Letsencrypt/DV証明書/renewal/2018-10-12について、ここに記述してください。 {{{ %cat certbotlog ~ # certbot certonly --standalone -d moin.qmail.jp Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org An unexpected error occurred: ConnectionError: HTTPSConnectionPool(host='acme-v01.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 65] No route to host',)) Please see the logfiles in /var/log/letsencrypt for more details. root@f:/service # certbot certonly --standalone -d moin.qmail.jp Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: tls-sni-01 challenge for moin.qmail.jp Waiting for verification... Cleaning up challenges Generating key (2048 bits): /usr/local/etc/letsencrypt/keys/0007_key-certbot.pem Creating CSR: /usr/local/etc/letsencrypt/csr/0007_csr-certbot.pem IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /usr/local/etc/letsencrypt/live/moin.qmail.jp/fullchain.pem. Your cert will expire on 2018-02-20. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le root@f:/service # }}} == renew も試した == {{{ # certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /usr/local/etc/letsencrypt/renewal/moin.qmail.jp.conf ------------------------------------------------------------------------------- Cert is due for renewal, auto-renewing... Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Renewing an existing certificate Performing the following challenges: tls-sni-01 challenge for moin.qmail.jp Waiting for verification... Cleaning up challenges Generating key (2048 bits): /usr/local/etc/letsencrypt/keys/0008_key-certbot.pem Creating CSR: /usr/local/etc/letsencrypt/csr/0008_csr-certbot.pem ------------------------------------------------------------------------------- new certificate deployed without reload, fullchain is /usr/local/etc/letsencrypt/live/moin.qmail.jp/fullchain.pem ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Processing /usr/local/etc/letsencrypt/renewal/moin.qmail.jp-0001.conf ------------------------------------------------------------------------------- expected /usr/local/etc/letsencrypt/live/moin.qmail.jp-0001/cert.pem to be a symlink Renewal configuration file /usr/local/etc/letsencrypt/renewal/moin.qmail.jp-0001.conf is broken. Skipping. Congratulations, all renewals succeeded. The following certs have been renewed: /usr/local/etc/letsencrypt/live/moin.qmail.jp/fullchain.pem (success) Additionally, the following renewal configuration files were invalid: /usr/local/etc/letsencrypt/renewal/moin.qmail.jp-0001.conf (parsefail) 0 renew failure(s), 1 parse failure(s) }}} == 出来たものをpound下へ == -- ToshinoriMaeno <> /service/pound/