Let's Encryptのcertbot-autoをいつものようにやったら失敗したので対応してみた
いつもどおり更新しようとして、root権限にチェンジした上で、次のコマンドを打ったら、
certbot-auto renew --post-hook "service nginx restart"
次のメッセージが出てきて失敗した。
Upgrading certbot-auto 0.24.0 to 0.25.0... Replacing certbot-auto... Creating virtual environment... Installing Python packages... Installation succeeded. Traceback (most recent call last): File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, infrom certbot.main import main File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 10, in import josepy as jose File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 41, in from josepy.interfaces import JSONDeSerializable File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 8, in from josepy import errors, util File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 4, in import OpenSSL File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in from OpenSSL import rand, crypto, SSL File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/rand.py", line 12, in from OpenSSL._util import ( File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 6, in from cryptography.hazmat.bindings.openssl.binding import Binding ImportError: No module named cryptography.hazmat.bindings.openssl.binding
もっかい同じコマンドを打って具合をみたところ、今度は次のようなメッセージが出た。
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt: Traceback (most recent call last): File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, infrom certbot.main import main File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 10, in import josepy as jose File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 41, in from josepy.interfaces import JSONDeSerializable File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 8, in from josepy import errors, util File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 4, in import OpenSSL File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in from OpenSSL import rand, crypto, SSL File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/rand.py", line 12, in from OpenSSL._util import ( File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 6, in from cryptography.hazmat.bindings.openssl.binding import Binding ImportError: No module named cryptography.hazmat.bindings.openssl.binding
どうも新しいLet's Encryptのプログラムを取得できてない?
エラーメッセージでググって解決方法が無いか見たところ、次のソースを発見。
Linux - Let's encryptの証明書更新ができなくなってしまった(65454)|teratail
https://teratail.com/questions/65454
処理を行う前に rm /root/.local/share/letsencrypt/bin/letsencrypt した後 certbotを-auto してみてはいかがでしょうか?
という事で、次を実行した後で、renewを実行。
rm /root/.local/share/letsencrypt/bin/letsencrypt certbot-auto renew --post-hook "service nginx restart"
しかし、次のようなメッセージが出て更新できない。
FATAL: Amazon Linux support is very experimental at present... if you would like to work on improving it, please ensure you have backups and then run this script again with the --debug flag! Alternatively, you can install OS dependencies yourself and run this script again with --no-bootstrap.
よくよく見てみると、バックアップ採ってから--debugオプションつけて実行してね、と丁寧に忠告を表示してくれてた。親切だ。
ただ、この時眠くてイライラしていたので、違うTIPS(次)を参考に、
Amazon Linux 上の Let’s Encrypt で証明書更新エラーが出た時の対処方法 | ゲンジニア日記 – presented by yskw.info
https://blog.yskw.info/articles/326/
今度は次のように実行。内容として、見ての通り係る環境変数を削除した後、certbot-auto の環境構築をやり直す模様。
unset PYTHON_INSTALL_LAYOUT certbot-auto -v --debug
すると、ガーっと次のようなログが流れた後、
Bootstrapping dependencies for Amazon... (you can skip this with --no-bootstrap) yum is /usr/bin/yum yum is hashed (/usr/bin/yum) Loaded plugins: priorities, update-motd, upgrade-helper amzn-main | 2.1 kB 00:00:00 amzn-updates | 2.5 kB 00:00:00 Package gcc-4.8.5-1.22.amzn1.noarch already installed and latest version Package augeas-libs-1.0.0-5.7.amzn1.x86_64 already installed and latest version Package 1:openssl-1.0.2k-12.109.amzn1.x86_64 already installed and latest version Package 1:openssl-devel-1.0.2k-12.109.amzn1.x86_64 already installed and latest version Package libffi-devel-3.0.13-16.5.amzn1.x86_64 already installed and latest version Package