WARNING: certbot-auto support is DEPRECATED!
Задача:
---------------------------------------------------------------Найти причину возникновения ошибки и предложить решение проблеммы
Ошибка сертификата при открытии сайта
Проверяем, какие задачи у cron
root@ws1:/ # crontab -l 0 0,12 * * * /usr/local/bin/certbot renew * * * * * cd /usr/local/www/apache24/data/webseit; php wp-cron.php doing_wp_cron > /dev/null 2>&1 root@ws1:/ #
Проверяем работу certbot
root@ws1: # certbot certbot: Command not found. root@ws1: #
Проверяем наличие установленного certbot
root@ws1:/ # pkg info | grep certbot root@ws1:/ #
Переходим с директорию /usr/local/bin/ и проверяем команды certbot
root@cloud:/ # cd /usr/local/bin/ root@cloud:/usr/local/bin # cr crashinfo cron crontab crunchgen crunchide crypt root@cloud:/usr/local/bin # cert certbot certbot-3.7 certbot-auto certtool root@cloud:/usr/local/bin # certbot-auto WARNING: certbot-auto support for this FreeBSD is DEPRECATED! Please visit certbot.eff.org to learn how to download a version of Certbot that is packaged for your system. While an existing version of certbot-auto may work currently, we have stopped supporting updating system packages for your system. Please switch to a packaged version as soon as possible. root@cloud:/usr/local/bin #
Скорее всего после обновления системы, обновился python и certbot автоматически удалился как конфликтный. Это вопрос к тому, кто обновлял сервер до меня. Проверяем возможность установки certbot
root@ws1:/usr/home/xaxa # pkg search certbot py27-certbot-1.0.0,1 Let's Encrypt client py27-certbot-apache-1.0.0 Apache plugin for Certbot py27-certbot-dns-cloudflare-1.0.0 Cloudflare DNS plugin for Certbot py27-certbot-dns-cloudxns-1.0.0 CloudXNS DNS Authenticator plugin for Certbot py27-certbot-dns-digitalocean-1.0.0 DigitalOcean DNS Authenticator plugin for Certbot py27-certbot-dns-dnsimple-1.0.0 DNSimple DNS Authenticator plugin for Certbot py27-certbot-dns-dnsmadeeasy-1.0.0 DNS Made Easy DNS Authenticator plugin for Certbot py27-certbot-dns-gehirn-1.0.0 Gehirn Infrastructure Service DNS Authenticator plugin for Certbot py27-certbot-dns-google-1.0.0 Google Cloud DNS Authenticator plugin for Certbot py27-certbot-dns-linode-1.0.0 Linode DNS Authenticator plugin for Certbot py27-certbot-dns-luadns-1.0.0 LuaDNS Authenticator plugin for Certbot py27-certbot-dns-nsone-1.0.0 NS1 DNS Authenticator plugin for Certbot py27-certbot-dns-ovh-1.0.0 OVH DNS Authenticator plugin for Certbot py27-certbot-dns-rfc2136-1.0.0 RFC 2136 DNS Authenticator plugin for Certbot py27-certbot-dns-route53-1.0.0 Route53 DNS Authenticator plugin for Certbot py27-certbot-dns-sakuracloud-1.0.0 Sakura Cloud DNS Authenticator plugin for Certbot py27-certbot-nginx-1.0.0 NGINX plugin for Certbot py37-certbot-1.0.0,1 Let's Encrypt client py37-certbot-apache-1.0.0 Apache plugin for Certbot py37-certbot-dns-cloudflare-1.0.0 Cloudflare DNS plugin for Certbot py37-certbot-dns-cloudxns-1.0.0 CloudXNS DNS Authenticator plugin for Certbot py37-certbot-dns-digitalocean-1.0.0 DigitalOcean DNS Authenticator plugin for Certbot py37-certbot-dns-dnsimple-1.0.0 DNSimple DNS Authenticator plugin for Certbot py37-certbot-dns-dnsmadeeasy-1.0.0 DNS Made Easy DNS Authenticator plugin for Certbot py37-certbot-dns-gehirn-1.0.0 Gehirn Infrastructure Service DNS Authenticator plugin for Certbot py37-certbot-dns-google-1.0.0 Google Cloud DNS Authenticator plugin for Certbot py37-certbot-dns-linode-1.0.0 Linode DNS Authenticator plugin for Certbot py37-certbot-dns-luadns-1.0.0 LuaDNS Authenticator plugin for Certbot py37-certbot-dns-nsone-1.0.0 NS1 DNS Authenticator plugin for Certbot py37-certbot-dns-ovh-1.0.0 OVH DNS Authenticator plugin for Certbot py37-certbot-dns-rfc2136-1.0.0 RFC 2136 DNS Authenticator plugin for Certbot py37-certbot-dns-route53-1.0.0 Route53 DNS Authenticator plugin for Certbot py37-certbot-dns-sakuracloud-1.0.0 Sakura Cloud DNS Authenticator plugin for Certbot py37-certbot-nginx-1.0.0 NGINX plugin for Certbot root@ws1:/usr/home/xaxa #
Устанавливаем py37-certbot
root@cloud:/usr/ports/security/py-certbot # pkg install py37-certbot
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 13 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
py37-certbot: 1.0.0,1
py37-distro: 1.4.0_1
py37-josepy: 1.2.0
py37-acme: 1.0.0,1
py37-requests-toolbelt: 0.8.0_1
py37-pytz: 2019.3,1
py37-pyrfc3339: 1.1
py37-zope.interface: 4.6.0
py37-zope.component: 4.2.2
py37-zope.event: 4.1.0
py37-parsedatetime: 2.5
py37-configobj: 5.0.6_1
py37-configargparse: 1.0
Number of packages to be installed: 13
The process will require 15 MiB more space.
