1. 갱신 테스트
[[root@centos /]# certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/blog.daonelab.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Account registered.
Simulating renewal of an existing certificate for blog.daonelab.com
Performing the following challenges:
http-01 challenge for blog.daonelab.com
Waiting for verification...
Challenge failed for domain blog.daonelab.com
http-01 challenge for blog.daonelab.com
Cleaning up challenges
Failed to renew certificate blog.daonelab.com with error: Some challenges have failed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/blog.daonelab.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: blog.daonelab.com
Type: unauthorized
Detail: Invalid response from
http://blog.daonelab.com/.well-known/acme-challenge/ujeTFWIUlZLw2QWO2u9fKi7apKLtw_M74uFy7BcK9zE
[220.122.147.73]: "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0
Strict//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html
xmlns=\"http"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
[root@centos conf.d]#
2. 인증서 만료일 확인
[root@centos /]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: blog.daonelab.com
Serial Number: 35e5d759733bf9d1651f79797a06d3ea4ab
Key Type: RSA
Domains: blog.daonelab.com
Expiry Date: 2021-07-17 04:48:30+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/blog.daonelab.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/blog.daonelab.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
3. Crontab설정
[root@centos cron.d]# crontab -e
0 2 1 * * root certbot renew --renew-hook="systemctl restart nginx"매월 1일 02시