MoinQ:

Letsencrypt/DV証明書/renewal/2018-10-12について、ここに記述してください。

%cat certbotlog                                                          ~
# certbot certonly --standalone -d moin.qmail.jp
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
An unexpected error occurred:
ConnectionError: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x29bef42c>: Failed to establish a new connection: [Errno 65] No route to host',))
Please see the logfiles in /var/log/letsencrypt for more details.
root@f:/service # certbot certonly --standalone -d moin.qmail.jp
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for moin.qmail.jp
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /usr/local/etc/letsencrypt/keys/0007_key-certbot.pem
Creating CSR: /usr/local/etc/letsencrypt/csr/0007_csr-certbot.pem

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /usr/local/etc/letsencrypt/live/moin.qmail.jp/fullchain.pem. Your
   cert will expire on 2018-02-20. To obtain a new or tweaked version
   of this certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
   renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

root@f:/service # 

1. renew も試した

# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/moin.qmail.jp.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for moin.qmail.jp
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /usr/local/etc/letsencrypt/keys/0008_key-certbot.pem
Creating CSR: /usr/local/etc/letsencrypt/csr/0008_csr-certbot.pem

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/usr/local/etc/letsencrypt/live/moin.qmail.jp/fullchain.pem
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/moin.qmail.jp-0001.conf
-------------------------------------------------------------------------------
expected /usr/local/etc/letsencrypt/live/moin.qmail.jp-0001/cert.pem to be a symlink
Renewal configuration file /usr/local/etc/letsencrypt/renewal/moin.qmail.jp-0001.conf is broken. Skipping.

Congratulations, all renewals succeeded. The following certs have been renewed:
  /usr/local/etc/letsencrypt/live/moin.qmail.jp/fullchain.pem (success)

Additionally, the following renewal configuration files were invalid: 
  /usr/local/etc/letsencrypt/renewal/moin.qmail.jp-0001.conf (parsefail)
0 renew failure(s), 1 parse failure(s)

2. 出来たものをpound下へ

-- ToshinoriMaeno 2018-10-11 23:32:46 /service/pound/