Let’s Encrypt renew

# Let’s Encrypt renew 繼上次重新驗證 Let’s Encrypt 的憑證後過了三個月需要做 renew 了但在我照著之前的經驗先把 80 port 對外開放以後執行下面指令 ```bash $ certbot renew ``` 之後發現好像有錯誤 ```python= - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed with reload of apache server; fullchain is /etc/letsencrypt/live/mydomain-0001/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/mydomain.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Traceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/renewal.py", line 67, in _reconstitute renewal_candidate = storage.RenewableCert(full_path, config) File "/usr/lib/python3/dist-packages/certbot/storage.py", line 463, in __init__ self._check_symlinks() File "/usr/lib/python3/dist-packages/certbot/storage.py", line 522, in _check_symlinks "expected {0} to be a symlink".format(link)) certbot.errors.CertStorageError: expected /etc/letsencrypt/live/mydomain/cert.pem to be a symlink Renewal configuration file /etc/letsencrypt/renewal/mydomain.conf is broken. Skipping. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/mydomain-0001/fullchain.pem (success) Additionally, the following renewal configurations were invalid: /etc/letsencrypt/renewal/mydomain.conf (parsefail) ``` 仔細看了上面的訊息再加上搜尋了一些網站之後發現原來是我的 domain name 因為上次直接是做新的驗證所以 domain name 變成 mydomain-0001 出現了 `-0001` 的後綴… 想了想就不照網上看到的做法我直接到 `/etc/letsencrypt/renewal/mydomain.conf` 去把裡面原來記錄的 domain name 都改成 `mydomain-0001` 之後再執行一次看起來就沒問題了 XD ```bash $ certbot renew ``` ```python= Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/mydomain-0001.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/mydomain.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/mydomain-0001/fullchain.pem expires on 2022-07-11 (skipped) /etc/letsencrypt/live/mydomain-0001/fullchain.pem expires on 2022-07-11 (skipped) No renewals were attempted. ``` 有問題的話下次 renew 的時候會知道的 XD ###### tags: `Linux` `SSL` `LetsEncrypt`