{"id":372,"date":"2021-05-07T18:25:07","date_gmt":"2021-05-07T09:25:07","guid":{"rendered":"https:\/\/plusload.net\/?p=372"},"modified":"2021-05-10T17:05:02","modified_gmt":"2021-05-10T08:05:02","slug":"certbot%e3%81%8c%e8%a8%bc%e6%98%8e%e6%9b%b8%e3%81%ae%e6%9b%b4%e6%96%b0%e3%81%ab%e5%a4%b1%e6%95%97%e3%81%99%e3%82%8b","status":"publish","type":"post","link":"https:\/\/plusload.net\/?p=372","title":{"rendered":"certbot\u304c\u8a3c\u660e\u66f8\u306e\u66f4\u65b0\u306b\u5931\u6557\u3059\u308b\u306e\u3067\u8a3c\u660e\u66f8\u3092\u4f5c\u308a\u76f4\u3057\u3066\u307f\u308b\u304c\u4ed5\u69d8\u304c\u5909\u66f4\u3055\u308c\u3066\u3044\u308b\u3088\u3046\u306a\u306e\u3067certbot\u3092\u66f4\u65b0\u3082\u3057\u3066\u304a\u304f"},"content":{"rendered":"<pre>root@plusload:~\/certbot# .\/certbot-auto renew\r\nCert is due for renewal, auto-renewing...\r\nPlugins selected: Authenticator standalone, Installer None\r\nRenewing an existing certificate\r\nPerforming the following challenges:\r\nhttp-01 challenge for plusload.net\r\nCleaning up challenges\r\nAttempting to renew cert (plusload.net-0001) from \/etc\/letsencrypt\/renewal\/plusload.net-0001.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.<\/pre>\n<p>\u3068\u51fa\u3066\u8a3c\u660e\u66f8\u306e\u66f4\u65b0\u306b\u5931\u6557\u3059\u308b\u306e\u3067\u4ee5\u4e0b\u3092\u8a66\u3057\u305f\u3002<\/p>\n<pre>root@plusload:~\/certbot# .\/certbot-auto certonly -d plusload.net\r\nYour system is not supported by certbot-auto anymore.\r\ncertbot-auto and its Certbot installation will no longer receive updates.\r\nYou will not receive any bug fixes including those fixing server compatibility\r\nor security problems.\r\nPlease visit https:\/\/certbot.eff.org\/ to check for other alternatives.\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\nHow would you like to authenticate with the ACME CA?\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n1: Apache Web Server plugin (apache)\r\n2: Nginx Web Server plugin (nginx)\r\n3: Spin up a temporary webserver (standalone)\r\n4: Place files in webroot directory (webroot)\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nSelect the appropriate number [1-4] then [enter] (press 'c' to cancel): 4\r\nPlugins selected: Authenticator webroot, Installer None\r\nCert is due for renewal, auto-renewing...\r\nRenewing an existing certificate\r\nPerforming the following challenges:\r\nhttp-01 challenge for plusload.net\r\nInput the webroot for plusload.net: (Enter 'c' to cancel):\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n does not exist or is not a directory\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nInput the webroot for plusload.net: (Enter 'c' to cancel): \/var\/www\/wordpress\r\nWaiting for verification...\r\nCleaning up challenges\r\n\r\nIMPORTANT NOTES:\r\n - Congratulations! Your certificate and chain have been saved at:\r\n   \/etc\/letsencrypt\/live\/plusload.net-0001\/fullchain.pem\r\n   Your key file has been saved at:\r\n   \/etc\/letsencrypt\/live\/plusload.net-0001\/privkey.pem\r\n   Your cert will expire on 2021-08-05. To obtain a new or tweaked\r\n   version of this certificate in the future, simply run certbot-auto\r\n   again. To non-interactively renew *all* of your certificates, run\r\n   \"certbot-auto renew\"\r\n - If you like Certbot, please consider supporting our work by:\r\n\r\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\r\n   Donating to EFF:                    https:\/\/eff.org\/donate-le\r\n<\/pre>\n<p>\u306a\u3093\u304b\u6210\u529f\u3057\u305f\u3063\u307d\u3044\u3002\u306a\u306e\u3067\u666e\u901a\u306b\u8a66\u3057\u3066\u307f\u308b\u3002<\/p>\n<pre>root@plusload:~\/certbot# .\/certbot-auto renew\r\nYour system is not supported by certbot-auto anymore.\r\ncertbot-auto and its Certbot installation will no longer receive updates.\r\nYou will not receive any bug fixes including those fixing server compatibility\r\nor security problems.