パスワードを忘れた? アカウント作成
13479473 journal
日記

T.Ozakiの日記: Let's Encrypt(Cerbot)の証明書が更新できない… 2

日記 by T.Ozaki

いつのもメールチェックしていたらVPS管理用のメールボックスにLet's Encryptから「SSL証明書の期限がもうすぐ切れるからとっとと更新しやがれゴルァ!(意訳」というメールが。

…はて、更新チェック用スクリプトはcron.weeklyで毎週実行してるし、過去5回の自動更新はちゃんと機能していたのにな…と思いながら手動でコマンドを叩いてみる。

# certbot-auto renew
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
    DeprecationWarning
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/◆◆◆◆◆.◆◆◆.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
/opt/eff.org/certbot/venv/lib/python2.6/site-packages/acme/jose/jwa.py:110: DeprecationWarning: signer and verifier have been deprecated. Please use sign and verify instead.
    signer = key.signer(self.padding, self.hash)
Performing the following challenges:
http-01 challenge for ◆◆◆◆◆.◆◆◆
http-01 challenge for www.◆◆◆◆◆.◆◆◆
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (◆◆◆◆◆.◆◆◆) from /etc/letsencrypt/renewal/◆◆◆◆◆.◆◆◆.conf produced an unexpected error: Failed authorization procedure. www.◆◆◆◆◆.◆◆◆ (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.◆◆◆◆◆.◆◆◆/.well-known/acme-challenge/▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲: Timeout. Skipping.
All renewal attempts failed. The following certs could not be renewed:
    /etc/letsencrypt/live/◆◆◆◆◆.◆◆◆/fullchain.pem (failure)

-------------------------------------------------------------------------------

All renewal attempts failed. The following certs could not be renewed:
    /etc/letsencrypt/live/◆◆◆◆◆.◆◆◆/fullchain.pem (failure)
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
  - The following errors were reported by the server:

      Domain: www.◆◆◆◆◆.◆◆◆
      Type: connection
      Detail: Fetching
      http://www.◆◆◆◆◆.◆◆◆/.well-known/acme-challenge/▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲▲:
      Timeout

      To fix these errors, please make sure that your domain name was
      entered correctly and the DNS A/AAAA record(s) for that domain
      contain(s) the right IP address. Additionally, please check that
      your computer has a publicly routable IP address and that no
      firewalls are preventing the server from communicating with the
      client. If you're using the webroot plugin, you should also verify
      that you are serving files from the webroot path you provided.

何故かTimeoutでコケている。
ドメインはA/AAAAレコード共にちゃんと設定されているし、digでもちゃんと引ける。
HTTP/HTTPSポートもちゃんと開いているし…。

何故だ?

この議論は、T.Ozaki (33169)によって ログインユーザだけとして作成されたが、今となっては 新たにコメントを付けることはできません。
typodupeerror

物事のやり方は一つではない -- Perlな人

読み込み中...