新規導入から三ヶ月弱経過。
cronで回している「~/letsencrypt/venv/bin/certbot renew」が更新できなかった旨エラーを吐いている。
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with –manual-auth-hook when using the manual plugin non-interactively.’)
Failed to renew certificate www.globefish.jp with error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with –manual-auth-hook when using the manual plugin non-interactively.’)
どうやら手動で更新する必要がある?
以下のコマンドを叩いてみる…
~/letsencrypt/venv/bin/certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.logHow would you like to authenticate with the ACME CA?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: Obtain certificates using a DNS TXT record (if you are using Cloudflare for DNS). (dns-cloudflare)
2: Obtain certificates using a DNS TXT record (if you are using CloudXNS for DNS). (dns-cloudxns)
3: Obtain certificates using a DNS TXT record (if you are using DigitalOcean for DNS). (dns-digitalocean)
4: Obtain certificates using a DNS TXT record (if you are using DNSimple for DNS). (dns-dnsimple)
5: Obtain certificates using a DNS TXT record (if you are using DNS Made Easy for DNS). (dns-dnsmadeeasy)
6: Obtain certificates using a DNS TXT record (if you are using Gehirn Infrastructure Service for DNS). (dns-gehirn)
7: Obtain certificates using a DNS TXT record (if you are using Google Cloud DNS for DNS). (dns-google)
8: Obtain certificates using a DNS TXT record (if you are using Linode for DNS).(dns-linode)
9: Obtain certificates using a DNS TXT record (if you are using LuaDNS for DNS).(dns-luadns)
10: Obtain certificates using a DNS TXT record (if you are using NS1 for DNS).(dns-nsone)
11: Obtain certificates using a DNS TXT record (if you are using OVH for DNS).(dns-ovh)
12: Obtain certificates using a DNS TXT record (if you are using BIND for DNS).(dns-rfc2136)
13: Obtain certificates using a DNS TXT record (if you are using AWS Route53 for DNS). (dns-route53)
14: Obtain certificates using a DNS TXT record (if you are using Sakura Cloud for DNS). (dns-sakuracloud)
15: Spin up a temporary webserver (standalone)
16: Place files in webroot directory (webroot)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-16] then [enter] (press ‘c’ to cancel):
登録時は .well-known以下のディレクトリに指示されたファイルを配置して認証したし、1~14は違うようだ。
とりあえず 15を選択し、ドメイン名を入力して Expandを選択してみる…
Select the appropriate number [1-16] then [enter] (press ‘c’ to cancel): 15
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): www.globefish.jp– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/www.globefish.jp.conf)It contains these names: www.globefish.jp
You requested these names for the new certificate: www.globefish.jp,
www.globefish.jp.Do you want to expand and replace this existing certificate with the new
certificate?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(E)xpand/(C)ancel: e
Renewing an existing certificate for www.globefish.jp and www.globefish.jp
Performing the following challenges:
http-01 challenge for www.globefish.jp
http-01 challenge for www.globefish.jp
Waiting for verification…
Cleaning up challengesIMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.globefish.jp/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.globefish.jp/privkey.pem
Your certificate will expire on 2021-09-04. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run “certbot renew”
– If you like Certbot, please consider supporting our work by:Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
どうやらうまく行ったようだ。
次回更新時は 16の webrootを試してみよう。
こちらはファイルシステムを直接見に行って更新してくれるモードっぽく、コマンドラインからちゃちゃっと出来ちゃう模様。*1
~/letsencrypt/venv/bin/certbot certonly –webroot -w /var/www/sample/public -d xxxx.sample.com
*1 今回使った standalonも同じように出来るのかも。