WARNING: certbot-auto support is DEPRECATED!

Print Friendly, PDF & Email

Задача:

Найти причину возникновения ошибки и предложить решение проблеммы

---------------------------------------------------------------

Ошибка сертификата при открытии сайта

Проверяем, какие задачи у cron

root@ws1:/ # crontab -l
0 0,12 * * * /usr/local/bin/certbot renew
* * * * *  cd /usr/local/www/apache24/data/webseit; php wp-cron.php doing_wp_cron > /dev/null 2>&1
root@ws1:/ #

Проверяем работу certbot

root@ws1: # certbot
certbot: Command not found.
root@ws1: #

Проверяем наличие установленного certbot

root@ws1:/ # pkg info | grep certbot
root@ws1:/ #

Переходим с директорию /usr/local/bin/ и проверяем команды certbot

root@cloud:/ # cd /usr/local/bin/
root@cloud:/usr/local/bin # cr
crashinfo cron      crontab   crunchgen crunchide crypt
root@cloud:/usr/local/bin # cert
certbot      certbot-3.7  certbot-auto certtool
root@cloud:/usr/local/bin # certbot-auto
WARNING: certbot-auto support for this FreeBSD is DEPRECATED!
Please visit certbot.eff.org to learn how to download a version of
Certbot that is packaged for your system. While an existing version
of certbot-auto may work currently, we have stopped supporting updating
system packages for your system. Please switch to a packaged version
as soon as possible.
root@cloud:/usr/local/bin #

Скорее всего после обновления системы, обновился python и certbot автоматически удалился как конфликтный. Это вопрос к тому, кто обновлял сервер до меня. Проверяем возможность установки certbot

root@ws1:/usr/home/xaxa # pkg search certbot
py27-certbot-1.0.0,1           Let's Encrypt client
py27-certbot-apache-1.0.0      Apache plugin for Certbot
py27-certbot-dns-cloudflare-1.0.0 Cloudflare DNS plugin for Certbot
py27-certbot-dns-cloudxns-1.0.0 CloudXNS DNS Authenticator plugin for Certbot
py27-certbot-dns-digitalocean-1.0.0 DigitalOcean DNS Authenticator plugin for Certbot
py27-certbot-dns-dnsimple-1.0.0 DNSimple DNS Authenticator plugin for Certbot
py27-certbot-dns-dnsmadeeasy-1.0.0 DNS Made Easy DNS Authenticator plugin for Certbot
py27-certbot-dns-gehirn-1.0.0  Gehirn Infrastructure Service DNS Authenticator plugin for Certbot
py27-certbot-dns-google-1.0.0  Google Cloud DNS Authenticator plugin for Certbot
py27-certbot-dns-linode-1.0.0  Linode DNS Authenticator plugin for Certbot
py27-certbot-dns-luadns-1.0.0  LuaDNS Authenticator plugin for Certbot
py27-certbot-dns-nsone-1.0.0   NS1 DNS Authenticator plugin for Certbot
py27-certbot-dns-ovh-1.0.0     OVH DNS Authenticator plugin for Certbot
py27-certbot-dns-rfc2136-1.0.0 RFC 2136 DNS Authenticator plugin for Certbot
py27-certbot-dns-route53-1.0.0 Route53 DNS Authenticator plugin for Certbot
py27-certbot-dns-sakuracloud-1.0.0 Sakura Cloud DNS Authenticator plugin for Certbot
py27-certbot-nginx-1.0.0       NGINX plugin for Certbot
py37-certbot-1.0.0,1           Let's Encrypt client
py37-certbot-apache-1.0.0      Apache plugin for Certbot
py37-certbot-dns-cloudflare-1.0.0 Cloudflare DNS plugin for Certbot
py37-certbot-dns-cloudxns-1.0.0 CloudXNS DNS Authenticator plugin for Certbot
py37-certbot-dns-digitalocean-1.0.0 DigitalOcean DNS Authenticator plugin for Certbot
py37-certbot-dns-dnsimple-1.0.0 DNSimple DNS Authenticator plugin for Certbot
py37-certbot-dns-dnsmadeeasy-1.0.0 DNS Made Easy DNS Authenticator plugin for Certbot
py37-certbot-dns-gehirn-1.0.0  Gehirn Infrastructure Service DNS Authenticator plugin for Certbot
py37-certbot-dns-google-1.0.0  Google Cloud DNS Authenticator plugin for Certbot
py37-certbot-dns-linode-1.0.0  Linode DNS Authenticator plugin for Certbot
py37-certbot-dns-luadns-1.0.0  LuaDNS Authenticator plugin for Certbot
py37-certbot-dns-nsone-1.0.0   NS1 DNS Authenticator plugin for Certbot
py37-certbot-dns-ovh-1.0.0     OVH DNS Authenticator plugin for Certbot
py37-certbot-dns-rfc2136-1.0.0 RFC 2136 DNS Authenticator plugin for Certbot
py37-certbot-dns-route53-1.0.0 Route53 DNS Authenticator plugin for Certbot
py37-certbot-dns-sakuracloud-1.0.0 Sakura Cloud DNS Authenticator plugin for Certbot
py37-certbot-nginx-1.0.0       NGINX plugin for Certbot
root@ws1:/usr/home/xaxa #

