この記事は3年以上前に書かれた記事で内容が古い可能性があります
Let’s Encryptの証明書を更新する(Bitnami on AWS)
2018-04-14
※20200927更新
こちらの新しい記事も参照ください
WordPressのSSL化
Let’s Encryptの証明書を更新する(EC2)に続いて、Bitnamiの方も更新してみる(dry-run)
期限の確認方法はこちら
Let’s Encryptの期限をもっと簡単に確認する
# ./certbot-auto renew --force-renew --dry-run Upgrading certbot-auto 0.22.0 to 0.23.0... Replacing certbot-auto... Creating virtual environment... Installing Python packages... Installation succeeded. Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/www.yoshiislandblog.net.conf ------------------------------------------------------------------------------- Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for www.yoshiislandblog.net Cleaning up challenges Attempting to renew cert (www.yoshiislandblog.net) from /etc/letsencrypt/renewal/www.yoshiislandblog.net.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/www.yoshiislandblog.net/fullchain.pem (failure) ------------------------------------------------------------------------------- ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates below have not been saved.) All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/www.yoshiislandblog.net/fullchain.pem (failure) ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates above have not been saved.) ------------------------------------------------------------------------------- 1 renew failure(s), 0 parse failure(s) IMPORTANT NOTES: - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
port 80について”Could not bind to IPv4 or IPv6″と言われるので、「80 ::/0」を通信ルールに追加。
# ./certbot-auto renew --force-renew --dry-run Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/www.yoshiislandblog.net.conf ------------------------------------------------------------------------------- Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for www.yoshiislandblog.net Cleaning up challenges Attempting to renew cert (www.yoshiislandblog.net) from /etc/letsencrypt/renewal/www.yoshiislandblog.net.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/www.yoshiislandblog.net/fullchain.pem (failure) ------------------------------------------------------------------------------- ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates below have not been saved.) All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/www.yoshiislandblog.net/fullchain.pem (failure) ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates above have not been saved.) ------------------------------------------------------------------------------- 1 renew failure(s), 0 parse failure(s)
まだ治らない。
どうもapacheが起動しているとうまくいかないらしいので、ストップしてからトライ。
# sudo /opt/bitnami/ctlscript.sh stop apache Unmonitored apache Syntax OK /opt/bitnami/apache2/scripts/ctl.sh : httpd stopped
# ./certbot-auto renew --force-renew Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/www.yoshiislandblog.net.conf ------------------------------------------------------------------------------- Plugins selected: Authenticator standalone, Installer None Renewing an existing certificate Performing the following challenges: http-01 challenge for www.yoshiislandblog.net Waiting for verification... Cleaning up challenges ------------------------------------------------------------------------------- new certificate deployed without reload, fullchain is /etc/letsencrypt/live/www.yoshiislandblog.net/fullchain.pem ------------------------------------------------------------------------------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/www.yoshiislandblog.net/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
今度は成功した。
忘れずに起動しておく。
# sudo /opt/bitnami/ctlscript.sh start apache Syntax OK /opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80 Monitored apache
参考:
Nginxコンテナに、Let’s EncryptでSSL証明書を自動更新で当てたい場合
Letsencryptを更新しようとしたら例の「Problem binding to port 80」が出現する