\r\nPlease visit https:\/\/certbot.eff.org\/ to check for other alternatives.\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nProcessing \/etc\/letsencrypt\/renewal\/plusload.net-0001.conf\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nCert not yet due for renewal\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nProcessing \/etc\/letsencrypt\/renewal\/plusload.net.conf\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nThe following certs are not due for renewal yet:\r\n  \/etc\/letsencrypt\/live\/plusload.net-0001\/fullchain.pem expires on 2021-08-05 (skipped)\r\nNo renewals were attempted.\r\n\r\nAdditionally, the following renewal configurations were invalid:\r\n  \/etc\/letsencrypt\/renewal\/plusload.net.conf (parsefail)\r\n<\/pre>\n<p>8\u67085\u65e5\u307e\u3067\u4e09\u304b\u6708\u4f38\u3073\u305f\u307f\u305f\u3044\u3002<\/p>\n<p>\u3067\u3082\u3001certbot\u306e\u4ed5\u69d8\u304c\u5909\u66f4\u306b\u306a\u3063\u305f\u3089\u3057\u3044\u3002\u3060\u304b\u3089<\/p>\n<pre>root@plusload~:# certbot-auto renew<\/pre>\n<p>\u304c\u4f7f\u3048\u306a\u304f\u306a\u3063\u305f\u3088\u3046\u3060\u3002\u306a\u306e\u3067<a href=\"https:\/\/certbot.eff.org\/lets-encrypt\/ubuntubionic-nginx\">\u3053\u3061\u3089<\/a>\u3092\u53c2\u8003\u306bcertbot\u306e\u66f4\u65b0\u3092\u3059\u308b\u3002\u305f\u3060\u3057\u5185\u5bb9\u306fubuntu\u3067nginx\u306e\u5834\u5408\u3002\u5225\u306e\u5834\u5408\u306f\u30c8\u30c3\u30d7\u306b\u623b\u3063\u3066\u74b0\u5883\u306b\u3042\u308f\u305b\u3066\u9805\u76ee\u3092\u9078\u629e\u3057\u305f\u30da\u30fc\u30b8\u3092\u898b\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>Ubuntu\u306e\u5834\u5408\u306f\u6700\u521d\u304b\u3089snaped\u306f\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u308b\u3089\u3057\u3044\u3002<br \/>\n\u306a\u306e\u3067<\/p>\n<pre>root@plusload~:# sudo snap install core\r\nroot@plusload~:# sudo snap refresh core<\/pre>\n<p>\u3067\u3001certbot\u3092\u524a\u9664\u3059\u308b\u3002<\/p>\n<pre>root@plusload~:# sudo apt-get remove certbot<\/pre>\n<p>\u50d5\u306e\u74b0\u5883\u306e\u5834\u5408\u306f\u4ee5\u964d\u3067\u30a8\u30e9\u30fc\u304c\u51fa\u305f<\/p>\n<pre>root@plusload~:# sudo snap install --classic certbot\r\n\r\nerror: snap \"certbot\" is not available on stable but is available to install on\r\nthe following channels:\r\n\r\nedge snap install --edge certbot\r\n\r\nPlease be mindful pre-release channels may include features not\r\ncompletely tested or implemented. Get more information with 'snap info\r\ncertbot'.\r\n\r\n<\/pre>\n<p>\u306a\u306e\u3067<\/p>\n<pre>root@plusload~:# sudo snap install --edge certbot --classic\r\ncertbot (edge) 1.5.0-22-g961c57386 from Certbot Project (certbot-eff?) installed\r\n<\/pre>\n<p>\u3088\u304f\u308f\u304b\u3089\u3093\u304cedge\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066certbot\u306e\u5b58\u5728\u3092\u78ba\u8a8d\u3059\u308b\u3002<\/p>\n<pre>root@plusload~:# sudo snap install --classic certbot\r\nsnap \"certbot\" is already installed, see 'snap help refresh'<\/pre>\n<p>\u65e2\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u308b\u3068\u51fa\u3066\u3044\u308b\u3002\u306a\u306e\u3067\u7d9a\u3051\u3066<\/p>\n<pre>root@plusload:~$ sudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot\r\nroot@plusload:~$ sudo certbot --nginx\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nPlugins selected: Authenticator nginx, Installer nginx\r\n\r\nWhich names would you like to activate HTTPS for?\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n1: plusload.net\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nSelect the appropriate numbers separated by commas and\/or spaces, or leave input\r\nblank to select all options shown (Enter 'c' to cancel):\r\nAttempting to parse the version 1.9.0 renewal configuration file found at \/etc\/letsencrypt\/renewal\/plusload.net-0001.conf with version 1.6.0.dev0 of Certbot. This might not work.