はじめに
- Let's encryptの有効期限が切れたメールが届いてので、証明書の更新を行う
Let's Encrypt certificate expiration notice for domain "<あなたのドメイン>"
証明書に必要なpackageをインストール
# apk update
# apk add certbot
# apk add openssl
設定を変更する
- nginxの設定ファイルを80ポートのみの設定に変更し、80ポートにアクセスしたときにページが閲覧できる状態にする
- /etc/letsencrypt/live/対象のドメインのフォルダ名をリネームしてバックアップする
mv /etc/letsencrypt/live/対象のドメインのフォルダ名 /etc/letsencrypt/live/対象のドメインのフォルダ名_backup
証明書の更新
- 下記のコマンドでも出来るようがドメインを指定する場合は
renew
ではなく、certonly
を指定する必要がある
# certbot renew --post-hook "nginx -s reload" --webroot -w /srv/wwww/src/public -d <対象のドメイン>
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future.
# certbot certonly --post-hook "nginx -s reload" --webroot -w /srv/wwww/src/public -d 対象のドメイン
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): <初回時に登録したメールアドレスを入力する>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-staging-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for あなたのドメイン
Using the webroot path /srv/wwww/src/public for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Running post-hook command: nginx -s reload
IMPORTANT NOTES:
- The dry run was successful.
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
確認
- nginxのdefault.confの設定をもとに戻す
- nginxを再起動する
- ブラウザでアクセスする