let`s encryptからメールが届いて、証明書の有効期限が近付いているとのこと
cronで自動更新の設定をしているのでなぜだろうとログを確認
更新が成功する証明書もあるものの、何故か一つだけ更新が失敗している様子
The following certs were successfully renewed:
/etc/letsencrypt/live/*******/fullchain.pem (success)
/etc/letsencrypt/live/*******/fullchain.pem (success)
/etc/letsencrypt/live/*******/fullchain.pem (success)
/etc/letsencrypt/live/*******/fullchain.pem (success)
The following certs could not be renewed:
/etc/letsencrypt/live/*******/fullchain.pem (failure)
手動で更新を試みるも失敗する
[root@f1-micro-us-central ~]# /usr/local/certbot/certbot-auto certonly --manual -d [ドメイン]
our system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate for [ドメイン名]
Performing the following challenges:
http-01 challenge for [ドメイン名]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:
alayKONps9DubcYrnivTAp84bG8NUz4XXhLmpNhg4fE.O5P34-wyybkmxc1-Bj2ii0G8ff_4T5pULJkxmIUMmy8
And make it available on your web server at this URL:
http://[ドメイン名]/.well-known/acme-challenge/alayKONps9DubcYrnivTAp84bG8NUz4XXhLmpNhg4fE
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Challenge failed for domain [ドメイン名]
http-01 challenge for [ドメイン名]
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: [ドメイン名]
Type: unauthorized
Detail: Invalid response from
https://[ドメイン名]/.well-known/acme-challenge/alayKONps9DubcYrnivTAp84bG8NUz4XXhLmpNhg4fE
[IPアドレス]: "<!DOCTYPE html><html><head><meta name=\"viewport\"
content=\"width=device-width\"/><meta
charSet=\"utf-8\"/><title>404: This page coul"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
以下のメッセージに添って静的コンテンツを配置してみた
Create a file containing just this data:
alayKONps9DubcYrnivTAp84bG8NUz4XXhLmpNhg4fE.O5P34-wyybkmxc1-Bj2ii0G8ff_4T5pULJkxmIUMmy8
And make it available on your web server at this URL:
http://[ドメイン名]/.well-known/acme-challenge/alayKONps9DubcYrnivTAp84bG8NUz4XXhLmpNhg4fE
再度手動更新したところ無事更新された
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/[ドメイン名]/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/[ドメイン名]/privkey.pem
Your cert will expire on 2022-04-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
今回だけだったのか原因は不明、
3か月後にまた同じように自動更新されなければ再度調査が必要