{"id":2960,"date":"2022-08-18T13:26:10","date_gmt":"2022-08-18T04:26:10","guid":{"rendered":"https:\/\/www.kinryo.net\/?p=2960"},"modified":"2023-06-11T18:09:09","modified_gmt":"2023-06-11T09:09:09","slug":"letsencrypt-%e3%81%ae%e6%9b%b4%e6%96%b0%e3%81%a7%e8%ba%93%e3%81%84%e3%81%9f","status":"publish","type":"post","link":"https:\/\/www.kinryo.net\/?p=2960","title":{"rendered":"letsencrypt \u306e\u66f4\u65b0\u3067\u8e93\u3044\u305f"},"content":{"rendered":"

WEB\u30b5\u30fc\u30d0\u30fc\u306fapache\u3092\u4f7f\u3044\u3001\u8907\u6570\u306eWEB\u3092\u904b\u7528\u3057\u3066\u3044\u308b\u3002\u305d\u3057\u3066\u5148\u65e5DRBD\u3092\u5c0e\u5165\u3057\u3001\u904b\u7528\u3057\u3066\u3044\u308b\u3002\u3053\u3053\u3067\u554f\u984c\u3001apache\u306fDRBD\u304b\u3089\u8d77\u52d5\u3057\u3066\u3044\u308b\u306e\u3067\u3001systemctl status httpd \u3067\u306fFailed \u306b\u306a\u308b\uff08\u5f53\u305f\u308a\u524d\uff09\u306a\u306e\u3067letsencrypt \u306estandalone \u30e2\u30fc\u30c9\u3067\u306f\u4e0d\u53ef\u80fd\u3060\uff08Error while running apachectl graceful.\u306b\u306a\u308b\u3002\u5f53\u305f\u308a\u524d\u3001systemctl \u304b\u3089\u8d77\u52d5\u306f\u3057\u3066\u3044\u306a\u3044\u306e\u3067\uff09\u5c1a\u304b\u3064\u4e07\u304c\u4e00apache \u3092\u30b9\u30c8\u30c3\u30d7\u3057\u3066\u3082\u3001DRBD\u304c\u30bb\u30ab\u30f3\u30c0\u30ea\u30fc\u3092\u30d7\u30e9\u30a4\u30de\u30ea\u30fc\u306b\u3057\u3066\u3001\u30b5\u30fc\u30d0\u30fc\u306f\u843d\u3061\u306a\u3044\u3002<\/p>\n

\u306a\u306e\u3067\u3001standalone \u3067\u306f\u7121\u304fwebroot \u3067\u3084\u308b\u3057\u304b\u306a\u3044\u304c\u3001\u79c1\u306f standalone \u3067\u4f5c\u6210\u3057\u305f\u306e\u3067 webroot \u306b\u5909\u66f4\u3059\u308b\u65b9\u6cd5\u3092\u63a2\u3057\u305f\u3089\u3001https:\/\/blog.apitore.com\/2016\/08\/06\/lets-encrypt-standalone-webroot\/<\/a> \u306b\u30d2\u30f3\u30c8\u304c\u5728\u3063\u305f\u3002
\n\u3067\u3082\u3053\u308c\u306fWEB\u304c\u4e00\u3064\u306e\u5834\u5408\u3067\u8907\u6570\u306e\u5834\u5408\u3067\u306f\u7121\u3044\u3002\u56e0\u307f\u306b\u4e00\u3064\u3060\u3051\u3067\u8a2d\u5b9a\u3092\u3059\u308b\u3068
\nFailed to renew certificate aarah.info-0001 with error: Missing command line flag or config entry for this setting:<\/span><\/strong>
\nInput the webroot for aarah.info:<\/span><\/strong>
\n\u3068\u3044\u3046\u30a8\u30e9\u30fc\u304c\u51fa\u305f\u3002\u8907\u6570\u306eWEB\u306f\u3069\u3046\u3059\u308b\u306e\u304b\u3001\u518d\u5ea6\u8abf\u3079\u308b\u3002
\nhttps:\/\/community.letsencrypt.org\/t\/lets-encrypt-renewal-simulation-problem\/43784\/4<\/a> \u306b\u305d\u306e\u7b54\u3048\u304c\u5728\u3063\u305f\u3002\u3064\u307e\u308a\u8907\u6570\u306eWEB\u306e\u5834\u6240\u3092 [[webroot_map]] \u306b\u8a18\u5165\u3059\u308c\u3070\u3088\u3044\u3002webroot-path \u306f\u4ee3\u8868\u306e\u4e00\u3064\u3067\u3044\u3044\u307f\u305f\u3044\u3002\u6700\u7d42\u7684\u306b\u79c1\u306e \/etc\/letsencrypt\/renewal\/aarah.info.conf \u306f<\/p>\n

