ErogameScapeではLet's EncryptのSSL証明書を更新する際に以下のコマンドを実行しています。
# letsencrypt-auto renew --force-renew
今まで問題なかったのですが、本日以下のようなエラーを吐いて更新出来ませんでした。
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/erogamescape.dyndns.org.conf
-------------------------------------------------------------------------------
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for erogamescape.dyndns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/erogamescape.dyndns.org.conf produced an unexpected error: Failed authorization procedure. erogamescape.dyndns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/erogamescape.dyndns.org/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: erogamescape.dyndns.org
Type: connection
Detail: Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
NOTEに該当する部分はまったく問題ないので、何をどうすれば直るかさっぱり分かりませんでした。
いつもはサブコマンドに「renew」を指定しているのですが「run」を指定してみたら、なぜか更新できました…
※renewとrunの違いは、途中で何かを聞かれるか否かの違い…だと思っています。
# letsencrypt-auto run --force-renew -d erogamescape.dyndns.org
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for erogamescape.dyndns.org
Waiting for verification...
Cleaning up challenges
Deploying Certificate for erogamescape.dyndns.org to VirtualHost /etc/httpd/conf.d/ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
-------------------------------------------------------------------------------
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
The new certificate covers the following domains:
https://erogamescape.dyndns.org
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=erogamescape.dyndns.org
-------------------------------------------------------------------------------
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/erogamescape.dyndns.org/fullchain.pem. Your
cert will expire on 2017-10-12. To obtain a new or tweaked version
of this certificate in the future, simply run letsencrypt-auto
again with the "certonly" option. To non-interactively renew *all*
of your certificates, run "letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
再度、オプションを「renew」にしたら、更新できました。
# letsencrypt-auto renew --force-renew
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/erogamescape.dyndns.org.conf
-------------------------------------------------------------------------------
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for erogamescape.dyndns.org
Waiting for verification...
Cleaning up challenges
-------------------------------------------------------------------------------
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/erogamescape.dyndns.org/fullchain.pem
-------------------------------------------------------------------------------
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/erogamescape.dyndns.org/fullchain.pem (success)
何がいけなかったのでしょうか…
# letsencrypt-auto renew --force-renew
今まで問題なかったのですが、本日以下のようなエラーを吐いて更新出来ませんでした。
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/erogamescape.dyndns.org.conf
-------------------------------------------------------------------------------
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for erogamescape.dyndns.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/erogamescape.dyndns.org.conf produced an unexpected error: Failed authorization procedure. erogamescape.dyndns.org (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Timeout. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/erogamescape.dyndns.org/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: erogamescape.dyndns.org
Type: connection
Detail: Timeout
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
NOTEに該当する部分はまったく問題ないので、何をどうすれば直るかさっぱり分かりませんでした。
いつもはサブコマンドに「renew」を指定しているのですが「run」を指定してみたら、なぜか更新できました…
※renewとrunの違いは、途中で何かを聞かれるか否かの違い…だと思っています。
# letsencrypt-auto run --force-renew -d erogamescape.dyndns.org
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for erogamescape.dyndns.org
Waiting for verification...
Cleaning up challenges
Deploying Certificate for erogamescape.dyndns.org to VirtualHost /etc/httpd/conf.d/ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
-------------------------------------------------------------------------------
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
The new certificate covers the following domains:
https://erogamescape.dyndns.org
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=erogamescape.dyndns.org
-------------------------------------------------------------------------------
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/erogamescape.dyndns.org/fullchain.pem. Your
cert will expire on 2017-10-12. To obtain a new or tweaked version
of this certificate in the future, simply run letsencrypt-auto
again with the "certonly" option. To non-interactively renew *all*
of your certificates, run "letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
再度、オプションを「renew」にしたら、更新できました。
# letsencrypt-auto renew --force-renew
/root/.local/share/letsencrypt/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/erogamescape.dyndns.org.conf
-------------------------------------------------------------------------------
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for erogamescape.dyndns.org
Waiting for verification...
Cleaning up challenges
-------------------------------------------------------------------------------
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/erogamescape.dyndns.org/fullchain.pem
-------------------------------------------------------------------------------
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/erogamescape.dyndns.org/fullchain.pem (success)
何がいけなかったのでしょうか…