- 1. 概要
- 2. 状況
- 3. 強制的に更新
- 4. 参考サイト
1. 概要
証明書の更新スクリプトを週一回動作させているのですが、なぜか、更新されていないことがあります。
2. 状況
更新のスクリプトをもう一度、動作させるのですが・・・。
結果が。
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/example.net.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/example.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/example.edu.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
/usr/local/etc/letsencrypt/live/example.com/fullchain.pem expires on 2026-07-19 (skipped)
/usr/local/etc/letsencrypt/live/example.net/fullchain.pem expires on 2026-07-19 (skipped)
/usr/local/etc/letsencrypt/live/example.org/fullchain.pem expires on 2026-04-29 (skipped)
/usr/local/etc/letsencrypt/live/example.edu/fullchain.pem expires on 2026-07-19 (skipped)
No renewals were attempted.
No hooks were run.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
実行しているのが、2026年5月21日なのですが、1件 2026年4月29日で、期限切れになっているのに更新されません。
その原因は、別途突き止めなければならないのですが・・・(追而書)。
とりあえずの応急処置として、証明書を強制的に更新する方法をば・・・。
3. 強制的に更新
下記のコマンドで、強制的に更新します。
(オプションは、「apache」を使用しているもので・・・)
certbot renew --standalone --force-renewal \
--pre-hook "/usr/local/etc/rc.d/apache24 stop" \
--post-hook "/usr/local/etc/rc.d/apache24 start"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'pre-hook' ran with output:
Stopping apache24.
Waiting for PIDS: 59537.
Renewing an existing certificate for example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/example.net.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for example.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/example.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for example.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/example.edu.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Renewing an existing certificate for example.edu
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded:
/usr/local/etc/letsencrypt/live/example.com/fullchain.pem (success)
/usr/local/etc/letsencrypt/live/example.net/fullchain.pem (success)
/usr/local/etc/letsencrypt/live/example.org/fullchain.pem (success)
/usr/local/etc/letsencrypt/live/example.edu/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hook 'post-hook' ran with output:
Performing sanity check on apache24 configuration:
Starting apache24.
Hook 'post-hook' ran with error output:
Syntax OK
なんか、エラーっぽいメッセージが出てますが、それは置いといて・・・
更新されているか、確認します。
certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: example.com
Serial Number: 6b009b8fb5e54235939fe43f098e88c4a92
Key Type: ECDSA
Domains: example.com
Expiry Date: 2026-08-18 22:58:51+00:00 (VALID: 89 days)
Certificate Path: /usr/local/etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /usr/local/etc/letsencrypt/live/example.com/privkey.pem
Certificate Name: example.net
Serial Number: 5eef08f4db9d79eb16d46d1eb5c00828174
Key Type: ECDSA
Domains: example.net
Expiry Date: 2026-08-18 22:58:42+00:00 (VALID: 89 days)
Certificate Path: /usr/local/etc/letsencrypt/live/example.net/fullchain.pem
Private Key Path: /usr/local/etc/letsencrypt/live/example.net/privkey.pem
Certificate Name: example.org
Serial Number: 5e5ae8a04773c9fe3ca3f076bf82c8965fb
Key Type: RSA
Domains: example.org
Expiry Date: 2026-08-18 22:59:30+00:00 (VALID: 89 days)
Certificate Path: /usr/local/etc/letsencrypt/live/example.org/fullchain.pem
Private Key Path: /usr/local/etc/letsencrypt/live/example.org/privkey.pem
Certificate Name: example.edu
Serial Number: 6a686668c374e677db9be87dd1bdae2c186
Key Type: ECDSA
Domains: example.edu
Expiry Date: 2026-08-18 22:59:39+00:00 (VALID: 89 days)
Certificate Path: /usr/local/etc/letsencrypt/live/example.edu/fullchain.pem
Private Key Path: /usr/local/etc/letsencrypt/live/example.edu/privkey.pem
4. 参考サイト
本ページは、「Gemini」伍長を参考にさせていただきました。
|
|
