自動化# certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/ekzemplaro.org.conf ------------------------------------------------------------------------------- Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: http-01 challenge for ekzemplaro.org Waiting for verification... Cleaning up challenges ------------------------------------------------------------------------------- new certificate deployed without reload, fullchain is /etc/letsencrypt/live/ekzemplaro.org/fullchain.pem ------------------------------------------------------------------------------- Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/ekzemplaro.org/fullchain.pem (success)この後、# systemctl restart nginx
クローンに登録有効期限の確認$ sudo crontab -u root -e
00 04 01 * * /usr/bin/certbot renew --post-hook "systemctl restart nginx"
80 と 443 のポートを Listen していないと更新ができない# openssl x509 -in /etc/letsencrypt/live/ekzemplaro.org/cert.pem -noout -dates notBefore=May 27 10:01:00 2017 GMT notAfter=Aug 25 10:01:00 2017 GMT
# netstat -ant Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN tcp 0 316 172.31.26.168:22 163.49.211.219:60520 ESTABLISHED tcp 0 0 172.31.26.168:22 163.49.211.219:58984 ESTABLISHED tcp6 0 0 :::80 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 :::443 :::* LISTEN
Jun/10/2017 AM 08:15