Устанавливаем py37-certbot

root@cloud:/usr/ports/security/py-certbot # pkg install py37-certbot
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 13 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        py37-certbot: 1.0.0,1
        py37-distro: 1.4.0_1
        py37-josepy: 1.2.0
        py37-acme: 1.0.0,1
        py37-requests-toolbelt: 0.8.0_1
        py37-pytz: 2019.3,1
        py37-pyrfc3339: 1.1
        py37-zope.interface: 4.6.0
        py37-zope.component: 4.2.2
        py37-zope.event: 4.1.0
        py37-parsedatetime: 2.5
        py37-configobj: 5.0.6_1
        py37-configargparse: 1.0

Number of packages to be installed: 13

The process will require 15 MiB more space.
5 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/13] Fetching py37-certbot-1.0.0,1.txz: 100%  280 KiB 286.6kB/s    00:01
[2/13] Fetching py37-distro-1.4.0_1.txz: 100%   23 KiB  23.1kB/s    00:01
[3/13] Fetching py37-josepy-1.2.0.txz: 100%   74 KiB  75.3kB/s    00:01
[4/13] Fetching py37-acme-1.0.0,1.txz: 100%   58 KiB  59.8kB/s    00:01
[5/13] Fetching py37-requests-toolbelt-0.8.0_1.txz: 100%    4 MiB 123.2kB/s    00:38
[6/13] Fetching py37-pytz-2019.3,1.txz: 100%  157 KiB 160.3kB/s    00:01
[7/13] Fetching py37-pyrfc3339-1.1.txz: 100%    8 KiB   8.1kB/s    00:01
[8/13] Fetching py37-zope.interface-4.6.0.txz: 100%  192 KiB 196.3kB/s    00:01
[9/13] Fetching py37-zope.component-4.2.2.txz: 100%   91 KiB  93.7kB/s    00:01
[10/13] Fetching py37-zope.event-4.1.0.txz: 100%    8 KiB   7.8kB/s    00:01
[11/13] Fetching py37-parsedatetime-2.5.txz: 100%   57 KiB  58.5kB/s    00:01
[12/13] Fetching py37-configobj-5.0.6_1.txz: 100%   51 KiB  52.1kB/s    00:01
[13/13] Fetching py37-configargparse-1.0.txz: 100%   24 KiB  25.0kB/s    00:01
Checking integrity... done (2 conflicting)
  - py37-distro-1.4.0_1 conflicts with py36-distro-1.4.0_1 on /usr/local/bin/distro
  - py37-josepy-1.2.0 conflicts with py36-josepy-1.2.0 on /usr/local/bin/jws
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 15 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
        py36-josepy-1.2.0
        py36-distro-1.4.0_1

New packages to be INSTALLED:
        py37-pytz: 2019.3,1
        py37-josepy: 1.2.0
        py37-requests-toolbelt: 0.8.0_1
        py37-pyrfc3339: 1.1
        py37-zope.interface: 4.6.0
        py37-zope.event: 4.1.0
        py37-distro: 1.4.0_1
        py37-acme: 1.0.0,1
        py37-zope.component: 4.2.2
        py37-parsedatetime: 2.5
        py37-configobj: 5.0.6_1
        py37-configargparse: 1.0
        py37-certbot: 1.0.0,1

Number of packages to be removed: 2
Number of packages to be installed: 13

The process will require 15 MiB more space.

