{"id":1846,"date":"2018-03-03T14:56:42","date_gmt":"2018-03-03T05:56:42","guid":{"rendered":"http:\/\/matoken.org\/blog\/?p=1846"},"modified":"2018-03-03T14:56:42","modified_gmt":"2018-03-03T05:56:42","slug":"failure-to-update-lets-encrypt","status":"publish","type":"post","link":"https:\/\/matoken.org\/blog\/2018\/03\/03\/failure-to-update-lets-encrypt\/","title":{"rendered":"Let&#8217;s Encrypt\u306e\u66f4\u65b0\u306b\u5931\u6557\u3059\u308b"},"content":{"rendered":"<p>\u6700\u8fd1\u306f\u3053\u3093\u306a\u611f\u3058\u3067Let&rsquo;s Encrypt\u306e\u8a3c\u660e\u66f8\u306e\u66f4\u65b0\u3092\u66f4\u65b0\u3057\u3066\u3044\u308b\u306e\u3067\u3059\u304c\u4eca\u56de\u5931\u6557\u3057\u307e\u3057\u305f\uff0e<br \/>\n\uff08DocumenteRoot\u3092FQDN\u306b\u3057\u3066\u3044\u308b\u524d\u63d0\uff09<\/p>\n<div class=\"codehilite\">\n<pre><span><\/span>$ sudo \/bin\/sh -c <span class=\"s2\">&quot;\/usr\/bin\/find \/etc\/letsencrypt\/renewal\/*.conf -type f | \/usr\/bin\/xargs \/usr\/bin\/basename -s .conf | xargs -n1 -I{} \/usr\/bin\/letsencrypt renew --webroot -w \/var\/www\/{}\/ -d {}&quot;<\/span>\r\n<\/pre>\n<\/div>\n<p>\u3053\u3093\u306a\u3075\u3046\u306b\u6012\u3089\u308c\u307e\u3059\uff0e<br \/>\n(\u4ed5\u69d8\u304c\u5909\u308f\u3063\u305f?)<\/p>\n<div class=\"codehilite\">\n<pre><span><\/span>Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nCurrently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command. The renew verb may provide other options for selecting certificates to renew in the future.\r\n<\/pre>\n<\/div>\n<p>\u3068\u308a\u3042\u3048\u305a\u306f<code>letsencrypt renew<\/code>\u3092<code>letsencrypt certonly<\/code>\u306b\u3057\u305f\u3089\u901a\u308a\u307e\u3057\u305f\uff0e<\/p>\n<div class=\"codehilite\">\n<pre><span><\/span>$ sudo \/bin\/sh -c <span class=\"s2\">&quot;\/usr\/bin\/find \/etc\/letsencrypt\/renewal\/*.conf -type f | \/usr\/bin\/xargs \/usr\/bin\/basename -s .conf | xargs -n1 -I{} \/usr\/bin\/letsencrypt certonly --webroot -w \/var\/www\/{}\/ -d {}&quot;<\/span>\r\n<\/pre>\n<\/div>\n<p>\u3053\u308c\u3067\u66f4\u65b0\u3067\u304d\u305f\u3068\u601d\u3063\u305f\u30891\u3064\u306e\u30c9\u30e1\u30a4\u30f3\u3067\u5931\u6557\u3057\u3066\u3044\u307e\u3059\uff0e<\/p>\n<div class=\"codehilite\">\n<pre><span><\/span>Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nCert is due for renewal, auto-renewing...\r\nRenewing an existing certificate\r\nPerforming the following challenges:\r\nhttp-01 challenge for files.matoken.org\r\nUsing the webroot path \/var\/www\/files.matoken.org for all unmatched domains.\r\nWaiting for verification...\r\nCleaning up challenges\r\nFailed authorization procedure. files.matoken.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http:\/\/files.matoken.org\/.well-known\/acme-challenge\/Be7Aiai4UH9CDqacTaEZOMH4SxSQbtFqxFcPXcCtJEs: &quot;<span class=\"cp\">&lt;!DOCTYPE HTML PUBLIC &quot;-\/\/IETF\/\/DTD HTML 2.0\/\/EN&quot;&gt;<\/span>\r\n<span class=\"nt\">&lt;html&gt;&lt;head&gt;<\/span>\r\n<span class=\"nt\">&lt;title&gt;<\/span>404 Not Found<span class=\"nt\">&lt;\/title&gt;<\/span>  \r\n<span class=\"nt\">&lt;\/head&gt;&lt;body&gt;<\/span>\r\n<span class=\"nt\">&lt;h1&gt;<\/span>Not Found<span class=\"nt\">&lt;\/h1&gt;<\/span>\r\n<span class=\"nt\">&lt;p<\/span><span class=\"err\">&quot;<\/span>\r\n\r\n<span class=\"err\">IMPORTANT<\/span> <span class=\"err\">NOTES:<\/span>\r\n <span class=\"err\">-<\/span> <span