system-rpm-config-9.0.3-42.28.amzn1.noarch already installed and latest version Package ca-certificates-2017.2.14-65.0.1.17.amzn1.noarch already installed and latest version Package python27-devel-2.7.14-1.123.amzn1.x86_64 already installed and latest version Package python27-virtualenv-15.1.0-1.14.amzn1.noarch already installed and latest version Package python27-tools-2.7.14-1.123.amzn1.x86_64 already installed and latest version Package python27-pip-9.0.3-1.26.amzn1.noarch already installed and latest version Nothing to do Creating virtual environment... Already using interpreter /usr/bin/python2.7 New python executable in /opt/eff.org/certbot/venv/bin/python2.7 Also creating executable in /opt/eff.org/certbot/venv/bin/python Installing setuptools, pip, wheel...done. Installing Python packages... Collecting argparse==1.4.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 11)) Downloading https://files.pythonhosted.org/packages/f2/94/3af39d34be01a24a6e65433d19e107099374224905f1e0cc6bbe1fd22a2f/argparse-1.4.0-py2.py3-none-any.whl Collecting pycparser==2.14 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 17)) Downloading https://files.pythonhosted.org/packages/6d/31/666614af3db0acf377876d48688c5d334b6e493b96d21aa7d332169bee50/pycparser-2.14.tar.gz (223kB) 100% |████████████████████████████████| 225kB 6.3MB/s Collecting asn1crypto==0.22.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 21)) Downloading https://files.pythonhosted.org/packages/97/ba/7e8117d8efcee589f4d96dd2b2eb1d997f96d27d214cf2b7134ad8acf6ab/asn1crypto-0.22.0-py2.py3-none-any.whl (97kB) 100% |████████████████████████████████| 102kB 6.2MB/s Collecting cffi==1.10.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 24)) Downloading https://files.pythonhosted.org/packages/50/85/d74d06ac09fc2deb3d9bd6d6aca4ca13d82b8118c04494cd0e84fcd81624/cffi-1.10.0-cp27-cp27mu-manylinux1_x86_64.whl (392kB) 100% |████████████████████████████████| 399kB 10.1MB/s Collecting ConfigArgParse==0.12.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 61)) Downloading https://files.pythonhosted.org/packages/17/8d/4a41f11b0971017c7001f118be8003da8f7b96b010c66cd792b76658d1e1/ConfigArgParse-0.12.0.tar.gz (41kB) 100% |████████████████████████████████| 51kB 28.3MB/s Collecting configobj==5.0.6 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 64)) Downloading https://files.pythonhosted.org/packages/64/61/079eb60459c44929e684fa7d9e2fdca403f67d64dd9dbac27296be2e0fab/configobj-5.0.6.tar.gz Collecting cryptography==2.0.2 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 67)) Downloading https://files.pythonhosted.org/packages/b2/c3/713d3a0c964acd704ee2b8521f51706aa8053fc5addbcd43cb03d74819e7/cryptography-2.0.2-cp27-cp27mu-manylinux1_x86_64.whl (2.2MB) 100% |████████████████████████████████| 2.2MB 17.0MB/s Collecting enum34==1.1.2 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 98)) Downloading https://files.pythonhosted.org/packages/6f/e9/08fd439384b7e3d613e75a6c8236b8e64d90c47d23413493b38d4229a9a5/enum34-1.1.2.tar.gz (46kB) 100% |████████████████████████████████| 51kB 35.3MB/s Collecting funcsigs==1.0.2 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 101)) Downloading https://files.pythonhosted.org/packages/69/cb/f5be453359271714c01b9bd06126eaf2e368f1fddfff30818754b5ac2328/funcsigs-1.0.2-py2.py3-none-any.whl Collecting idna==2.5 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 104)) Downloading https://files.pythonhosted.org/packages/11/7d/9bbbd7bb35f34b0169542487d2a8859e44306bb2e6a4455d491800a5621f/idna-2.5-py2.py3-none-any.whl (55kB) 100% |████████████████████████████████| 61kB 38.7MB/s Collecting ipaddress==1.0.16 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 107)) Downloading https://files.pythonhosted.org/packages/23/6a/813ac29a01e4c33c19c2bded98ac3d4266ebbf0bd2c0eb0020e1c969958d/ipaddress-1.0.16-py27-none-any.whl Collecting josepy==1.0.1 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 110)) Downloading https://files.pythonhosted.org/packages/8f/0e/8db99b520370eb417e60a0c1c9edbaf4e57aa6a17529b8b9cdbed8b858b2/josepy-1.0.1-py2.py3-none-any.whl (53kB) 100% |████████████████████████████████| 61kB 38.8MB/s Collecting linecache2==1.0.