Proceed with this action? [y/N]: y
[1/15] Deinstalling py36-josepy-1.2.0...
[1/15] Deleting files for py36-josepy-1.2.0: 100%
[2/15] Deinstalling py36-distro-1.4.0_1...
[2/15] Deleting files for py36-distro-1.4.0_1: 100%
[3/15] Installing py37-pytz-2019.3,1...
[3/15] Extracting py37-pytz-2019.3,1: 100%
[4/15] Installing py37-josepy-1.2.0...
[4/15] Extracting py37-josepy-1.2.0: 100%
[5/15] Installing py37-requests-toolbelt-0.8.0_1...
[5/15] Extracting py37-requests-toolbelt-0.8.0_1: 100%
[6/15] Installing py37-pyrfc3339-1.1...
[6/15] Extracting py37-pyrfc3339-1.1: 100%
[7/15] Installing py37-zope.interface-4.6.0...
[7/15] Extracting py37-zope.interface-4.6.0: 100%
[8/15] Installing py37-zope.event-4.1.0...
[8/15] Extracting py37-zope.event-4.1.0: 100%
[9/15] Installing py37-distro-1.4.0_1...
[9/15] Extracting py37-distro-1.4.0_1: 100%
[10/15] Installing py37-acme-1.0.0,1...
[10/15] Extracting py37-acme-1.0.0,1: 100%
[11/15] Installing py37-zope.component-4.2.2...
[11/15] Extracting py37-zope.component-4.2.2: 100%
[12/15] Installing py37-parsedatetime-2.5...
[12/15] Extracting py37-parsedatetime-2.5: 100%
[13/15] Installing py37-configobj-5.0.6_1...
[13/15] Extracting py37-configobj-5.0.6_1: 100%
[14/15] Installing py37-configargparse-1.0...
[14/15] Extracting py37-configargparse-1.0: 100%
[15/15] Installing py37-certbot-1.0.0,1...
[15/15] Extracting py37-certbot-1.0.0,1: 100%
=====
Message from py37-certbot-1.0.0,1:

--
This port installs the "standalone" client only, which does not use and
is not the certbot-auto bootstrap/wrapper script.

The simplest form of usage to obtain certificates is:

 # sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]>

NOTE:

The client requires the ability to bind on TCP port 80 or 443 (depending
on the --preferred-challenges option used). If a server is running on that
port, it will need to be temporarily stopped so that the standalone server
can listen on that port to complete the challenge authentication process.

For more information on the 'standalone' mode, see:

  https://certbot.eff.org/docs/using.html#standalone

The certbot plugins to support apache and nginx certificate installation
will be made available in the following ports:

 * Apache plugin: security/py-certbot-apache
 * Nginx plugin: security/py-certbot-nginx

In order to automatically renew the certificates, add this line to
/etc/periodic.conf:

    weekly_certbot_enable="YES"
root@cloud:/usr/ports/security/py-certbot #

Пробуем генерировать новый сертификат

root@cloud:/usr/ports/security/py-certbot # certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/webseit.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The requested nginx plugin does not appear to be installed
Attempting to renew cert (webseit.com) from /usr/local/etc/letsencrypt/renewal/webseit.com.conf produced an unexpected error: The requested nginx plugin does not appear to be installed. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /usr/local/etc/letsencrypt/live/webseit.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /usr/local/etc/letsencrypt/live/webseit.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
root@cloud:/usr/ports/security/py-certbot #

Устанавливаем дополнение для nginx

root@cloud:/usr/ports/security/py-certbot # pkg install py37-certbot-nginx
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        py37-certbot-nginx: 1.0.0
        py37-pyparsing: 2.4.6
        py37-mock: 3.0.5

Number of packages to be installed: 3

The process will require 1 MiB more space.
213 KiB to be downloaded.

Proceed with this action? [y/N]: y
[1/3] Fetching py37-certbot-nginx-1.0.0.txz: 100%   63 KiB  64.8kB/s    00:01
[2/3] Fetching py37-pyparsing-2.4.6.txz: 100%  108 KiB 110.4kB/s    00:01
[3/3] Fetching py37-mock-3.0.5.txz: 100%   42 KiB  42.6kB/s    00:01
Checking integrity... done (0 conflicting)
[1/3] Installing py37-pyparsing-2.4.6...
[1/3] Extracting py37-pyparsing-2.4.6: 100%
[2/3] Installing py37-mock-3.0.5...
[2/3] Extracting py37-mock-3.0.5: 100%
[3/3] Installing py37-certbot-nginx-1.0.0...
[3/3] Extracting py37-certbot-nginx-1.0.0: 100%
root@cloud:/usr/ports/security/py-certbot # certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /usr/local/etc/letsencrypt/renewal/webseit.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for xaxa.ddns.net
nginx: [warn] conflicting server name "webseit.com" on [::]:443, ignored
nginx: [warn] conflicting server name "webseit.com" on 0.0.0.0:443, ignored
Waiting for verification...
Cleaning up challenges
nginx: [warn] conflicting server name "webseit.com" on [::]:443, ignored
nginx: [warn] conflicting server name "webseit.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "webseit.com" on [::]:443, ignored
nginx: [warn] conflicting server name "webseit.comt" on 0.0.0.0:443, ignored

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/usr/local/etc/letsencrypt/live/webseit.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /usr/local/etc/letsencrypt/live/webseit.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@cloud:/usr/ports/security/py-certbot #

Теперь сертификат работает без ошибок

Помогла статья? Есть возможность отблагодарить автора

Читайте также:

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *