I'm using Let's Encrypt on a website. Let's Encrypt must be renewed every 3 months, and the certificate can be renewed from 1 month in advance.
It is quite troublesome to do it manually every time, so I decided to batch process with cron and automatically update SSL, and when it is executed, the result is returned by e-mail.
At one point, the subject of the update failure was in the email ...
Faild renew letsencript SSL cert
Currently the website is fine, but after the update period,
** Untrusted site **
Will be displayed, so we will deal with it immediately.
I will try to execute it manually for the time being.
certbot renew --dry-run
The following results ...
Cahllenge failed for domain *****.jp
Challenge failed for domain www.*****.jp
Attempting to renew cert (www.*****.jp) from /etc/letsencrypt/renewal/www.*****.jp produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
Anyway, like this, it is written in a row about things that failed.
Notable is further below.
Domain: ******.jp
Type: unauthorized
Detail: Invalid response from
https://******.jp/.well-known/acme-challenge/xZtOg19utX8Mch7n3hgYJNeNk4GM2PBw6LVqFgzs9pI
[153.***.***.***]: "<!DOCTYPE html>\n<html lang=\"ja\"
ng-app=\"NetCommonsApp\">\n<head>\n\t<meta
charset=\"utf-8\">\n\t<meta http-equiv=\"X-UA-Compatible\" conte"
** It didn't work when I accessed here ~ ** It says something like that.
https://******.jp/.well-known/acme-challenge/xZtOg19utX8Mch7n3hgYJNeNk4GM2PBw6LVqFgzs9pI
↑ Your domain + URL like ".well-known / acme-challenge".
It seems that the SSL certificate is placed here, but it failed because it can not be accessed.
This time, we are building a website with apache + CakePHP2. The root directory looks like this: The apache side is also set to refer to the following path.
/var/www/html/cakephp
Once to the root directory
cd /var/www/html/cakephp
Since it is the root directory, it is normal to access here, CakePHP also redirects from here.
The file doing it
.htaccess
Will be.
The contents are like this.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ app/webroot/ [L]
RewriteRule (.*) app/webroot/$1 [L]
</IfModule>
I'm redirecting further to ** app / webroot ** in CakePHP.
However, since there is no well-known directory in webroot, If the URL "https://*****.jp/well-known" is accessed, do not redirect it.
Add the following statement
RewriteRule ^\.well-known(.*)$ .well-known$1 [L]
↓
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^\.well-known(.*)$ .well-known$1 [L]
RewriteRule ^$ app/webroot/ [L]
RewriteRule (.*) app/webroot/$1 [L]
</IfModule>
Now when you access well-known you will not be redirected!
Execute the following command
certbot renew --dry-run
I forgot to keep a log of success. ..
The word ** failed ** does not appear, The word ** succeeded ** appears,
I think it's okay if you can confirm.
If successful, remove "--dry-run" and re-execute.
certbot renew
The certificate has been successfully renewed.
the end.
Recommended Posts