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 113)) Downloading https://files.pythonhosted.org/packages/c7/a3/c5da2a44c85bfbb6eebcfc1dde24933f8704441b98fdde6528f4831757a6/linecache2-1.0.0-py2.py3-none-any.whl Collecting mock==1.3.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 117)) Downloading https://files.pythonhosted.org/packages/b2/50/664a70b87408bb6c14c1af2337efa64eb8d1af80c933531758b8fb41ec25/mock-1.3.0-py2.py3-none-any.whl (56kB) 100% |████████████████████████████████| 61kB 38.1MB/s Collecting ordereddict==1.1 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 120)) Downloading https://files.pythonhosted.org/packages/53/25/ef88e8e45db141faa9598fbf7ad0062df8f50f881a36ed6a0073e1572126/ordereddict-1.1.tar.gz Collecting packaging==16.8 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 123)) Downloading https://files.pythonhosted.org/packages/87/1b/c39b7c65b5612812b83d6cab7ef2885eac9f6beb0b7b8a7071a186aea3b1/packaging-16.8-py2.py3-none-any.whl Collecting parsedatetime==2.1 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 126)) Downloading https://files.pythonhosted.org/packages/85/1f/13fc06097e516f6259d62cea502b116451321c96e18a9d0fff9da3442e02/parsedatetime-2.1-py2-none-any.whl Collecting pbr==1.8.1 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 129)) Downloading https://files.pythonhosted.org/packages/fc/37/94af8387babb09796d306b18cf94ee5c70388c875a16d8a88e471500452c/pbr-1.8.1-py2.py3-none-any.whl (89kB) 100% |████████████████████████████████| 92kB 28.4MB/s Collecting pyOpenSSL==16.2.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 132)) Downloading https://files.pythonhosted.org/packages/ac/93/b4cd538d31adacd07f83013860db6b88d78755af1f3fefe68ec22d397e7b/pyOpenSSL-16.2.0-py2.py3-none-any.whl (43kB) 100% |████████████████████████████████| 51kB 43.9MB/s Collecting pyparsing==2.1.8 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 135)) Downloading https://files.pythonhosted.org/packages/85/b9/188515f35f78533b3f82966a2c3f1a71a86df8b801367ee75a77191a861d/pyparsing-2.1.8-py2.py3-none-any.whl (54kB) 100% |████████████████████████████████| 61kB 35.8MB/s Collecting pyRFC3339==1.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 144)) Downloading https://files.pythonhosted.org/packages/9b/0a/decfa17e7707afca17d6e9595ff5c79c1c71c74063ad95576f897ed3a9f1/pyRFC3339-1.0-py2.py3-none-any.whl Collecting python-augeas==0.5.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 147)) Downloading https://files.pythonhosted.org/packages/41/e6/4b6740cb3e31b82252099994cea751c648b846aa7874343c31d68c2215be/python-augeas-0.5.0.tar.gz (90kB) 100% |████████████████████████████████| 92kB 27.3MB/s Collecting pytz==2015.7 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 150)) Downloading https://files.pythonhosted.org/packages/c0/28/973f0382c803b21734cd7e97e0590928148ee21b1cbe8f7fed8b506204fb/pytz-2015.7-py2.py3-none-any.whl (476kB) 100% |████████████████████████████████| 481kB 24.0MB/s Collecting requests==2.12.1 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 164)) Downloading https://files.pythonhosted.org/packages/9b/31/e9925a2b9a06f97c3450bac6107928d3533bfe64ca5615442504104321e8/requests-2.12.1-py2.py3-none-any.whl (574kB) 100% |████████████████████████████████| 583kB 28.2MB/s Collecting six==1.10.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 167)) Downloading https://files.pythonhosted.org/packages/c8/0a/b6723e1bc4c516cb687841499455a8505b44607ab535be01091c0f24f079/six-1.10.0-py2.py3-none-any.whl Collecting traceback2==1.4.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 170)) Downloading https://files.pythonhosted.org/packages/17/0a/6ac05a3723017a967193456a2efa0aa9ac4b51456891af1e2353bb9de21e/traceback2-1.4.0-py2.py3-none-any.whl Collecting unittest2==1.1.