class=\"err\">The<\/span> <span class=\"err\">following<\/span> <span class=\"err\">errors<\/span> <span class=\"err\">were<\/span> <span class=\"err\">reported<\/span> <span class=\"err\">by<\/span> <span class=\"err\">the<\/span> <span class=\"err\">server:<\/span>\r\n\r\n   <span class=\"err\">Domain:<\/span> <span class=\"err\">files.matoken.org<\/span>  \r\n   <span class=\"err\">Type:<\/span>   <span class=\"err\">unauthorized<\/span>\r\n   <span class=\"err\">Detail:<\/span> <span class=\"err\">Invalid<\/span> <span class=\"err\">response<\/span> <span class=\"err\">from<\/span>\r\n   <span class=\"err\">http:\/\/files.matoken.org\/.well-known\/acme-challenge\/Be7Aiai4UH9CDqacTaEZOMH4SxSQbtFqxFcPXcCtJEs:<\/span>\r\n   <span class=\"err\">&quot;&lt;!DOCTYPE<\/span> <span class=\"err\">HTML<\/span> <span class=\"err\">PUBLIC<\/span> <span class=\"err\">&quot;-\/\/IETF\/\/DTD<\/span> <span class=\"err\">HTML<\/span> <span class=\"err\">2.0\/\/EN&quot;<\/span><span class=\"nt\">&gt;<\/span>\r\n   <span class=\"nt\">&lt;html&gt;&lt;head&gt;<\/span>\r\n   <span class=\"nt\">&lt;title&gt;<\/span>404 Not Found<span class=\"nt\">&lt;\/title&gt;<\/span>\r\n   <span class=\"nt\">&lt;\/head&gt;&lt;body&gt;<\/span>\r\n   <span class=\"nt\">&lt;h1&gt;<\/span>Not Found<span class=\"nt\">&lt;\/h1&gt;<\/span>\r\n   <span class=\"nt\">&lt;p<\/span><span class=\"err\">&quot;<\/span>\r\n\r\n   <span class=\"err\">To<\/span> <span class=\"err\">fix<\/span> <span class=\"err\">these<\/span> <span class=\"err\">errors,<\/span> <span class=\"err\">please<\/span> <span class=\"err\">make<\/span> <span class=\"err\">sure<\/span> <span class=\"err\">that<\/span> <span class=\"err\">your<\/span> <span class=\"err\">domain<\/span> <span class=\"err\">name<\/span> <span class=\"err\">was<\/span>\r\n   <span class=\"err\">entered<\/span> <span class=\"err\">correctly<\/span> <span class=\"err\">and<\/span> <span class=\"err\">the<\/span> <span class=\"err\">DNS<\/span> <span class=\"err\">A<\/span> <span class=\"err\">record(s)<\/span> <span class=\"err\">for<\/span> <span class=\"err\">that<\/span> <span class=\"err\">domain<\/span>\r\n   <span class=\"err\">contain(s)<\/span> <span class=\"err\">the<\/span> <span class=\"err\">right<\/span> <span class=\"err\">IP<\/span> <span class=\"err\">address.<\/span>\r\n<\/pre>\n<\/div>\n<p>\u30d5\u30a1\u30a4\u30eb\u3092DoumentRoot\u306b\u7f6e\u3044\u3066Let&rsquo;s Encrypt\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3055\u308c\u308b\u306e\u3067\u3059\u304c\u305d\u3053\u3067\u305d\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u898b\u3064\u304b\u3089\u306a\u3044\u3068\u5931\u6557\u3057\u3066\u3044\u307e\u3059\uff0e\u3053\u306e\u30c9\u30e1\u30a4\u30f3\u306fhttp\u3092\u8a2d\u5b9a\u3057\u3066\u3044\u307e\u305b\u3093\u3067\u3057\u305f\uff0e<br \/>\n\u3066\u3053\u3068\u3067apache\u3067Rewrite\u306e\u8a2d\u5b9a\u3092\u3057\u3066\u3042\u3052\u308b\u3068<\/p>\n<div class=\"codehilite\">\n<pre><span><\/span>RewriteEngine On\r\nRewriteRule ^ https:\/\/%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]\r\n<\/pre>\n<\/div>\n<p>\u901a\u308a\u307e\u3057\u305f\uff0e<\/p>\n<div class=\"codehilite\">\n<pre><span><\/span>$ sudo \/usr\/bin\/letsencrypt certonly --webroot -w \/var\/www\/files.matoken.org\/ -d files.mato\r\nken.org\r\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\r\nCert is due <span class=\"k\">for<\/span> renewal, auto-renewing...