準備
80番ポートを開放していること
バックアップをとる
$ cp -pr /etc/letsencrypt/ /etc/letsencrypt.20230701
SSL証明書更新 (dry-run)
$ sudo certbot renew –webroot -w /var/www/html/wordpress01 –dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/stonehills.tokyo.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer None Simulating renewal of an existing certificate for stonehills.tokyo Performing the following challenges: http-01 challenge for stonehills.tokyo Using the webroot path /var/www/html/wordpress01 for all unmatched domains. Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed without reload, fullchain is /etc/letsencrypt/live/stonehills.tokyo/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all simulated renewals succeeded: /etc/letsencrypt/live/stonehills.tokyo/fullchain.pem (success)
SSL証明書更新
$ sudo certbot renew –webroot -w /var/www/html/wordpress01
Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/stonehills.tokyo.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator webroot, Installer None Renewing an existing certificate for stonehills.tokyo Performing the following challenges: http-01 challenge for stonehills.tokyo Using the webroot path /var/www/html/wordpress01 for all unmatched domains. Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed without reload, fullchain is /etc/letsencrypt/live/stonehills.tokyo/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded: /etc/letsencrypt/live/stonehills.tokyo/fullchain.pem (success)
$ sudo systemctl restart apache2
ブラウザから、SSL証明書の更新日が変更されていることを確認する
Cronに登録した
$ cronta -e
これは毎月1日午前1時に証明書更新する場合
0 1 01 * * sudo certbot renew --webroot -w /var/www/html/wordpress01 0 2 01 * * sudo systemctl restart apache2
