【備忘録】let’s encrypt で証明書更新エラーが発生した際の対応方法

  • 2018.10.19
  • AWS
NO IMAGE

よくあるlet’s encrypt で証明書更新エラーが発生した際の対応方法

certbot-auto で証明書更新エラー


[root@ip-10-10-xxx-xx ~]# certbot-auto certonly --webroot -w /var/www/vhosts/sample.com/public_html -d sample.com --email sample@sample.com --debug --no-bootstrap
Upgrading certbot-auto 0.21.1 to 0.26.0...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in
from certbot.main import main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 10, in
import josepy as jose
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 44, in
from josepy.interfaces import JSONDeSerializable
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 8, in
from josepy import errors, util
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 4, in
import OpenSSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in
from OpenSSL import rand, crypto, SSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/rand.py", line 12, in
from OpenSSL._util import (
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 6, in
from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding
You have new mail in /var/spool/mail/root

環境変数PYTHON_INSTALL_LAYOUTを確認

[root@ip-10-10-xxx-xx ~]# env | grep PYTHON_INSTALL_LAYOUT
PYTHON_INSTALL_LAYOUT=amzn

環境変数PYTHON_INSTALL_LAYOUTをunsetする

[root@ip-10-10-xxx-xx ~]# unset PYTHON_INSTALL_LAYOUT

certbotを削除(一応退避)

[root@ip-10-10-xxx-xx ~]# cp -rf /opt/eff.org/certbot /opt/eff.org/certbot.bak2
[root@ip-10-10-xxx-xx ~]# rm -rf /opt/eff.org/certbot

再度SSL証明書を更新

[root@ip-10-10-xxx-xx ~]# certbot-auto certonly --webroot -w /var/www/vhosts/sample.com/public_html -d sample.com --email sample@sample.com --debug --no-bootstrap
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sample.com
Using the webroot path /var/www/vhosts/sample.com/public_html for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/sample.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/sample.com/privkey.pem
Your cert will expire on 2018-10-13. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

You have new mail in /var/spool/mail/root

AWSカテゴリの最新記事