「Let’s Encrypt」が更新できない場合の解決方法

環境

私のメールサーバーの「Let’s Encrypt」が更新できていなかったので、その解決方法を掲載します。

更新エラーの状況

「Let’s Encrypt」を更新すると下記のエラーが出て更新ができない。
Webサーバーは普通に更新ができているので不思議です。

/bin/certbot renew

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mail.jipulog.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.jipulog.com
Cleaning up challenges
Attempting to renew cert (mail.jipulog.com) from /etc/letsencrypt/renewal/mail.jipulog.com.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6.. Skipping.

解決方法

おそらくWebサーバーとメールサーバーが同じサーバーだと競合が起きて更新ができないみたいです。

(1)とりあえず、httpdとpostfix、dovecotを止めます。

systemctl stop httpd
systemctl stop postfix
systemctl stop dovecot

*httpdだけを止めても更新エラーが発生するようです。

(2)再度、「Let’s Encrypt」を更新します。

/bin/certbot renew

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/mail.jipulog.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.jipulog.com
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/mail.jipulog.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.jipulog.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certs are not due for renewal yet:
  /etc/letsencrypt/live/jipulog.com/fullchain.pem expires on 2020-05-23 (skipped)
  /etc/letsencrypt/live/www.jipulog.com/fullchain.pem expires on 2020-05-23 (skipped)
Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/mail.jipulog.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

更新が成功しました。

(3)再度、停止させたhttpdとpostfix、dovecotを起動させます。

systemctl start httpd
systemctl start postfix
systemctl start dovecot