# renew_before_expiry = 30 days<\/span><\/strong>
\nversion = 1.11.0<\/span><\/strong>
\narchive_dir = \/etc\/letsencrypt\/archive\/aarah.info<\/span><\/strong>
\ncert = \/etc\/letsencrypt\/live\/aarah.info\/cert.pem<\/span><\/strong>
\nprivkey = \/etc\/letsencrypt\/live\/aarah.info\/privkey.pem<\/span><\/strong>
\nchain = \/etc\/letsencrypt\/live\/aarah.info\/chain.pem<\/span><\/strong>
\nfullchain = \/etc\/letsencrypt\/live\/aarah.info\/fullchain.pem<\/span><\/strong><\/p>\n

# Options used in the renewal process<\/span><\/strong>
\n[renewalparams]<\/span><\/strong>
\n\u00a0\u00a0 # authenticator = apache<\/span><\/strong>
\n\u00a0\u00a0 #installer = apache<\/span><\/strong>
\n\u00a0\u00a0 account = b9af5964365d5f0641d47c2fb75dbbb3<\/span><\/strong>
\n\u00a0\u00a0 manual_public_ip_logging_ok = None<\/span><\/strong>
\n\u00a0\u00a0 server = https:\/\/acme-v02.api.letsencrypt.org\/directory<\/span><\/strong>
\n\u00a0\u00a0 authenticator = webroot
\nwebroot-path = \/XXX\/public\/aarah,
\n[[webroot_map]]<\/span><\/strong>
\n\u00a0\u00a0\u00a0\u00a0\u00a0 aarah.info = \/XXX\/public\/aarah<\/span><\/strong>
\n\u00a0\u00a0\u00a0\u00a0\u00a0 inpac.jp = \/XXX\/public\/inpac<\/span><\/strong>
\n\u00a0\u00a0\u00a0\u00a0\u00a0 inpactours.jp = \/XXX\/public\/inpactours<\/span><\/strong>
\n\u00a0\u00a0\u00a0\u00a0\u00a0 kinryo.net = \/XXX\/public\/kinryo<\/span><\/strong>
\n\u00a0\u00a0\u00a0\u00a0\u00a0 opengarden.info = \/XXX\/public\/opengarden<\/span><\/strong>
\n\u00a0\u00a0\u00a0\u00a0\u00a0 www.aarah.info = \/XXX\/public\/aarah<\/span><\/strong>
\n\u00a0\u00a0\u00a0\u00a0\u00a0 www.inpac.jp = \/XXX\/public\/inpac<\/span><\/strong>
\n\u00a0\u00a0\u00a0\u00a0\u00a0 www.inpactours.jp = \/XXX\/public\/inpactours<\/span><\/strong>
\n\u00a0\u00a0\u00a0\u00a0\u00a0 www.kinryo.net = \/XXX\/public\/kinryo<\/span><\/strong>
\n\u00a0\u00a0\u00a0\u00a0\u00a0 www.opengarden.info = \/XXX\/public\/opengarden<\/span>
\n<\/span><\/strong>\u4e00\u90e8\u4f0f\u305b\u5b57
\n\u305d\u306e\u5f8c
\n#<\/span> certbot renew –dry-run<\/span>
\n\u30c9\u30e9\u30a4\u30e9\u30f3\u3092\u4ed8\u3051\u30c6\u30b9\u30c8\u3002\u3053\u306e\u6642\u3069\u3046\u3044\u3046\u5206\u3051\u304bkinryo.net\u3067\u30a8\u30e9\u30fc\u304c\u3067\u308b
\nFailed to renew certificate kinryo.net with error: Missing command line flag or config entry for this setting:<\/span>
\nInput the webroot for kinryo.net:<\/span>
\n\u3060\u304c\u3001\u30c9\u30e9\u30a4\u30e9\u30f3\u3092\u4ed8\u3051\u305a\u306b
\n#<\/span> certbot renew<\/span>
\n\u3067\u672c\u3061\u3083\u3093\u3067\u3084\u308b\u3068\u30a8\u30e9\u30fc\u306f\u51fa\u305a\u306b
\nCongratulations, all renewals succeeded: <\/span>
\n\u00a0\u00a0 \/etc\/letsencrypt\/live\/aarah.info-0001\/fullchain.pem (success)<\/span>
\n\u00a0\u00a0 \/etc\/letsencrypt\/live\/kinryo.net\/fullchain.pem (success)<\/span>
\n\u00a0\u00a0 \/etc\/letsencrypt\/live\/kinryokai.net-0001\/fullchain.pem (success)<\/span>
\n\u00a0\u00a0 \/etc\/letsencrypt\/live\/kinryokai.net\/fullchain.pem (success)<\/span>
\n\u3068\u30a8\u30e9\u30fc\u306a\u304f\u7d42\u4e86\u3057\u305f\u3002\u3053\u306e\u539f\u56e0\u306f\u4e0d\u660e
\n<\/span><\/span><\/strong><\/p>\n