\r\nAttempting to parse the version 1.8.0 renewal configuration file found at \/etc\/letsencrypt\/renewal\/plusload.net.conf with version 1.6.0.dev0 of Certbot. This might not work.\r\nCert not yet due for renewal\r\n\r\nYou have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.\r\n(ref: \/etc\/letsencrypt\/renewal\/plusload.net-0001.conf)\r\n\r\nWhat would you like to do?\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n1: Attempt to reinstall this existing certificate\r\n2: Renew &amp; replace the cert (limit ~5 per 7 days)\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 #\u5f15\u304d\u7d9a\u304d\u8a3c\u660e\u66f8\u3092\u4f7f\u3046\u306e\u30672\u3092\u9078\u629e\r\nRenewing an existing certificate\r\nDeploying Certificate to VirtualHost \/etc\/nginx\/sites-enabled\/default\r\nnginx: [warn] conflicting server name \"plusload.net\" on 0.0.0.0:80, ignored\r\nnginx: [warn] conflicting server name \"plusload.net\" on 0.0.0.0:80, ignored\r\nnginx: [warn] conflicting server name \"plusload.net\" on [::]:80, ignored\r\nRedirecting all traffic on port 80 to ssl in \/etc\/nginx\/sites-enabled\/default\r\nnginx: [warn] conflicting server name \"plusload.net\" on 0.0.0.0:80, ignored\r\nnginx: [warn] conflicting server name \"plusload.net\" on 0.0.0.0:80, ignored\r\nnginx: [warn] conflicting server name \"plusload.net\" on [::]:80, ignored\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nYour existing certificate has been successfully renewed, and the new certificate\r\nhas been installed.\r\n\r\nThe new certificate covers the following domains: https:\/\/plusload.net\r\n\r\nYou should test your configuration at:\r\nhttps:\/\/www.ssllabs.com\/ssltest\/analyze.html?d=plusload.net\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nIMPORTANT NOTES:\r\n- Congratulations! Your certificate and chain have been saved at:\r\n\/etc\/letsencrypt\/live\/plusload.net-0001\/fullchain.pem\r\nYour key file has been saved at:\r\n\/etc\/letsencrypt\/live\/plusload.net-0001\/privkey.pem\r\nYour cert will expire on 2021-08-08. To obtain a new or tweaked\r\nversion of this certificate in the future, simply run certbot again\r\nwith the \"certonly\" option. To non-interactively renew *all* of\r\nyour certificates, run \"certbot renew\"\r\n- If you like Certbot, please consider supporting our work by:\r\n\r\nDonating to ISRG \/ Let's Encrypt: https:\/\/letsencrypt.org\/donate\r\nDonating to EFF: https:\/\/eff.org\/donate-le\r\n\r\nroot@plusload:~$ sudo certbot renew --dry-run\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nProcessing \/etc\/letsencrypt\/renewal\/plusload.net-0001.conf\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nCert not due for renewal, but simulating renewal for dry run\r\nPlugins selected: Authenticator nginx, Installer nginx\r\nRenewing an existing certificate\r\nPerforming the following challenges:\r\nhttp-01 challenge for plusload.net\r\nnginx: [warn] conflicting server name \"plusload.net\" on 0.0.0.0:80, ignored\r\nnginx: [warn] conflicting server name \"plusload.net\" on 0.0.0.0:80, ignored\r\nnginx: [warn] conflicting server name \"plusload.net\" on [::]:80, ignored\r\nWaiting for verification...\r\nCleaning up challenges\r\nnginx: [warn] conflicting server name \"plusload.net\" on 0.0.0.0:80, ignored\r\nnginx: [warn] conflicting server name \"plusload.net\" on 0.0.0.0:80, ignored\r\nnginx: [warn] conflicting server name \"plusload.net\" on [::]:80, ignored\r\nnginx: [warn] conflicting server name \"plusload.net\" on 0.0.0.0:80, ignored\r\nnginx: [warn] conflicting server name \"plusload.net\" on 0.0.0.0:80, ignored\r\nnginx: [warn] conflicting server name \"plusload.net\" on [::]:80, ignored\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nnew certificate deployed with reload of nginx server; fullchain is\r\n\/etc\/letsencrypt\/live\/plusload.net-0001\/fullchain.pem\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nProcessing \/etc\/letsencrypt\/renewal\/plusload.net.conf\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nAttempting to parse the version 1.8.0 renewal configuration file found at \/etc\/letsencrypt\/renewal\/plusload.net.conf with version 1.6.0.dev0 of Certbot. This might not work.