【備忘録】let's encrypt で証明書更新エラーが発生した際の対応方法 - チョッピーデイズ - EC事業支援・ECサイト立ち上げ・Webマーケティング・SEO・ホームページ制作・Web開発・アプリ開発・コーチングチョッピーデイズ

よくあるlet’s encrypt で証明書更新エラーが発生した際の対応方法

certbot-auto で証明書更新エラー

[root@ip-10-10-xxx-xx ~]# certbot-auto certonly --webroot -w /var/www/vhosts/sample.com/public_html -d sample.com --email sample@sample.com --debug --no-bootstrap Upgrading certbot-auto 0.21.1 to 0.26.0... Replacing certbot-auto... Creating virtual environment... Installing Python packages... Installation succeeded. Traceback (most recent call last): File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in from certbot.main import main File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 10, in import josepy as jose File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 44, in from josepy.interfaces import JSONDeSerializable File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 8, in from josepy import errors, util File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 4, in import OpenSSL File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in from OpenSSL import rand, crypto, SSL File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/rand.py", line 12, in from OpenSSL._util import ( File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 6, in from cryptography.hazmat.bindings.openssl.binding import Binding ImportError: No module named cryptography.hazmat.bindings.openssl.binding You have new mail in /var/spool/mail/root

環境変数PYTHON_INSTALL_LAYOUTを確認

[root@ip-10-10-xxx-xx ~]# env | grep PYTHON_INSTALL_LAYOUT PYTHON_INSTALL_LAYOUT=amzn

環境変数PYTHON_INSTALL_LAYOUTをunsetする

[root@ip-10-10-xxx-xx ~]# unset PYTHON_INSTALL_LAYOUT

certbotを削除(一応退避)

[root@ip-10-10-xxx-xx ~]# cp -rf /opt/eff.org/certbot /opt/eff.org/certbot.bak2 [root@ip-10-10-xxx-xx ~]# rm -rf /opt/eff.org/certbot

再度SSL証明書を更新

[root@ip-10-10-xxx-xx ~]# certbot-auto certonly --webroot -w /var/www/vhosts/sample.com/public_html -d sample.com --email sample@sample.com --debug --no-bootstrap Creating virtual environment... Installing Python packages... Installation succeeded. Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: http-01 challenge for sample.com Using the webroot path /var/www/vhosts/sample.com/public_html for all unmatched domains. Waiting for verification... Cleaning up challenges

IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/sample.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/sample.com/privkey.pem Your cert will expire on 2018-10-13. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

You have new mail in /var/spool/mail/root