Let's Encrypt, which I introduced three months ago, wasn't automatically updated for some reason. I've solved it, so I'll post it as a memorandum. I didn't intend to give it to Qiita, so I didn't take screenshots.
ConoHa(CentOS8)
-I should have set the automatic update of Let's Encrypt, but for some reason it has not been updated. I remember setting it with reference to this article. ・ I didn't understand even after reading the error statement, but it seems that Apache is strange (I guess) -When I checked with the following command, Apache startup failed. "Active: failed (Result: exit-code)" is displayed.
Terminal
$ systemctl status httpd
-If you read the status carefully, there are two "(98) Address already in use" errors. It seems that Apache couldn't start because port 443 was already used by Node.js.
→ Notice that Apache is required to update Let's Encrypt (← stupid)
-End the Node.js process (killed this time) and restart Apache. This time it worked fine. After that, I manually updated Let's Encrypt and it succeeded.
▼ Manual update of Let's Encrypt
Terminal
$ sudo certbot renew
Reference for process deletion: Corrective action for Address already in use
→ I thought Node.js was running on Apache, but I understood that it was running independently.
-But this requires you to stop Node.js and start Apache every time you update Let's Encrypt. -If you set Apache to not use port 443, you can start it at the same time as Node.js. (Open only port 80) -Rewritten "/etc/httpd/conf.d/ssl.conf". Commented out "Listen 443 https".
:/etc/httpd/conf.d/ssl.conf
#
# When we also provide SSL we have to listen to the
# standard HTTPS port in addition.
#
#Listen 443 https //← Comment out this line
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
The following is omitted
reference (98) Address already in use occurs when Apache is restarted! Two causes and countermeasures
-After restarting Apache, the forced update of Let's Encrypt was successful, so this time it seems okay. I hope the next automatic update will succeed.
▼ Forcibly renew regardless of the expiration date of the SSL certificate
Terminal
$ sudo certbot renew --force-renew
reference How to manually renew the SSL certificate of Let's Encrypt
I have rewritten firewalld to block Apache's 443 port. I couldn't connect to the web app after setting the port 443 to repel the connection. (No wonder)