Let’s Encrypt 更新 certbot renewコマンドでエラー

無料SSL Let’s Encryptを使用しています。

Let’s Encryptは3カ月更新となっています。

期限切れが近づいたよっていうアラートメールが届いたので、certbot renewコマンドを叩いていざ更新！
ところが、うまくいかない・・・

# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/techtech-note.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for techtech-note.com
Cleaning up challenges
Attempting to renew cert (techtech-note.com) from /etc/letsencrypt/renewal/techtech-note.com.conf produced an unexpected error: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/techtech-note.com/fullchain.pem(failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/techtech-note.com/fullchain.pem(failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

エラー内容を訳すと、

「CertbotがCAに証明するために現在必要なポート80で待機している仮想ホストが見つかりません。
ドメインを管理するポート80の仮想ホストを追加してください。」

とのこと。

解決方法
確認

解決方法

解決方法はエラー内容そのままですが、仮想ホストポート80を追加すればオッケーです。

# vi /etc/httpd/conf/httpd.conf

<VirtualHost *:80>
    ServerAdmin sample@sample.com
    ServerName sample.com
    DocumentRoot /var/www/html
</VirtualHost>

※値は各自変更してください

保存内容を反映させるため、apacheを再起動。

# systemctl restart httpd

確認

あらためて更新をかけてみましょう。

# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/techtech-note.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for techtech-note.com
Waiting for verification...
Cleaning up challenges
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/techtech-note.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/techtech-note.com/fullchain.pem(success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

文末にsuccessの文字が(´▽｀)

念のため、サイトをブラウザで開いて更新されているかもチェックしましょう。

ちゃんと更新れてるようです！