5 MiB to be downloaded.
Proceed with this action? [y/N]: y
[1/13] Fetching py37-certbot-1.0.0,1.txz: 100% 280 KiB 286.6kB/s 00:01
[2/13] Fetching py37-distro-1.4.0_1.txz: 100% 23 KiB 23.1kB/s 00:01
[3/13] Fetching py37-josepy-1.2.0.txz: 100% 74 KiB 75.3kB/s 00:01
[4/13] Fetching py37-acme-1.0.0,1.txz: 100% 58 KiB 59.8kB/s 00:01
[5/13] Fetching py37-requests-toolbelt-0.8.0_1.txz: 100% 4 MiB 123.2kB/s 00:38
[6/13] Fetching py37-pytz-2019.3,1.txz: 100% 157 KiB 160.3kB/s 00:01
[7/13] Fetching py37-pyrfc3339-1.1.txz: 100% 8 KiB 8.1kB/s 00:01
[8/13] Fetching py37-zope.interface-4.6.0.txz: 100% 192 KiB 196.3kB/s 00:01
[9/13] Fetching py37-zope.component-4.2.2.txz: 100% 91 KiB 93.7kB/s 00:01
[10/13] Fetching py37-zope.event-4.1.0.txz: 100% 8 KiB 7.8kB/s 00:01
[11/13] Fetching py37-parsedatetime-2.5.txz: 100% 57 KiB 58.5kB/s 00:01
[12/13] Fetching py37-configobj-5.0.6_1.txz: 100% 51 KiB 52.1kB/s 00:01
[13/13] Fetching py37-configargparse-1.0.txz: 100% 24 KiB 25.0kB/s 00:01
Checking integrity... done (2 conflicting)
- py37-distro-1.4.0_1 conflicts with py36-distro-1.4.0_1 on /usr/local/bin/distro
- py37-josepy-1.2.0 conflicts with py36-josepy-1.2.0 on /usr/local/bin/jws
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 15 package(s) will be affected (of 0 checked):
Installed packages to be REMOVED:
py36-josepy-1.2.0
py36-distro-1.4.0_1
New packages to be INSTALLED:
py37-pytz: 2019.3,1
py37-josepy: 1.2.0
py37-requests-toolbelt: 0.8.0_1
py37-pyrfc3339: 1.1
py37-zope.interface: 4.6.0
py37-zope.event: 4.1.0
py37-distro: 1.4.0_1
py37-acme: 1.0.0,1
py37-zope.component: 4.2.2
py37-parsedatetime: 2.5
py37-configobj: 5.0.6_1
py37-configargparse: 1.0
py37-certbot: 1.0.0,1
Number of packages to be removed: 2
Number of packages to be installed: 13
The process will require 15 MiB more space.
Proceed with this action? [y/N]: y
[1/15] Deinstalling py36-josepy-1.2.0...
[1/15] Deleting files for py36-josepy-1.2.0: 100%
[2/15] Deinstalling py36-distro-1.4.0_1...
[2/15] Deleting files for py36-distro-1.4.0_1: 100%
[3/15] Installing py37-pytz-2019.3,1...
[3/15] Extracting py37-pytz-2019.3,1: 100%
[4/15] Installing py37-josepy-1.2.0...
[4/15] Extracting py37-josepy-1.2.0: 100%
[5/15] Installing py37-requests-toolbelt-0.8.0_1...
[5/15] Extracting py37-requests-toolbelt-0.8.0_1: 100%
[6/15] Installing py37-pyrfc3339-1.1...
[6/15] Extracting py37-pyrfc3339-1.1: 100%
[7/15] Installing py37-zope.interface-4.6.0...
[7/15] Extracting py37-zope.interface-4.6.0: 100%
[8/15] Installing py37-zope.event-4.1.0...
