Let’s Encrypt 인증서 갱신

운영환경

  • CentOS 7
  • NginX
  • certbot 0.21.1

인증서 갱신하기

명령어 실행

아래와 같이 인증서 갱신 명령어를 실행합니다.

certbot renew

정상적으로 실행시 아래와 같은 메시지가 출력됩니다.

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/storage.beany.co.kr.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for storage.beany.co.kr
Waiting for verification...
Cleaning up challenges

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/storage.beany.co.kr/fullchain.pem
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/beany.co.kr.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for beany.co.kr
Waiting for verification...
Cleaning up challenges

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/beany.co.kr/fullchain.pem
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/storage.beany.co.kr/fullchain.pem (success)
  /etc/letsencrypt/live/beany.co.kr/fullchain.pem (success)
-------------------------------------------------------------------------------

NginX 서비스 재기동

Nginx 서비스를 재실행합니다.

systemctl start nginx.service

오류 발생시

인증서 갱신시 NginX 서비스가 실행중이면 아래와 같이 오류가 출력된다.

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/storage.beany.co.kr.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for storage.beany.co.kr
Cleaning up challenges
Attempting to renew cert (storage.beany.co.kr) from /etc/letsencrypt/renewal/storage.beany.co.kr.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6.. Skipping.

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/beany.co.kr.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for beany.co.kr
Cleaning up challenges
Attempting to renew cert (beany.co.kr) from /etc/letsencrypt/renewal/beany.co.kr.conf produced an unexpected error: Problem binding to port 443: Could not bind to IPv4 or IPv6.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/storage.beany.co.kr/fullchain.pem (failure)
  /etc/letsencrypt/live/beany.co.kr/fullchain.pem (failure)

-------------------------------------------------------------------------------

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/storage.beany.co.kr/fullchain.pem (failure)
  /etc/letsencrypt/live/beany.co.kr/fullchain.pem (failure)
-------------------------------------------------------------------------------
2 renew failure(s), 0 parse failure(s)

아래의 명령을 실행하여 Nginx 서비스를 종료합니다.

systemctl stop nginx.service

위의 인증서 갱신 절차를 다시 실행합니다.

 

 

답글 남기기

이메일 주소는 공개되지 않습니다.

이 사이트는 스팸을 줄이는 아키스밋을 사용합니다. 댓글이 어떻게 처리되는지 알아보십시오.