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 173)) Downloading https://files.pythonhosted.org/packages/72/20/7f0f433060a962200b7272b8c12ba90ef5b903e218174301d0abfd523813/unittest2-1.1.0-py2.py3-none-any.whl (96kB) 100% |████████████████████████████████| 102kB 34.0MB/s Collecting zope.component==4.2.2 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 176)) Downloading https://files.pythonhosted.org/packages/4c/c4/3f77127c876f49af478e8ea4dc223cda17730bb273c0d1606a4114c64008/zope.component-4.2.2.tar.gz (546kB) 100% |████████████████████████████████| 552kB 30.4MB/s Collecting zope.event==4.1.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 179)) Downloading https://files.pythonhosted.org/packages/0e/87/75e3d62a3506953c2e56d15a150de31e5d92310e87db2c8b102dc01b0b8e/zope.event-4.1.0.tar.gz (476kB) 100% |████████████████████████████████| 481kB 30.7MB/s Collecting zope.interface==4.1.3 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 182)) Downloading https://files.pythonhosted.org/packages/9d/81/2509ca3c6f59080123c1a8a97125eb48414022618cec0e64eb1313727bfe/zope.interface-4.1.3.tar.gz (141kB) 100% |████████████████████████████████| 143kB 46.8MB/s Collecting requests-toolbelt==0.8.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 200)) Downloading https://files.pythonhosted.org/packages/97/8a/d710f792d6f6ecc089c5e55b66e66c3f2f35516a1ede5a8f54c13350ffb0/requests_toolbelt-0.8.0-py2.py3-none-any.whl (54kB) 100% |████████████████████████████████| 61kB 37.7MB/s Collecting letsencrypt==0.7.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 211)) Downloading https://files.pythonhosted.org/packages/fd/21/0c6f33829fadec8aca0c1ebb4d6f8101c05899356a58d1b2e506cb77cf18/letsencrypt-0.7.0-py2-none-any.whl Collecting certbot==0.25.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 215)) Downloading https://files.pythonhosted.org/packages/34/40/83f08b39e8a5097b509540b1ea3e4db7440da22911d00aa0ec9695f91bf9/certbot-0.25.0-py2.py3-none-any.whl (293kB) 100% |████████████████████████████████| 296kB 22.6MB/s Collecting acme==0.25.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 218)) Downloading https://files.pythonhosted.org/packages/23/fd/0e259e31ba3f1bbdab06ae63e1700495f8f01bbb30cd9e72cf2d6aaebe05/acme-0.25.0-py2.py3-none-any.whl (80kB) 100% |████████████████████████████████| 81kB 39.5MB/s Collecting certbot-apache==0.25.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 221)) Downloading https://files.pythonhosted.org/packages/12/ce/06c3192e13c07b43c5a67cbd4cd915252ac444a798bc717044c34774ec25/certbot_apache-0.25.0-py2.py3-none-any.whl (218kB) 100% |████████████████████████████████| 225kB 37.1MB/s Collecting certbot-nginx==0.25.0 (from -r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 224)) Downloading https://files.pythonhosted.org/packages/d9/ed/0d7384d714c819b5fdc76551abd8ec927d061b19bd8491643e2659c17b94/certbot_nginx-0.25.0-py2.py3-none-any.whl (77kB) 100% |████████████████████████████████| 81kB 38.9MB/s Requirement already satisfied: setuptools>=1.0 in /opt/eff.org/certbot/venv/lib/python2.7/site-packages (from josepy==1.0.1->-r /tmp/tmp.BuHjBSABdx/letsencrypt-auto-requirements.txt (line 110)) (39.2.0) Installing collected packages: argparse, pycparser, asn1crypto, cffi, ConfigArgParse, six, configobj, enum34, ipaddress, idna, cryptography, funcsigs, pyOpenSSL, josepy, linecache2, pbr, mock, ordereddict, pyparsing, packaging, parsedatetime, pytz, pyRFC3339, python-augeas, requests, traceback2, unittest2, zope.interface, zope.event, zope.component, requests-toolbelt, acme, certbot, letsencrypt, certbot-apache, certbot-nginx Running setup.py install for pycparser ... done Running setup.py install for ConfigArgParse ... done Running setup.py install for configobj ... done Running setup.py install for enum34 ... done Running setup.py install for ordereddict ... done Running setup.py install for python-augeas ... done Running setup.py install for zope.interface ... done Running setup.py install for zope.event ... done Running setup.py install for zope.component ... done Successfully installed ConfigArgParse-0.12.0 acme-0.25.0 argparse-1.4.0 asn1crypto-0.22.0 certbot-0.25.0 certbot-apache-0.25.0 certbot-nginx-0.25.0 cffi-1.10.0 configobj-5.0.6 cryptography-2.0.2 enum34-1.1.2 funcsigs-1.0.2 idna-2.5 ipaddress-1.0.16 josepy-1.0.1 letsencrypt-0.7.0 linecache2-1.0.0 mock-1.3.0 ordereddict-1.1 packaging-16.8 parsedatetime-2.1 pbr-1.8.1 pyOpenSSL-16.2.0 pyRFC3339-1.0 pycparser-2.14 pyparsing-2.1.8 python-augeas-0.5.0 pytz-2015.7 requests-2.12.1 requests-toolbelt-0.8.0 six-1.10.0 traceback2-1.4.0 unittest2-1.1.0 zope.component-4.2.2 zope.event-4.1.0 zope.interface-4.1.3 Installation succeeded. Root logging level set at 10 Saving debug log to /var/log/letsencrypt/letsencrypt.log Requested authenticator None and installer None Failed to find executable apachectl in PATH: /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/aws/bin:/root/bin No installation (PluginEntryPoint#apache): Cannot find Apache control command apachectl Traceback (most recent call last): File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/plugins/disco.py", line 127, in prepare self._initialized.prepare() File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot_apache/configurator.py", line 205, in prepare 'Cannot find Apache control command {0}'.format(restart_cmd)) NoInstallationError: Cannot find Apache control command apachectl Single candidate plugin: * nginx Description: Nginx Web Server plugin - Alpha Interfaces: IAuthenticator, IInstaller, IPlugin Entry point: nginx = certbot_nginx.configurator:NginxConfigurator Initialized:Prep: True Selected authenticator and installer Plugins selected: Authenticator nginx, Installer nginx Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, contact=(u'mailto:master@km92.net',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', key=JWKRSA(key=<ComparableRSAKey( )>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/10343834', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), 7965e3fc93fa6a8e350f71f1af807788, Meta(creation_host=u'ip-10-0-0-111.ap-northeast-1.compute.internal', creation_dt=datetime.datetime(2017, 3, 4, 16, 17, 23, tzinfo= )))> Sending GET request to https://acme-v01.api.letsencrypt.org/directory. Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658 Received response: HTTP 200 Server: nginx Content-Type: application/json Content-Length: 658 Replay-Nonce: <ひみつ> X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sat, 09 Jun 2018 16:36:22 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sat, 09 Jun 2018 16:36:22 GMT Connection: keep-alive { "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change", "meta": { "caaIdentities": [ "letsencrypt.org" ], "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "website": "https://letsencrypt.org" }, "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz", "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert", "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg", "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert", "<ひみつ>": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417" } Not suggesting name "localhost" Traceback (most recent call last): File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/util.py", line 310, in get_filtered_names filtered_names.add(enforce_le_validity(name)) File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/util.py", line 531, in enforce_le_validity "{0} needs at least two labels".format(domain))
次のように証明書の対象ドメイン名?を入力するよう表示された。
ConfigurationError: localhost needs at least two labels No names were found in your configuration files. Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel):
入力する。ちなみに、Let's Encryptはつい最近ワイルドカードに対応したので、ワイルドカードを使った設定にする。
name(s) (comma and/or space separated) (Enter 'c' to cancel): km92.net *.km92.net
入力->Enterで、次のメッセージが表示された。