[8/15] Extracting py37-zope.event-4.1.0: 100%
[9/15] Installing py37-distro-1.4.0_1...
[9/15] Extracting py37-distro-1.4.0_1: 100%
[10/15] Installing py37-acme-1.0.0,1...
[10/15] Extracting py37-acme-1.0.0,1: 100%
[11/15] Installing py37-zope.component-4.2.2...
[11/15] Extracting py37-zope.component-4.2.2: 100%
[12/15] Installing py37-parsedatetime-2.5...
[12/15] Extracting py37-parsedatetime-2.5: 100%
[13/15] Installing py37-configobj-5.0.6_1...
[13/15] Extracting py37-configobj-5.0.6_1: 100%
[14/15] Installing py37-configargparse-1.0...
[14/15] Extracting py37-configargparse-1.0: 100%
[15/15] Installing py37-certbot-1.0.0,1...
[15/15] Extracting py37-certbot-1.0.0,1: 100%
=====
Message from py37-certbot-1.0.0,1:
--
This port installs the "standalone" client only, which does not use and
is not the certbot-auto bootstrap/wrapper script.
The simplest form of usage to obtain certificates is:
# sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]>
NOTE:
The client requires the ability to bind on TCP port 80 or 443 (depending
on the --preferred-challenges option used). If a server is running on that
port, it will need to be temporarily stopped so that the standalone server
can listen on that port to complete the challenge authentication process.
For more information on the 'standalone' mode, see:
https://certbot.eff.org/docs/using.html#standalone
The certbot plugins to support apache and nginx certificate installation
will be made available in the following ports:
* Apache plugin: security/py-certbot-apache
* Nginx plugin: security/py-certbot-nginx
In order to automatically renew the certificates, add this line to
/etc/periodic.conf:
weekly_certbot_enable="YES"
root@cloud:/usr/ports/security/py-certbot #
Пробуем генерировать новый сертификат
root@cloud:/usr/ports/security/py-certbot # certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /usr/local/etc/letsencrypt/renewal/webseit.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Could not choose appropriate plugin: The requested nginx plugin does not appear to be installed Attempting to renew cert (webseit.com) from /usr/local/etc/letsencrypt/renewal/webseit.com.conf produced an unexpected error: The requested nginx plugin does not appear to be installed. Skipping. All renewal attempts failed. The following certs could not be renewed: /usr/local/etc/letsencrypt/live/webseit.com/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - All renewal attempts failed. The following certs could not be renewed: /usr/local/etc/letsencrypt/live/webseit.com/fullchain.pem (failure) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 renew failure(s), 0 parse failure(s) root@cloud:/usr/ports/security/py-certbot #
Устанавливаем дополнение для nginx
root@cloud:/usr/ports/security/py-certbot # pkg install py37-certbot-nginx
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
py37-certbot-nginx: 1.0.0
py37-pyparsing: 2.4.6
py37-mock: 3.0.5
Number of packages to be installed: 3
The process will require 1 MiB more space.
213 KiB to be downloaded.
Proceed with this action? [y/N]: y
[1/3] Fetching py37-certbot-nginx-1.0.0.txz: 100% 63 KiB 64.8kB/s 00:01
[2/3] Fetching py37-pyparsing-2.4.6.txz: 100% 108 KiB 110.4kB/s 00:01
[3/3] Fetching py37-mock-3.0.5.txz: 100% 42 KiB 42.6kB/s 00:01
Checking integrity... done (0 conflicting)
[1/3] Installing py37-pyparsing-2.4.6...
[1/3] Extracting py37-pyparsing-2.4.6: 100%
[2/3] Installing py37-mock-3.0.5...
[2/3] Extracting py37-mock-3.0.5: 100%
[3/3] Installing py37-certbot-nginx-1.0.0...
[3/3] Extracting py37-certbot-nginx-1.0.0: 100%
root@cloud:/usr/ports/security/py-certbot # certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/webseit.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for xaxa.ddns.net
nginx: [warn] conflicting server name "webseit.com" on [::]:443, ignored
nginx: [warn] conflicting server name "webseit.com" on 0.0.0.0:443, ignored
Waiting for verification...
Cleaning up challenges
nginx: [warn] conflicting server name "webseit.com" on [::]:443, ignored
nginx: [warn] conflicting server name "webseit.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "webseit.com" on [::]:443, ignored
nginx: [warn] conflicting server name "webseit.comt" on 0.0.0.0:443, ignored
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/usr/local/etc/letsencrypt/live/webseit.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all renewals succeeded. The following certs have been renewed:
/usr/local/etc/letsencrypt/live/webseit.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@cloud:/usr/ports/security/py-certbot #
Теперь сертификат работает без ошибок
Свежие комментарии