\u3060\u304c\u3053\u308c\u3067\u306fDRBD\u3067\u30d7\u30e9\u30a4\u30de\u30ea\u30fc\u3068\u30bb\u30ab\u30f3\u30c0\u30ea\u30fc\u304c\u5165\u308c\u66ff\u308f\u305f\u6642\u3001\u73fe\u5728\u306eletsencrypt \u306e\u8a2d\u5b9a\u304c\u5165\u3063\u3066\u3044\u306a\u3044\u306e\u3067\u30a8\u30e9\u30fc\u306b\u306a\u308b\u3002\u306a\u306e\u3067rsync \u3067\u540c\u671f\u3092\u3057\u3066\u7f6e\u304f\u3002
\n\u30b3\u30d4\u30fc\u5148\u306e\/etc\/rsyncd.conf \u306b
\n[letsencrypt]<\/span><\/strong>
\npath = \/etc\/letsencrypt<\/span><\/strong>
\nauthusers = root<\/span><\/strong>
\nsecrets file = \/etc\/rsyncd.secrets<\/span><\/strong>
\nread only =no<\/span><\/strong>
\n\u3092\u8ffd\u8a18\u3057\u3001rsyncd\u3092\u30ea\u30b9\u30bf\u30fc\u30c8\u3057\u3066\u304a\u304f\u3002
\n\u305d\u3057\u3066\u3001\u30b3\u30d4\u30fc\u5143\u3067\u30c9\u30e9\u30a4\u30e9\u30f3\u3092\u3059\u308b(n\u304c\u30c9\u30e9\u30a4\u30e9\u30f3\uff09
\n#<\/span> rsync -avn \/etc\/letsencrypt\/ rsync:\/\/root@192.168.xx.xx\/letsencrypt
\n\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u805e\u304b\u308c\u308b\u304c\u3001\u3053\u308c\u306f\u30b3\u30d4\u30fc\u5148\u306e\/etc\/rsyncd.secrets \u306b\u8a2d\u5b9a\u3057\u3066\u3042\u308broot\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5165\u529b\u306e\u4e8b\u3001\u306e\u30ed\u30b0\u30a4\u30f3\u30d1\u30b9\u30ef\u30fc\u30c9\u3067\u306f\u7121\u3044<\/span><\/span><\/strong>
\n\u30a8\u30e9\u30fc\u304c\u7121\u3044\u3053\u3068\u3092\u78ba\u304b\u3081\u3066\u3001\u672c\u3061\u3083\u3093\u306e\u540c\u671f
\n#<\/span> rsync -av \/etc\/letsencrypt\/ rsync:\/\/root@192.168.xx.xx\/letsencrypt<\/span><\/strong>
\n\u3053\u308c\u3067\u540c\u671f\u304c\u51fa\u6765\u308b\u3002<\/p>\n

