証明書の更新に失敗する
AWSを利用している環境でLet’s EncryptのSSL証明書の更新に失敗しました。
数日様子を見ていましたがエラーが回避できません。デバックモードで実行しているので仕方ないでしょう。
# ./letsencrypt-auto renew --debug Error: couldn't get currently installed version for /root/.local/share/letsencrypt/bin/letsencrypt: Traceback (most recent call last): File "/root/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module> from certbot.main import main File "/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/main.py", line 7, in <module> import zope.component File "/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/zope/component/__init__.py", line 16, in <module> from zope.interface import Interface ImportError: No module named interface
初期化して再実行
色々と調査をしましたが、最終的に落ち着いたのは最初からやり直す事です。
# cd $HOME/.local/share # mv letsencrypt letsencrypt.bak # unset PYTHON_INSTALL_LAYOUT # ./certbot-auto -d DOMAIN certonly --webroot -w DOCUMENT_ROOT -m EMAIL --debug
途中で既存の証明書をどうするか聞いてきます。今回は上書きを選んで進めて行きます。
What would you like to do? ------------------------------------------------------------------------------- 1: Keep the existing certificate for now 2: Renew & replace the cert (limit ~5 per 7 days) ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel):2
無事に更新処理が完了しました。
Renewing an existing certificate Performing the following challenges: http-01 challenge for DOMAIN Using the webroot path DOCUMENT_ROOT for all unmatched domains. Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at ./live/DOMAIN/fullchain.pem. Your cert will expire on 2017-09-07. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le