【CentOS7】Let's Encryptの証明書を自動更新させる
Posted: 2018-03-26
スポンサーリンク
目次
背景
こちらの記事でも書いておりますが、当ブログはLet's Encryptを使ってSSL化しております。
このLet's Encryptは無料でSSL証明書を発行してくれるので大変ありがたいのですが、期間が3ヶ月しかないため、油断するとすぐに期限切れしてしまいます。
今回はそんなお悩みを解決するため、証明書を自動更新する設定をメモしておきます。
環境
- CentOS Linux release 7.4.1708 (Core)
- certbot 0.19.0
cronの設定
# echo '0 0 * * * /usr/bin/certbot renew --post-hook "/usr/bin/systemctl restart nginx.service" > /dev/null 2>&1'
(前提)普通に手作業で更新する場合の手順
インストール時に使ったcertbotコマンドで更新できます。
コマンド
/usr/bin/certbot renew --post-hook "/usr/bin/systemctl restart nginx.service"
成功した時の実行結果
/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/blog.setouchino.cloud.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for blog.setouchino.cloud
Waiting for verification...
Cleaning up challenges
-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/blog.setouchino.cloud/fullchain.pem
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/www.setouchino.cloud.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.setouchino.cloud
Waiting for verification...
Cleaning up challenges
-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/www.setouchino.cloud/fullchain.pem
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/setouchino.cloud.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for setouchino.cloud
Waiting for verification...
Cleaning up challenges
-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/setouchino.cloud/fullchain.pem
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/blog.setouchino.cloud/fullchain.pem (success)
/etc/letsencrypt/live/www.setouchino.cloud/fullchain.pem (success)
/etc/letsencrypt/live/setouchino.cloud/fullchain.pem (success)
-------------------------------------------------------------------------------
ちなみにこのcertbotコマンドで更新する際、期限が残っている等の理由で更新不要の場合にはスキップします。
更新が不要な時の実行結果
# /usr/bin/certbot renew --post-hook "/usr/bin/systemctl restart nginx.service"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/blog.setouchino.cloud.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/www.setouchino.cloud.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/setouchino.cloud.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
-------------------------------------------------------------------------------
The following certs are not due for renewal yet:
/etc/letsencrypt/live/blog.setouchino.cloud/fullchain.pem (skipped)
/etc/letsencrypt/live/www.setouchino.cloud/fullchain.pem (skipped)
/etc/letsencrypt/live/setouchino.cloud/fullchain.pem (skipped)
No renewals were attempted.
No hooks were run.
-------------------------------------------------------------------------------
このため、このコマンドをcron設定しておけば必要な時だけ自動で更新してくれます。
自動更新の設定
crontabに以下のコマンドを追記します。
0 0 * * * /usr/bin/certbot renew --post-hook "/usr/bin/systemctl restart nginx.service" > /dev/null 2>&1
これで毎日0:00に更新を試みてくれます。
crontab -eか ファイルに出力した上でcrontab "ファイル名" で追記できます。
以上です。
スポンサーリンク
コメント一覧
2021/04/08 01:44:55
tyncさん
Don utilize some - or - second person pronouns(I, you, we, my , etc.. ) forty two. Persuasive Plans Four ways of utilize whenever creating a persuasive article: 1 ). Don utilize some - or - second person pronouns(I, you, we, my, our, etc.,.) https://www.advancedtechnologyic.com/how-to-write-a-winning-application-letter/
2021/04/20 19:51:27
loyalさん
An article that is informative teaches your reader. They're able to have just one of a few purposes: contrast and compare some thing to specify a word, evaluate information, or even offer a one-of-a-kind. They don't, but make an effort to convince your own reader present a comment.
http://99boxers.com/2021/03/28/how-do-you-get-a-high-school-in-sims-4/
http://smiceinternational.com/nou/2020/11/16/the-pros-and-cons-of-how-to-write-a-hook-for-an-essay/
http://way-bd.com/what-should-be-in-a-dissertation-conclusion/
コメントを投稿する
TOP back