fullchain.pem Key is saved at: /usr/local/etc/letsencrypt/live/www.smb.net/privkey.pem This certificate expires on 2025-04-17. These files will be updated when the certificate renews. NEXT STEPS: - The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - root@blackcube:~:25_01_18:9:12 # apachectl restart Performing sanity check on apache24 configuration: httpd: Syntax error on line 529 of /usr/local/etc/apache24/httpd.conf: Could not open configuration file /usr/local/etc/apache24/extra/httpd-ssl.conf: No such file or directory root@blackcube:~:25_01_18:9:14 # apachectl restart Performing sanity check on apache24 configuration: AH00526: Syntax error on line 23 of /usr/local/etc/apache24/extra/httpd-ssl.conf: SSLCertificateFile: file '/usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem' does not exist or is empty root@blackcube:~:25_01_18:9:15 # root@blackcube:~:25_01_18:9:16 # root@blackcube:~:25_01_18:9:16 # root@blackcube:~:25_01_18:9:16 # apachectl restart Performing sanity check on apache24 configuration: Syntax OK Stopping apache24. Waiting for PIDS: 9324. Performing sanity check on apache24 configuration: Syntax OK Starting apache24. root@blackcube:~:25_01_18:9:16 # 1009 9:02 cd 1010 9:02 certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net 1011 9:02 apachectl start 1012 9:04 apachectl start 1013 9:12 apachectl start 1014 9:12 certbot certonly --webroot -w /usr/local/www/apache24/data -d www.smb.net 1015 9:14 apachectl restart 1016 9:15 apachectl restart 1017 9:16 apachectl restart /usr/local/etc/postfix/main.cf を編集 myhostname = blackcube.smb.net /usr/local/etc/apache24/httpd.conf ServerName sun1.smb.net:80 /usr/local/etc/munin/munin.conf # a simple host tree [sun1.smb.net] address 127.0.0.1 use_node_name yes ---- Total access &counter(total);:本日 &counter(today);:昨日 &counter(yesterday); #counter([total|today|yesterday]);
