certbot renew

投稿日: 投稿者: jg7sfrコメントする

certbot renew
更新できません。
pkg_resources.DistributionNotFound: The ‘acme>=1.6.0’ distribution was not found and is required by certbot

それと、時々pythonが実行できなくなる問題もあります。

その後
pkg install py37-acme
これでcertbot rewnewが実行できるようになった。
ただ、エラーの為更新できず。

# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
– – – –
Processing /usr/local/etc/letsencrypt/renewal/jg7sfr.mydns.jp.conf
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
– – – –
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for jg7sfr.mydns.jp
Using the webroot path /***wordpressのパス*** for all unmatched domains.
Waiting for verification…
Challenge failed for domain jg7sfr.mydns.jp
http-01 challenge for jg7sfr.mydns.jp
Cleaning up challenges
Attempting to renew cert (jg7sfr.mydns.jp) from
/usr/local/etc/letsencrypt/renewal/jg7sfr.mydns.jp.conf produced an
unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /usr/local/etc/letsencrypt/live/jg7sfr.mydns.jp/fullchain.pem (failure)

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
– – – –

All renewal attempts failed. The following certs could not be renewed:
/usr/local/etc/letsencrypt/live/jg7sfr.mydns.jp/fullchain.pem (failure)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
– – – –
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 – The following errors were reported by the server:

Domain: jg7sfr.mydns.jp
Type:   connection
Detail: Fetching

https://jg7sfr.mydns.jp/.well-known/acme-challenge/JCn9OrF01gGTjd-bm7RJaTT_P2LFBqxQz1hAXD8L75U:
Timeout during connect (likely firewall problem)

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
—————————————————————————————

certbot renew –dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
– – – –
Processing /usr/local/etc/letsencrypt/renewal/jg7sfr.mydns.jp.conf
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
– – – –
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for jg7sfr.mydns.jp
Using the webroot path /***wordpresのパス*** for all unmatched domains.
Waiting for verification…
Cleaning up challenges

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
– – – –
new certificate deployed without reload, fullchain is
/usr/local/etc/letsencrypt/live/jg7sfr.mydns.jp/fullchain.pem
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
– – – –
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
– – – –
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been
renewed:
  /usr/local/etc/letsencrypt/live/jg7sfr.mydns.jp/fullchain.pem (success)
** DRY RUN: simulating ‘certbot renew’ close to cert expiry
**          (The test certificates above have not been saved.)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
– – – –
root@jg7sfr:/***wordpressのパス***


更にその後、あれこれと調べて
ポート80番がファイヤーウォールで遮断されているとかそのような情報を見つけましたが、今回のは少し異なって・・・・
上記エラーでは
https://jg7sfr.mydns.jp/.well-known/acme-challenge/JCn9OrF01gGTjd-bm7RJaTT_P2LFBqxQz1hAXD8L75U:
Timeout during connect (likely firewall problem)
と書かれていましたので
.htaccessでhttpsに置き換えする処理があり動作できなかった模様。
一時的に.htaccessを無くして

#certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /usr/local/etc/letsencrypt/renewal/jg7sfr.mydns.jp.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for jg7sfr.mydns.jp
Using the webroot path ************ for all unmatched domains.
Waiting for verification…
Cleaning up challenges

new certificate deployed without reload, fullchain is
/usr/local/etc/letsencrypt/live/jg7sfr.mydns.jp/fullchain.pem

Congratulations, all renewals succeeded. The following certs have been renewed:
/usr/local/etc/letsencrypt/live/jg7sfr.mydns.jp/fullchain.pem (success)
#
# service apache24 restart
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 2071.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.
#

これでやっと更新されました。

.htaccessでの管理。少し考えたほうが良いのかもしれませんね。
更新の自動化ができませんので。

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です

CAPTCHA


日本語が含まれない投稿は無視されますのでご注意ください。(スパム対策)