\r\n\r\nTraceback (most recent call last):\r\nFile \"\/snap\/certbot\/356\/lib\/python3.6\/site-packages\/certbot\/_internal\/renewal.py\", line 64, in _reconstitute\r\nrenewal_candidate = storage.RenewableCert(full_path, config)\r\nFile \"\/snap\/certbot\/356\/lib\/python3.6\/site-packages\/certbot\/_internal\/storage.py\", line 466, in __init__\r\nself._check_symlinks()\r\nFile \"\/snap\/certbot\/356\/lib\/python3.6\/site-packages\/certbot\/_internal\/storage.py\", line 533, in _check_symlinks\r\n\"expected {0} to be a symlink\".format(link))\r\ncertbot.errors.CertStorageError: expected \/etc\/letsencrypt\/live\/plusload.net\/cert.pem to be a symlink\r\nRenewal configuration file \/etc\/letsencrypt\/renewal\/plusload.net.conf is broken. Skipping.\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n** DRY RUN: simulating 'certbot renew' close to cert expiry\r\n** (The test certificates below have not been saved.)\r\n\r\nCongratulations, all renewals succeeded. The following certs have been renewed:\r\n\/etc\/letsencrypt\/live\/plusload.net-0001\/fullchain.pem (success)\r\n\r\nAdditionally, the following renewal configurations were invalid:\r\n\/etc\/letsencrypt\/renewal\/plusload.net.conf (parsefail)\r\n** DRY RUN: simulating 'certbot renew' close to cert expiry\r\n** (The test certificates above have not been saved.)\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n0 renew failure(s), 1 parse failure(s)\r\n\r\nIMPORTANT NOTES:\r\n- Your account credentials have been saved in your Certbot\r\nconfiguration directory at \/etc\/letsencrypt. You should make a\r\nsecure backup of this folder now. This configuration directory will\r\nalso contain certificates and private keys obtained by Certbot so\r\nmaking regular backups of this folder is ideal.\r\n\r\n<\/pre>\n<p>\u6210\u529f\u3057\u3066\u3044\u308b\u3088\u3046\u3060\u3002\u306a\u306e\u3067\u30b3\u30de\u30f3\u30c9\u304c\u5909\u308f\u3063\u3066\u3044\u308b\u306e\u3067crontab\u3082\u66f4\u65b0\u3057\u3066\u304a\u304f\u3002<\/p>\n<pre>root@plusload:~$ crontab -e\r\n\r\n0 1 1 * * sudo certbot renew &amp;&amp; systemctl restart nginx &gt; \/home\/root\/log\/certbot.log<\/pre>\n<p>\u3053\u308c\u3067\u66f4\u65b0\u3055\u308c\u308b\u3060\u308d\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>root@plusload:~\/certbot# .\/certbot-auto renew Cert is due for renewal, auto-renewing&#8230; Plugins selected: Auth&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15,6],"tags":[],"class_list":["post-372","post","type-post","status-publish","format-standard","hentry","category-ghostscan","category-ubuntu"],"_links":{"self":[{"href":"https:\/\/plusload.net\/index.php?rest_route=\/wp\/v2\/posts\/372","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/plusload.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/plusload.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/plusload.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/plusload.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=372"}],"version-history":[{"count":6,"href":"https:\/\/plusload.net\/index.php?rest_route=\/wp\/v2\/posts\/372\/revisions"}],"predecessor-version":[{"id":378,"href":"https:\/\/plusload.net\/index.php?rest_route=\/wp\/v2\/posts\/372\/revisions\/378"}],"wp:attachment":[{"href":"https:\/\/plusload.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=372"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/plusload.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=372"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/plusload.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=372"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}