無料SSL証明書のLet’s encryptの有効期間は90日
少し前にWordPressをSSL対応しました。
メモしておきます。
有効期間が20日を切るとメールが届く
Hello,
Your certificate (or certificates) for the names listed below will expire in 20 days (on 01 Oct 18 03:55 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.
We recommend renewing certificates automatically when they have a third of their
total lifetime left. For Let’s Encrypt’s current 90-day certificates, that means
renewing 30 days before expiration. See
for details.Integration Guide - Let's EncryptThis document contains helpful advice if you are a hosting provider or large website integrating Let’s Encrypt, or you are writing client software for Let...
Let’s encryptのSSL証明書を更新する
Let’s encryptのSSL証明書の更新手順
- Webサーバー(Nginx)を停止する
- certbotの更新コマンドを実行する
- Webサーバー(Nginx)を起動する
root@osakana:/etc/letsencrypt# /etc/init.d/nginx stop
[ ok ] Stopping nginx (via systemctl): nginx.service.
root@osakana:/etc/letsencrypt# certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Processing /etc/letsencrypt/renewal/tadaima.asia.conf
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer None
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for tadaima.asia
nginx: [warn] conflicting server name “_” on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name “_” on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name “_” on 0.0.0.0:80, ignored
nginx: [error] invalid PID number “” in “/run/nginx.pid”
Waiting for verification…
Cleaning up challenges
nginx: [warn] conflicting server name “_” on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name “_” on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name “_” on 0.0.0.0:80, ignored– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/tadaima.asia/fullchain.pem
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/tadaima.asia/fullchain.pem (success)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
ファイルのタイムスタンプでも確認しておきます。
SSL証明書の更新作業でハマったこと
WebサーバーNginx起動時にエラー
root@osakana:/etc/letsencrypt# /etc/init.d/nginx restart
[….] Restarting nginx (via systemctl): nginx.serviceJob for nginx.service failed because the control process exited with error code.
See “systemctl status nginx.service” and “journalctl -xe” for details.
failed!
メッセージに従って、systemctlコマンドを叩く
root@osakana:/etc/letsencrypt# systemctl status nginx.service
● nginx.service – A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2018-09-11 13:44:22 JST; 12s ago
Docs: man:nginx(8)
Process: 14718 ExecStop=/sbin/start-stop-daemon –quiet –stop –retry QUIT/5 –pidfile /run/nginx.pid (code=exited, status=0
Process: 26430 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCESS)
Process: 24656 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Process: 24645 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 8645 (code=exited, status=0/SUCCESS)Sep 11 13:44:21 osakana nginx[24656]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Sep 11 13:44:21 osakana nginx[24656]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Sep 11 13:44:21 osakana nginx[24656]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Sep 11 13:44:22 osakana nginx[24656]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
Sep 11 13:44:22 osakana nginx[24656]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Sep 11 13:44:22 osakana nginx[24656]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
Sep 11 13:44:22 osakana nginx[24656]: nginx: [emerg] still could not bind()
Sep 11 13:44:22 osakana systemd[ 1 ]: nginx.service: Control process exited, code=exited status=1
Sep 11 13:44:22 osakana systemd[ 1 ]: nginx.service: Failed with result ‘exit-code’.
Sep 11 13:44:22 osakana systemd[ 1 ]: Failed to start A high performance web server and a reverse proxy server.
…skipping…
エラーの原因、WebサーバーNginxプロセスが停止しない?!
root@osakana:/etc/letsencrypt# /etc/init.d/nginx stop
[ ok ] Stopping nginx (via systemctl): nginx.service.
root@osakana:/etc/letsencrypt# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14944/nginx: master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 14944/nginx: master
tcp6 0 0 :::80 :::* LISTEN 14944/nginx: master
tcp6 0 0 :::xx80 :::* LISTEN 915/apache2
いろいろ・・・
Nginxプロセルをkillした後、起動したら解決しました
root@osakana:/etc/letsencrypt# kill 14944
root@osakana:/etc/letsencrypt# /etc/init.d/nginx start
[ ok ] Starting nginx (via systemctl): nginx.service.
ブラウザからSSL証明書の有効期限を確認
ブラウザのURL横あたりにある鍵マークからSSL証明書の情報を確認できる
WordPressを動かしているレンタルサーバー
さくらのVPS
ほったらかしにしちゃうのですぐに忘れてしまう・・・。