\u81ea\u5206\u3078\u306e\u899a\u66f8
\n* certbot\u306e\u8a3c\u660e\u66f8\u306e\u8868\u793a
\n<\/span><\/strong>#<\/span> certbot certificates<\/span><\/span><\/span><\/span><\/strong><\/p>\n

* certbot\u3067\u30e1\u30fc\u30eb\u30b5\u30fc\u30d0\u30fc\u306e\u8a3c\u660e\u66f8\u306e\u66f4\u65b0<\/span><\/strong>
\n#<\/span> certbot certonly –dry-run -d mail.kinryo.net<\/span> \u2192\u30c9\u30e9\u30a4\u30e9\u30f3\u3067\u30c6\u30b9\u30c8
\n\u305d\u306e\u5f8c\u4e0b\u8a18\u306e\u3088\u3046\u306b\u805e\u304b\u308c\u308b\u306e\u3067
\n1: Apache Web Server plugin (apache)<\/span>
\n2: Spin up a temporary webserver (standalone)<\/span>
\n3: Place files in webroot directory (webroot)
\nSelect the appropriate number [1-3] then [enter] (press ‘c’ to cancel):<\/span> 3 \u3068\u5165\u529b<\/span><\/span><\/span>
\n\u5834\u6240\u3092\u805e\u304b\u308c\u308b\u306e\u3067\u3001kinryo.net\u306eWEB\u306e\u5834\u6240\u3092\u5165\u529b\uff08\u30e1\u30fc\u30eb\u3092\u4fdd\u5b58\u3057\u3066\u3044\u308b\u5834\u6240\u3067\u306f\u7121\u3044\uff09<\/span><\/strong>
\nInput the webroot for mail.kinryo.net: (Enter ‘c’ to cancel):<\/span> \/XXXXX\/public\/kinryo<\/span>
\n\u3053\u308c\u3067\u6210\u529f\u3059\u308b\u306e\u3067\u3001\u30c9\u30e9\u30a4\u30e9\u30f3\u3092\u5916\u3057\u3066\u3001\u672c\u3061\u3083\u3093\u306e\u66f4\u65b0\u3092\u3059\u308b\u3002
\n\u305d\u306e\u5f8c\u3001secondary\u5074\u306e\/etc\/rsyncd.conf \u3082\u540c\u3058\u69d8\u306b\u5909\u66f4\u3057\u3066\u7f6e\u304f\u3053\u3068\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

WEB\u30b5\u30fc\u30d0\u30fc\u306fapache\u3092\u4f7f\u3044\u3001\u8907\u6570\u306eWEB\u3092\u904b\u7528\u3057\u3066\u3044\u308b\u3002\u305d\u3057\u3066\u5148\u65e5DRBD\u3092\u5c0e\u5165\u3057\u3001\u904b\u7528\u3057\u3066\u3044\u308b\u3002\u3053\u3053\u3067\u554f\u984c\u3001apache\u306fDRBD\u304b\u3089\u8d77\u52d5\u3057\u3066\u3044\u308b\u306e\u3067\u3001systemctl status httpd \u3067\u306fFail … \u7d9a\u304d\u3092\u8aad\u3080 →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"sns_share_botton_hide":"","vkExUnit_sns_title":"","_vk_print_noindex":"","sitemap_hide":"","_veu_custom_css":"","veu_display_promotion_alert":"","vkexunit_cta_each_option":"","footnotes":""},"categories":[10],"tags":[],"class_list":["post-2960","post","type-post","status-publish","format-standard","hentry","category-linux"],"acf":[],"veu_head_title_object":{"title":"","add_site_title":""},"_links":{"self":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/2960","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2960"}],"version-history":[{"count":18,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/2960\/revisions"}],"predecessor-version":[{"id":3383,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/2960\/revisions\/3383"}],"wp:attachment":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2960"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2960"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2960"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}