「Let’s Encrypt」が更新できない場合の解決方法
私のメールサーバーの「Let’s Encrypt」が更新できていなかったので、その解決方法を掲載します。
更新エラーの状況
「Let’s Encrypt」を更新すると下記のエラーが出て更新ができない。
Webサーバーは普通に更新ができているので不思議です。
/bin/certbot renew - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/mail.jipulog.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Plugins selected: Authenticator standalone, Installer None Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Renewing an existing certificate Performing the following challenges: http-01 challenge for mail.jipulog.com Cleaning up challenges Attempting to renew cert (mail.jipulog.com) from /etc/letsencrypt/renewal/mail.jipulog.com.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.
解決方法
おそらくWebサーバーとメールサーバーが同じサーバーだと競合が起きて更新ができないみたいです。
(1)とりあえず、httpdとpostfix、dovecotを止めます。
systemctl stop httpd systemctl stop postfix systemctl stop dovecot
*httpdだけを止めても更新エラーが発生するようです。
(2)再度、「Let’s Encrypt」を更新します。
/bin/certbot renew - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/mail.jipulog.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator standalone, Installer None Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Renewing an existing certificate Performing the following challenges: http-01 challenge for mail.jipulog.com Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed without reload, fullchain is /etc/letsencrypt/live/mail.jipulog.com/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/www.jipulog.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: /etc/letsencrypt/live/jipulog.com/fullchain.pem expires on 2020-05-23 (skipped) /etc/letsencrypt/live/www.jipulog.com/fullchain.pem expires on 2020-05-23 (skipped) Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/mail.jipulog.com/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
更新が成功しました。
(3)再度、停止させたhttpdとpostfix、dovecotを起動させます。
systemctl start httpd systemctl start postfix systemctl start dovecot