読者です 読者をやめる 読者になる 読者になる

DELAEMON BLOG

Live as if you were to die tomorrow. Learn as if you were to live forever.

Hugo SSL/TLS(Let's Encrypt) Renew

Systemdで動かしている Hugo サイトのSSL/TLS(Let's Encrypt)を更新した。

更新しようとしたらエラー

$ ./certbot-auto renew
Requesting root privileges to run certbot...
  /home/dela/.local/share/letsencrypt/bin/letsencrypt renew

-------------------------------------------------------------------------------
Processing <domain>.conf
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
The program hugo (process ID 786) is already listening on TCP port 80. This will
prevent us from binding to that port. Please stop the hugo program temporarily
and then try again. For automated renewal, you may want to use a script that
stops and starts your webserver. You can find an example at
https://letsencrypt.org/howitworks/#writing-your-own-renewal-script.
Alternatively you can use the webroot plugin to renew without needing to stop
and start your webserver.
-------------------------------------------------------------------------------
2016-09-28 22:22:53,632:WARNING:certbot.renewal:Attempting to renew cert from <domain>.conf produced an unexpected error: At least one of the (possibly) required ports is already taken.. Skipping.

All renewal attempts failed. The following certs could not be renewed:
 <domain>/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

80portを使ってるサービスを停止

$ sudo systemctl stop hugo

再度、更新しようとしたらエラー

$ ./certbot-auto renew
Requesting root privileges to run certbot...
  /home/dela/.local/share/letsencrypt/bin/letsencrypt renew

-------------------------------------------------------------------------------
Processing <domain>.conf
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
The program hugo-https (process ID 14806) is already listening on TCP port 443.
This will prevent us from binding to that port. Please stop the hugo-https
program temporarily and then try again. For automated renewal, you may want to
use a script that stops and starts your webserver. You can find an example at
https://letsencrypt.org/howitworks/#writing-your-own-renewal-script.
Alternatively you can use the webroot plugin to renew without needing to stop
and start your webserver.
-------------------------------------------------------------------------------
2016-09-28 22:26:37,520:WARNING:certbot.renewal:Attempting to renew cert from <domain>.conf produced an unexpected error: At least one of the (possibly) required ports is already taken.. Skipping.

All renewal attempts failed. The following certs could not be renewed:
  <domain>/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)

443portを使ってるサービスを停止

$ sudo systemctl stop hugos

再々更新

$ ./certbot-auto renew
Requesting root privileges to run certbot...
  /home/dela/.local/share/letsencrypt/bin/letsencrypt renew

-------------------------------------------------------------------------------
Processing <domain>.conf
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
<domain>/fullchain.pem
-------------------------------------------------------------------------------

Congratulations, all renewals succeeded. The following certs have been renewed:
  <domain>/fullchain.pem (success)

停止したサービスを起動

$ sudo systemctl start hugos
$ sudo systemctl start hugo

簡単だけど、サービス無停止で更新する方法を考える