Letsencrypt/DV証明書/renewal/2018-10-12について、ここに記述してください。
%cat certbotlog ~
# certbot certonly --standalone -d moin.qmail.jp
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
An unexpected error occurred:
ConnectionError: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x29bef42c>: Failed to establish a new connection: [Errno 65] No route to host',))
Please see the logfiles in /var/log/letsencrypt for more details.
root@f:/service # certbot certonly --standalone -d moin.qmail.jp
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for moin.qmail.jp
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /usr/local/etc/letsencrypt/keys/0007_key-certbot.pem
Creating CSR: /usr/local/etc/letsencrypt/csr/0007_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/usr/local/etc/letsencrypt/live/moin.qmail.jp/fullchain.pem. Your
cert will expire on 2018-02-20. To obtain a new or tweaked version
of this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot
renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
root@f:/service #
1. renew も試した
# certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /usr/local/etc/letsencrypt/renewal/moin.qmail.jp.conf ------------------------------------------------------------------------------- Cert is due for renewal, auto-renewing... Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Renewing an existing certificate Performing the following challenges: tls-sni-01 challenge for moin.qmail.jp Waiting for verification... Cleaning up challenges Generating key (2048 bits): /usr/local/etc/letsencrypt/keys/0008_key-certbot.pem Creating CSR: /usr/local/etc/letsencrypt/csr/0008_csr-certbot.pem ------------------------------------------------------------------------------- new certificate deployed without reload, fullchain is /usr/local/etc/letsencrypt/live/moin.qmail.jp/fullchain.pem ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Processing /usr/local/etc/letsencrypt/renewal/moin.qmail.jp-0001.conf ------------------------------------------------------------------------------- expected /usr/local/etc/letsencrypt/live/moin.qmail.jp-0001/cert.pem to be a symlink Renewal configuration file /usr/local/etc/letsencrypt/renewal/moin.qmail.jp-0001.conf is broken. Skipping. Congratulations, all renewals succeeded. The following certs have been renewed: /usr/local/etc/letsencrypt/live/moin.qmail.jp/fullchain.pem (success) Additionally, the following renewal configuration files were invalid: /usr/local/etc/letsencrypt/renewal/moin.qmail.jp-0001.conf (parsefail) 0 renew failure(s), 1 parse failure(s)
2. 出来たものをpound下へ
-- ToshinoriMaeno 2018-10-11 23:32:46 /service/pound/