/usr/bin/certbot renew
このコマンドが以下のエラーで動きません。
Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/onsenlife.info.conf ------------------------------------------------------------------------------- Cert is due for renewal, auto-renewing... Plugins selected: Authenticator nginx, Installer nginx Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Renewing an existing certificate Performing the following challenges: http-01 challenge for onsenlife.info Waiting for verification... Cleaning up challenges Attempting to renew cert (onsenlife.info) from /etc/letsencrypt/renewal/onsenlife.info.conf produced an unexpected error: Failed authorization procedure. onsenlife.info (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://onsenlife.info/.well-known/acme-challenge/joR0ytQwi9KVdcbw42Cy-iCe1C4Cj23pWnkt963AhF8 [2400:6180:0:d0::e97:5001]: "\r\n404 Not Found \r\n\r\n\r\n 404 Not Found
". Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/onsenlife.info/fullchain.pem (failure) ------------------------------------------------------------------------------- All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/onsenlife.info/fullchain.pem (failure) ------------------------------------------------------------------------------- 1 renew failure(s), 0 parse failure(s) IMPORTANT NOTES: - The following errors were reported by the server: Domain: onsenlife.info Type: unauthorized Detail: Invalid response from http://onsenlife.info/.well-known/acme-challenge/joR0ytQwi9KVdcbw42Cy-iCe1C4Cj23pWnkt963AhF8 [2400:6180:0:d0::e97:5001]: "\r\n 404 Not Found \r\n\r\n\r\n 404 Not Found
" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
いろいろやってみるも変化なし。 結局、以下のコマンドで動いた。
sudo certbot renew --preferred-challenges http --webroot -w /usr/share/nginx/html
Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/onsenlife.info.conf ------------------------------------------------------------------------------- Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer nginx Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Renewing an existing certificate Performing the following challenges: http-01 challenge for onsenlife.info Using the webroot path /usr/share/nginx/html for all unmatched domains. Waiting for verification... Cleaning up challenges ------------------------------------------------------------------------------- new certificate deployed with reload of nginx server; fullchain is /etc/letsencrypt/live/onsenlife.info/fullchain.pem ------------------------------------------------------------------------------- Plugins selected: Authenticator webroot, Installer nginx ------------------------------------------------------------------------------- Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/onsenlife.info/fullchain.pem (success) -------------------------------------------------------------------------------
nginxを再起動し、SSL証明書の有効期限を確認する。
service nginx restart