\r\nRenewing an existing certificate\r\nPerforming the following challenges:\r\nhttp-01 challenge <span class=\"k\">for<\/span> files.matoken.org\r\nUsing the webroot path \/var\/www\/files.matoken.org <span class=\"k\">for<\/span> all unmatched domains.\r\nWaiting <span class=\"k\">for<\/span> verification...\r\nCleaning up challenges\r\nGenerating key <span class=\"o\">(<\/span><span class=\"m\">2048<\/span> bits<span class=\"o\">)<\/span>: \/etc\/letsencrypt\/keys\/0003_key-certbot.pem\r\nCreating CSR: \/etc\/letsencrypt\/csr\/0003_csr-certbot.pem\r\n\r\nIMPORTANT NOTES:\r\n - Congratulations! Your certificate and chain have been saved at\r\n   \/etc\/letsencrypt\/live\/files.matoken.org\/fullchain.pem. Your cert\r\n   will expire on <span class=\"m\">2018<\/span>-05-31. To obtain a new or tweaked version of\r\n   this certificate in the future, simply run certbot again. To\r\n   non-interactively renew *all* of your certificates, run <span class=\"s2\">&quot;certbot<\/span>\r\n<span class=\"s2\">   renew&quot;<\/span>\r\n - If you like Certbot, please consider supporting our work by:\r\n\r\n   Donating to ISRG \/ Let<span class=\"err\">&#39;<\/span>s Encrypt:   https:\/\/letsencrypt.org\/donate\r\n   Donating to EFF:                    https:\/\/eff.org\/donate-le\r\n<\/pre>\n<\/div>\n<p>certbot\u306eversion\u304c\u304b\u306a\u308a\u53e4\u3044\u3067\u3059\u306d\u2026\u2026\uff0e<\/p>\n<div class=\"codehilite\">\n<pre><span><\/span>$ dpkg -l<span class=\"p\">|<\/span>grep -i certbot\r\nii  certbot                               <span class=\"m\">0<\/span>.10.2-1                          all          automatically configure HTTPS using Let<span class=\"err\">&#39;<\/span>s Encrypt\r\nii  python-certbot                        <span class=\"m\">0<\/span>.10.2-1                          all          main library <span class=\"k\">for<\/span> certbot\r\n<\/pre>\n<\/div>\n<p>\u3066\u3053\u3068\u3067backport\u306e\u3082\u306e\u306b\u5165\u308c\u66ff\u3048\uff0e<\/p>\n<div class=\"codehilite\">\n<pre><span><\/span>$ sudo apt remove certbot\r\n$ sudo apt install python-certbot-apache -t stretch-backports\r\n$ apt show certbot\r\nPackage: certbot\r\nVersion: <span class=\"m\">0<\/span>.21.1-1~bpo9+1\r\nPriority: optional\r\nSection: web\r\nSource: python-certbot\r\nMaintainer: Debian Let<span class=\"s1\">&#39;s Encrypt &lt;letsencrypt-devel@lists.alioth.debian.org&gt;<\/span>\r\n<span class=\"s1\">Installed-Size: 53.2 kB<\/span>\r\n<span class=\"s1\">Provides: letsencrypt<\/span>\r\n<span class=\"s1\">Depends: python3-certbot (= 0.21.1-1~bpo9+1), python3:any<\/span>\r\n<span class=\"s1\">Suggests: python3-certbot-apache, python3-certbot-nginx, python-certbot-doc<\/span>\r\n<span class=\"s1\">Breaks: letsencrypt (&lt;= 0.6.0)<\/span>\r\n<span class=\"s1\">Replaces: letsencrypt<\/span>\r\n<span class=\"s1\">Homepage: https:\/\/certbot.eff.org\/<\/span>\r\n<span class=\"s1\">Download-Size: 20.4 kB<\/span>\r\n<span class=\"s1\">APT-Manual-Installed: no<\/span>\r\n<span class=\"s1\">APT-Sources: http:\/\/ftp.jp.debian.org\/debian stretch-backports\/main amd64 Packages<\/span>\r\n<span class=\"s1\">Description: automatically configure HTTPS using Let&#39;<\/span>s Encrypt\r\n The objective of Certbot, Let<span class=\"s1\">&#39;s Encrypt, and the ACME (Automated<\/span>\r\n<span class=\"s1\"> Certificate Management Environment) protocol is to make it possible<\/span>\r\n<span class=\"s1\"> to set up an HTTPS server and have it automatically obtain a<\/span>\r\n<span class=\"s1\"> browser-trusted certificate, without any human intervention. This is<\/span>\r\n<span class=\"s1\"> accomplished by running a certificate management agent on the web<\/span>\r\n<span class=\"s1\"> server.