2017年4月28日にLet’s Encryptの証明書を取得して、現在はsmtps,pop3s,imapsに利用しています。
証明書有効期限が3ヶ月なので、毎日cronで更新処理を実施していますが、以前ログを確認したところ6月28日に更新処理が行われていました。
証明書有効期限1ヶ月前から更新出来るようなので、実質2ヶ月毎に更新されますね。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
Jun 28 02:33:15 hostname systemd[1]: Starting Renew Let's Encrypt certificates... Jun 28 02:33:19 hostname certbot-auto[8091]: Saving debug log to /var/log/letsencrypt/letsencrypt.log Jun 28 02:33:19 hostname certbot-auto[8091]: Cert is due for renewal, auto-renewing... Jun 28 02:33:20 hostname certbot-auto[8091]: Renewing an existing certificate Jun 28 02:33:21 hostname certbot-auto[8091]: Performing the following challenges: Jun 28 02:33:21 hostname certbot-auto[8091]: http-01 challenge for YourDomain Jun 28 02:33:21 hostname certbot-auto[8091]: Waiting for verification... Jun 28 02:33:25 hostname certbot-auto[8091]: Cleaning up challenges Jun 28 02:33:27 hostname certbot-auto[8091]: Running renew-hook command: /bin/systemctl restart postfix Jun 28 02:33:29 hostname certbot-auto[8091]: ------------------------------------------------------------------------------- Jun 28 02:33:29 hostname certbot-auto[8091]: Processing /etc/letsencrypt/renewal/YourDomain.conf Jun 28 02:33:29 hostname certbot-auto[8091]: ------------------------------------------------------------------------------- Jun 28 02:33:29 hostname certbot-auto[8091]: ------------------------------------------------------------------------------- Jun 28 02:33:29 hostname certbot-auto[8091]: new certificate deployed without reload, fullchain is Jun 28 02:33:29 hostname certbot-auto[8091]: /etc/letsencrypt/live/YourDomain/fullchain.pem Jun 28 02:33:29 hostname certbot-auto[8091]: ------------------------------------------------------------------------------- Jun 28 02:33:29 hostname certbot-auto[8091]: Congratulations, all renewals succeeded. The following certs have been renewed: Jun 28 02:33:29 hostname certbot-auto[8091]: /etc/letsencrypt/live/YourDomain/fullchain.pem (success) Jun 28 02:33:29 hostname systemd[1]: Started Renew Let's Encrypt certificates. |
/var/log/messageにはrenew-hookで指定したコマンドも実行されているのが確認できました。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
Jun 28 02:33:15 hostname systemd: Starting Renew Let's Encrypt certificates... Jun 28 02:33:19 hostname certbot-auto: Saving debug log to /var/log/letsencrypt/letsencrypt.log Jun 28 02:33:19 hostname certbot-auto: Cert is due for renewal, auto-renewing... Jun 28 02:33:20 hostname certbot-auto: Renewing an existing certificate Jun 28 02:33:21 hostname certbot-auto: Performing the following challenges: Jun 28 02:33:21 hostname certbot-auto: http-01 challenge for YourDomain Jun 28 02:33:21 hostname certbot-auto: Waiting for verification... Jun 28 02:33:25 hostname certbot-auto: Cleaning up challenges Jun 28 02:33:27 hostname certbot-auto: Running renew-hook command: /bin/systemctl restart postfix Jun 28 02:33:27 hostname systemd: Stopping Postfix Mail Trahostnameport Agent... Jun 28 02:33:28 hostname systemd: Starting Postfix Mail Trahostnameport Agent... Jun 28 02:33:29 hostname systemd: Started Postfix Mail Trahostnameport Agent. Jun 28 02:33:29 hostname certbot-auto: ------------------------------------------------------------------------------- Jun 28 02:33:29 hostname certbot-auto: Processing /etc/letsencrypt/renewal/YourDomain.conf Jun 28 02:33:29 hostname certbot-auto: ------------------------------------------------------------------------------- Jun 28 02:33:29 hostname certbot-auto: ------------------------------------------------------------------------------- Jun 28 02:33:29 hostname certbot-auto: new certificate deployed without reload, fullchain is Jun 28 02:33:29 hostname certbot-auto: /etc/letsencrypt/live/YourDomain/fullchain.pem Jun 28 02:33:29 hostname certbot-auto: ------------------------------------------------------------------------------- Jun 28 02:33:29 hostname certbot-auto: Congratulatiohostname, all renewals succeeded. The following certs have been renewed: Jun 28 02:33:29 hostname certbot-auto: /etc/letsencrypt/live/YourDomain/fullchain.pem (success) Jun 28 02:33:29 hostname systemd: Started Renew Let's Encrypt certificates. Jun 28 02:33:29 hostname systemd: Adding 25min 21.238500s random time. Jun 28 02:33:29 hostname systemd: Adding 36min 5.986365s random time. |
しかしpop3s,imapsでも利用しているので、これはDovecotも再起動する必要があるのかも…
下記を参考に現状のスクリプトを修正してみました。
LetsEncrypt certbot multiple renew-hooks
https://stackoverflow.com/questions/42300579/letsencrypt-certbot-multiple-renew-hooks
1 2 3 4 5 6 7 |
[Unit] Description=Renew Let's Encrypt certificates [Service] Type=oneshot # check for renewal, only start/stop nginx if certs need to be renewed ExecStart=/usr/local/bin/letsencrypt/certbot-auto renew --renew-hook "/bin/systemctl restart postfix" --renew-hook "/bin/systemctl restart dovecot" --renew-hook "mail -s \"CERTBOT Renewals\" admin@rootlinks.net" |
8月28日に更新されると思うのでまた確認してみます。