新規導入から三ヶ月弱経過。
cronで回している「~/letsencrypt/venv/bin/certbot renew」が更新できなかった旨エラーを吐いている。
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with –manual-auth-hook when using the manual plugin non-interactively.’)
Failed to renew certificate www.globefish.jp with error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘An authentication script must be provided with –manual-auth-hook when using the manual plugin non-interactively.’)
どうやら手動で更新する必要がある?
以下のコマンドを叩いてみる…
~/letsencrypt/venv/bin/certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.logHow would you like to authenticate with the ACME CA?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: Obtain certificates using a DNS TXT record (if you are using Cloudflare for DNS). (dns-cloudflare)
2: Obtain certificates using a DNS TXT record (if you are using CloudXNS for DNS). (dns-cloudxns)
3: Obtain certificates using a DNS TXT record (if you are using DigitalOcean for DNS). (dns-digitalocean)
4: Obtain certificates using a DNS TXT record (if you are using DNSimple for DNS). (dns-dnsimple)
5: Obtain certificates using a DNS TXT record (if you are using DNS Made Easy for DNS). (dns-dnsmadeeasy)
6: Obtain certificates using a DNS TXT record (if you are using Gehirn Infrastructure Service for DNS). (dns-gehirn)
7: Obtain certificates using a DNS TXT record (if you are using Google Cloud DNS for DNS). (dns-google)
8: Obtain certificates using a DNS TXT record (if you are using Linode for DNS).(dns-linode)
9: Obtain certificates using a DNS TXT record (if you are using LuaDNS for DNS).(dns-luadns)
10: Obtain certificates using a DNS TXT record (if you are using NS1 for DNS).(dns-nsone)
11: Obtain certificates using a DNS TXT record (if you are using OVH for DNS).(dns-ovh)
12: Obtain certificates using a DNS TXT record (if you are using BIND for DNS).(dns-rfc2136)
13: Obtain certificates using a DNS TXT record (if you are using AWS Route53 for DNS). (dns-route53)
14: Obtain certificates using a DNS TXT record (if you are using Sakura Cloud for DNS). (dns-sakuracloud)
15: Spin up a temporary webserver (standalone)
16: Place files in webroot directory (webroot)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-16] then [enter] (press ‘c’ to cancel):
登録時は .well-known以下のディレクトリに指示されたファイルを配置して認証したし、1~14は違うようだ。
とりあえず 15を選択し、ドメイン名を入力して Expandを選択してみる…
Select the appropriate number [1-16] then [enter] (press ‘c’ to cancel): 15
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): www.globefish.jp– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/www.globefish.jp.conf)It contains these names: www.globefish.jp
You requested these names for the new certificate: www.globefish.jp,
www.globefish.jp.Do you want to expand and replace this existing certificate with the new
certificate?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(E)xpand/(C)ancel: e
Renewing an existing certificate for www.globefish.jp and www.globefish.jp
Performing the following challenges:
http-01 challenge for www.globefish.jp
http-01 challenge for www.globefish.jp
Waiting for verification…
Cleaning up challengesIMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.globefish.jp/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.globefish.jp/privkey.pem
Your certificate will expire on 2021-09-04. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run “certbot renew”
– If you like Certbot, please consider supporting our work by:Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
どうやらうまく行ったようだ。
次回更新時は 16の webrootを試してみよう。
こちらはファイルシステムを直接見に行って更新してくれるモードっぽく、コマンドラインからちゃちゃっと出来ちゃう模様。*1
~/letsencrypt/venv/bin/certbot certonly –webroot -w /var/www/sample/public -d xxxx.sample.com
2024/07/04追記
「~/letsencrypt/venv/bin/certbot certonly」で webrootを選ぶパターン
15: Saves the necessary validation files to a .well-known/acme-challenge/
directory within the nominated webroot path. A seperate HTTP server must be
running and serving files from the webroot path. HTTP challenge only (wildcards
not supported). (webroot)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-15] then [enter] (press ‘c’ to cancel): 15
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
An RSA certificate named nature.globefish.jp already exists. Do you want to
update its key type to ECDSA?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(U)pdate key type/(K)eep existing key type: k
Renewing an existing certificate for nature.globefish.jp
Input the webroot for nature.globefish.jp: (Enter ‘c’ to cancel): /XXXX/nature/
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/nature.globefish.jp/fullchain.pem
Key is saved at: /etc/letsencrypt/live/nature.globefish.jp/privkey.pem
This certificate expires on 2024-10-02.
These files will be updated when the certificate renews.
NEXT STEPS:
– The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that functionality. See https://certbot.org/renewal-setup for instructions.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
*1 今回使った standalonも同じように出来るのかも。