Obtaining a new certificate Generating key (2048 bits): /etc/letsencrypt/keys/0006_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/0006_csr-certbot.pem Requesting fresh nonce Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0 Received response: HTTP 405 Server: nginx Content-Type: application/problem+json Content-Length: 91 Allow: POST Replay-Nonce: <ひみつ> Expires: Sat, 09 Jun 2018 16:40:47 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sat, 09 Jun 2018 16:40:47 GMT Connection: keep-alive Storing nonce: <ひみつ> JWS payload: { "identifier": { "type": "dns", "value": "km92.net" }, "resource": "new-authz" } Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz: { "protected": "<ひみつ>", "payload": "<ひみつ>", "signature": "<ひみつ>" } https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 713 Received response: HTTP 201 Server: nginx Content-Type: application/json Content-Length: 713 Boulder-Requester: 10343834 Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next" Location: <ひみつ> Replay-Nonce:<ひみつ> X-Frame-Options: DENY Strict-Transport-Security: max-age=604800 Expires: Sat, 09 Jun 2018 16:40:47 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Sat, 09 Jun 2018 16:40:47 GMT Connection: keep-alive { "identifier": { "type": "dns", "value": "km92.net" }, "status": "pending", "expires": "2018-06-16T16:40:47Z", "challenges": [ { "type": "http-01", "status": "pending", "uri": "<ひみつ>", "token": "<ひみつ>" }, { "type": "dns-01", "status": "pending", "uri": "<ひみつ>", "token": "<ひみつ>" } ], "combinations": [ [ 1 ], [ 0 ] ] } Storing nonce: <ひみつ> Exiting abnormally: Traceback (most recent call last): File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, insys.exit(main()) File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 1323, in main return config.func(config, plugins) File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 1086, in run certname, lineage) File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/main.py", line 120, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 383, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 326, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/opt/eff.org/certbot/venv/local/lib/python2.7/site-packages/certbot/client.py", line 360, in _get_order_and_authorizations raise errors.Error("The currently selected ACME CA endpoint does" Error: The currently selected ACME CA endpoint does not support issuing wildcard certificates. Please see the logfiles in /var/log/letsencrypt for more details.
末尾になんかエラー出てる。翻訳すると、「エラー:現在選択されているACME CAエンドポイントは、ワイルドカード証明書の発行をサポートしていません。」だって。ケッ。よくよく見て見ると、証明書の作成で使ってるAPIが古いからみたいだ(ACME v1 API).
それでもって、再度証明書の更新コマンドを実行。
certbot-auto renew --post-hook "service nginx restart"
実行結果。
Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/www.km92.net.conf ------------------------------------------------------------------------------- Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for www.km92.net Waiting for verification... Cleaning up challenges ------------------------------------------------------------------------------- new certificate deployed without reload, fullchain is /etc/letsencrypt/live/www.km92.net/fullchain.pem ------------------------------------------------------------------------------- Plugins selected: Authenticator webroot, Installer None ------------------------------------------------------------------------------- Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/www.km92.net/fullchain.pem (success) ------------------------------------------------------------------------------- Running post-hook command: service nginx restart Output from service: Stopping nginx: [ OK ] Starting nginx: [ OK ]
意図した結果になってる模様。実際、対象のサイトに適用されてる証明書をWebブラウザから確認したが、適用されてる事確認できた。
やったことをおさらいすると、次のような感じ。
- 新しいバージョンのcertbot-autoのインストール前に、邪魔な古いファイルを削除。
- 新しいバージョンのcertbot-autoのインストール。
- 新しい証明書の作成
- 証明書の更新
ん?後半2つはどっちか要らない気がするが、、まあ更新できたからいいや、ねむい、おやすみスヤァ( ˘ω˘)
参考
ワイルドカード証明書と ACME v2 へ対応 - Let's Encrypt 総合ポータル
https://letsencrypt.jp/blog/2018-03-14.html
関連するタグ
関連するタグは現在ありません。