<\/span>\r\n<span class=\"s1\"> .<\/span>\r\n<span class=\"s1\"> This agent is used to:<\/span>\r\n<span class=\"s1\"> .<\/span>\r\n<span class=\"s1\">   - Automatically prove to the Let&#39;<\/span>s Encrypt CA that you control the website\r\n   - Obtain a browser-trusted certificate and <span class=\"nb\">set<\/span> it up on your web server\r\n   - Keep track of when your certificate is going to expire, and renew it\r\n   - Help you revoke the certificate <span class=\"k\">if<\/span> that ever becomes necessary.\r\n .\r\n This package contains the main application, including the standalone\r\n and the manual authenticators.\r\n\r\nN: There is <span class=\"m\">1<\/span> additional record. Please use the <span class=\"s1\">&#39;-a&#39;<\/span> switch to see it\r\n<\/pre>\n<\/div>\n<p>\u3066\u3053\u3068\u3067client\u304c\u53e4\u304b\u3063\u305f\u306e\u3067\u3042\u307e\u308a\u53c2\u8003\u306b\u306a\u3089\u7121\u3055\u305d\u3046\u306a\u30e1\u30e2\u3067\u3057\u305f\uff0e<\/p>\n<div>\n<p>\n<iframe style=\"width:120px;height:240px;\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" frameborder=\"0\" src=\"\/\/rcm-fe.amazon-adsystem.com\/e\/cm?lt1=_blank&#038;bc1=000000&#038;IS2=1&#038;bg1=FFFFFF&#038;fc1=000000&#038;lc1=0000FF&#038;t=matokensmeme-22&#038;o=9&#038;p=8&#038;l=as4&#038;m=amazon&#038;f=ifr&#038;ref=as_ss_li_til&#038;asins=B015643CPE&#038;linkId=2fa56c15486e5e01d485020b4f7b6e5d\"><\/iframe><iframe style=\"width:120px;height:240px;\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" frameborder=\"0\" src=\"\/\/rcm-fe.amazon-adsystem.com\/e\/cm?lt1=_blank&#038;bc1=000000&#038;IS2=1&#038;bg1=FFFFFF&#038;fc1=000000&#038;lc1=0000FF&#038;t=matokensmeme-22&#038;o=9&#038;p=8&#038;l=as4&#038;m=amazon&#038;f=ifr&#038;ref=as_ss_li_til&#038;asins=B00H372H18&#038;linkId=eb11afa94aa58f35ed8fb961d413c26d\"><\/iframe>\n<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u6700\u8fd1\u306f\u3053\u3093\u306a\u611f\u3058\u3067Let&rsquo;s Encrypt\u306e\u8a3c\u660e\u66f8\u306e\u66f4\u65b0\u3092\u66f4\u65b0\u3057\u3066\u3044\u308b\u306e\u3067\u3059\u304c\u4eca\u56de\u5931\u6557\u3057\u307e\u3057\u305f\uff0e \uff08DocumenteRoot\u3092FQDN\u306b\u3057\u3066\u3044\u308b\u524d\u63d0\uff09 $ sudo \/bin\/sh -c &quot;\/u [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"webmentions_disabled_pings":false,"webmentions_disabled":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[7,6,75],"tags":[324,257],"class_list":["post-1846","post","type-post","status-publish","format-standard","hentry","category-debian-linux","category-linux","category-stretch","tag-certbot","tag-letsencrypt"],"_links":{"self":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/1846","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/comments?post=1846"}],"version-history":[{"count":0,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/1846\/revisions"}],"wp:attachment":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/media?parent=1846"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/categories?post=1846"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/tags?post=1846"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}