Let's Encript renew

更新

# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/ekzemplaro.org.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ekzemplaro.org
Waiting for verification...
Cleaning up challenges

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/ekzemplaro.org/fullchain.pem
-------------------------------------------------------------------------------

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/ekzemplaro.org/fullchain.pem (success)

この後、

# systemctl restart nginx

自動化

クローンに登録
$ sudo crontab -u root -e

00 04 01 * * /usr/bin/certbot renew --post-hook "systemctl restart nginx"

有効期限の確認

# openssl x509 -in /etc/letsencrypt/live/ekzemplaro.org/cert.pem -noout -dates
notBefore=May 27 10:01:00 2017 GMT
notAfter=Aug 25 10:01:00 2017 GMT

80 と 443 のポートを Listen していないと更新ができない

# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN     
tcp        0    316 172.31.26.168:22        163.49.211.219:60520    ESTABLISHED
tcp        0      0 172.31.26.168:22        163.49.211.219:58984    ESTABLISHED
tcp6       0      0 :::80                   :::*                    LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 :::443                  :::*                    LISTEN

Return

Jun/10/2017 AM 08:15