After getting the ssl certificate using Let's Encrypt, I set up automatic renewal, but I will introduce one solution when an error occurs and it is not automatically renewed.
· Debian (GCP) -Obtaining an SSL certificate using Let's Encrypt and making it https has been completed.
Since the SSL certificate of Let's Encrypt has an expiration date of 3 months, the nerew command is periodically executed by crontab to automatically renew the certificate.
crontab
certbot renew --post-hook "/etc/init.d/apache2 restart"
It says it can't be updated because the port is in use. I had to stop the running web server (service for updating SSL certificate) and then execute the renew command.
WARNING:certbot.renewal:Attempting to renew cert from /etc/letsencrypt/renewal/SITE_URI.conf produced an unexpected error: At least one of the required ports is already taken.. Skipping.
crontab
certbot renew --pre-hook "/etc/init.d/apache2 stop" --post-hook "/etc/init.d/apache2 start"
Added --pre-hook option to the old command.
-"/Etc/init.d/apache2 restart", "/etc/init.d/apache2 start", "/etc/init.d/apache2 stop" are commands to stop, start, and restart the web server. is. Please read according to the environment.
-If you add it to the root user's crontab, the command will be executed with root privileges. When adding to another user's crontab, you need to add sudo before the command like "sudo /etc/init.d/apache2 restart".
・ Replace certbot renew with certbot-auto depending on the environment. Depending on the environment, the certbot directory may be specified. For example, / home / user_name / certbot renew.