Hugo SSL/TLS(Let's Encrypt) Renew
Systemdで動かしている Hugo サイトのSSL/TLS(Let's Encrypt)を更新した。
更新しようとしたらエラー
$ ./certbot-auto renew Requesting root privileges to run certbot... /home/dela/.local/share/letsencrypt/bin/letsencrypt renew ------------------------------------------------------------------------------- Processing <domain>.conf ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- The program hugo (process ID 786) is already listening on TCP port 80. This will prevent us from binding to that port. Please stop the hugo program temporarily and then try again. For automated renewal, you may want to use a script that stops and starts your webserver. You can find an example at https://letsencrypt.org/howitworks/#writing-your-own-renewal-script. Alternatively you can use the webroot plugin to renew without needing to stop and start your webserver. ------------------------------------------------------------------------------- 2016-09-28 22:22:53,632:WARNING:certbot.renewal:Attempting to renew cert from <domain>.conf produced an unexpected error: At least one of the (possibly) required ports is already taken.. Skipping. All renewal attempts failed. The following certs could not be renewed: <domain>/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s)
80portを使ってるサービスを停止
$ sudo systemctl stop hugo
再度、更新しようとしたらエラー
$ ./certbot-auto renew Requesting root privileges to run certbot... /home/dela/.local/share/letsencrypt/bin/letsencrypt renew ------------------------------------------------------------------------------- Processing <domain>.conf ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- The program hugo-https (process ID 14806) is already listening on TCP port 443. This will prevent us from binding to that port. Please stop the hugo-https program temporarily and then try again. For automated renewal, you may want to use a script that stops and starts your webserver. You can find an example at https://letsencrypt.org/howitworks/#writing-your-own-renewal-script. Alternatively you can use the webroot plugin to renew without needing to stop and start your webserver. ------------------------------------------------------------------------------- 2016-09-28 22:26:37,520:WARNING:certbot.renewal:Attempting to renew cert from <domain>.conf produced an unexpected error: At least one of the (possibly) required ports is already taken.. Skipping. All renewal attempts failed. The following certs could not be renewed: <domain>/fullchain.pem (failure) 1 renew failure(s), 0 parse failure(s)
443portを使ってるサービスを停止
$ sudo systemctl stop hugos
再々更新
$ ./certbot-auto renew Requesting root privileges to run certbot... /home/dela/.local/share/letsencrypt/bin/letsencrypt renew ------------------------------------------------------------------------------- Processing <domain>.conf ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- new certificate deployed without reload, fullchain is <domain>/fullchain.pem ------------------------------------------------------------------------------- Congratulations, all renewals succeeded. The following certs have been renewed: <domain>/fullchain.pem (success)
停止したサービスを起動
$ sudo systemctl start hugos $ sudo systemctl start hugo
簡単だけど、サービス無停止で更新する方法を考える
