letsencryptの証明書が期限切れ。対策は?

結論から言うと、新たに証明書を取り直すのが早い模様。

let’sencrypt communityにもそのような投稿がありました。
これがベストかはわからないが、私の場合はそれで解決しました。

経緯

  1. conohaのvpsにてkusanagiでブログを開設。
    kusanagiの構築手順に従って構築する中でletsencryptを導入、sslサーバ証明書を取得。
  2. 「証明書の期限切れるよ。忘れず更新してね」のリマインドメールに気づかず、ssl証明書が失効。
  3. 後からでも更新できるだろと高を括っていたらどうもそうでないらしい。
    意外と日本語の情報が見つからず苦労する。orz

状況

最初の構築時点でkusanagiのインストラクションに従って設定したため、下記のディレクトリ・ファイルは既にある状態だった。

# tree /usr/local/letsencrypt/
/usr/local/letsencrypt/
|-- acme
|   |-- acme
|   |   |-- challenges.py
|   |   |-- challenges_test.py
|   |   |-- client.py
|   |   |-- client_test.py
|   |   |-- crypto_util.py
|   |   |-- crypto_util_test.py
|   |   |-- errors.py
|   |   |-- errors_test.py
|   |   |-- fields.py
|   |   |-- fields_test.py
|   |   |-- __init__.py
|   |   |-- jose
|   |   |   |-- b64.py
|   |   |   |-- b64_test.py
|   |   |   |-- errors.py
|   |   |   |-- errors_test.py
|   |   |   |-- __init__.py
|   |   |   |-- interfaces.py
|   |   |   |-- interfaces_test.py
|   |   |   |-- json_util.py
|   |   |   |-- json_util_test.py
|   |   |   |-- jwa.py
|   |   |   |-- jwa_test.py
|   |   |   |-- jwk.py
|   |   |   |-- jwk_test.py
|   |   |   |-- jws.py
|   |   |   |-- jws_test.py
|   |   |   |-- util.py
|   |   |   `-- util_test.py
|   |   |-- jws.py
|   |   |-- jws_test.py
|   |   |-- messages.py
|   |   |-- messages_test.py
|   |   |-- standalone.py
|   |   |-- standalone_test.py
|   |   |-- testdata
|   |   |   |-- cert-100sans.pem
|   |   |   |-- cert.der
|   |   |   |-- cert-idnsans.pem
|   |   |   |-- cert.pem
|   |   |   |-- cert-san.pem
|   |   |   |-- csr-100sans.pem
|   |   |   |-- csr-6sans.pem
|   |   |   |-- csr.der
|   |   |   |-- csr-idnsans.pem
|   |   |   |-- csr-nosans.pem
|   |   |   |-- csr.pem
|   |   |   |-- csr-san.pem
|   |   |   |-- dsa512_key.pem
|   |   |   |-- README
|   |   |   |-- rsa1024_key.pem
|   |   |   |-- rsa2048_key.pem
|   |   |   |-- rsa256_key.pem
|   |   |   `-- rsa512_key.pem
|   |   |-- test_util.py
|   |   |-- util.py
|   |   `-- util_test.py
|   |-- docs
|   |   |-- api
|   |   |   |-- challenges.rst
|   |   |   |-- client.rst
|   |   |   |-- errors.rst
|   |   |   |-- fields.rst
|   |   |   |-- jose
|   |   |   |   |-- base64.rst
|   |   |   |   |-- errors.rst
|   |   |   |   |-- interfaces.rst
|   |   |   |   |-- json_util.rst
|   |   |   |   |-- jwa.rst
|   |   |   |   |-- jwk.rst
|   |   |   |   |-- jws.rst
|   |   |   |   `-- util.rst
|   |   |   |-- jose.rst
|   |   |   |-- messages.rst
|   |   |   |-- other.rst
|   |   |   `-- standalone.rst
|   |   |-- api.rst
|   |   |-- conf.py
|   |   |-- index.rst
|   |   |-- make.bat
|   |   |-- Makefile
|   |   |-- man
|   |   |   `-- jws.rst
|   |   |-- _static
|   |   `-- _templates
|   |-- examples
|   |   |-- example_client.py
|   |   `-- standalone
|   |       |-- localhost
|   |       |   |-- cert.pem -> ../../../acme/testdata/cert.pem
|   |       |   `-- key.pem -> ../../../acme/testdata/rsa512_key.pem
|   |       `-- README
|   |-- LICENSE.txt
|   |-- MANIFEST.in
|   |-- README.rst
|   |-- readthedocs.org.requirements.txt
|   |-- setup.cfg
|   `-- setup.py
|-- CHANGES.rst
|-- CONTRIBUTING.md
|-- docker-compose.yml
|-- Dockerfile
|-- Dockerfile-dev
|-- docs
|   |-- api
|   |   |-- account.rst
|   |   |-- achallenges.rst
|   |   |-- auth_handler.rst
|   |   |-- client.rst
|   |   |-- configuration.rst
|   |   |-- constants.rst
|   |   |-- continuity_auth.rst
|   |   |-- crypto_util.rst
|   |   |-- display.rst
|   |   |-- errors.rst
|   |   |-- index.rst
|   |   |-- interfaces.rst
|   |   |-- le_util.rst
|   |   |-- log.rst
|   |   |-- plugins
|   |   |   |-- common.rst
|   |   |   |-- disco.rst
|   |   |   |-- manual.rst
|   |   |   |-- standalone.rst
|   |   |   |-- util.rst
|   |   |   `-- webroot.rst
|   |   |-- proof_of_possession.rst
|   |   |-- reporter.rst
|   |   |-- reverter.rst
|   |   `-- storage.rst
|   |-- api.rst
|   |-- ciphers.rst
|   |-- conf.py
|   |-- contributing.rst
|   |-- index.rst
|   |-- intro.rst
|   |-- make.bat
|   |-- Makefile
|   |-- man
|   |   `-- letsencrypt.rst
|   |-- packaging.rst
|   |-- _static
|   `-- using.rst
|-- examples
|   |-- cli.ini
|   |-- dev-cli.ini
|   |-- generate-csr.sh
|   |-- openssl.cnf
|   `-- plugins
|       |-- letsencrypt_example_plugins.py
|       `-- setup.py
|-- letsencrypt
|   |-- account.py
|   |-- achallenges.py
|   |-- auth_handler.py
|   |-- client.py
|   |-- cli.py
|   |-- colored_logging.py
|   |-- configuration.py
|   |-- constants.py
|   |-- crypto_util.py
|   |-- display
|   |   |-- enhancements.py
|   |   |-- __init__.py
|   |   |-- ops.py
|   |   `-- util.py
|   |-- error_handler.py
|   |-- errors.py
|   |-- __init__.py
|   |-- interfaces.py
|   |-- le_util.py
|   |-- log.py
|   |-- main.py
|   |-- notify.py
|   |-- plugins
|   |   |-- common.py
|   |   |-- common_test.py
|   |   |-- disco.py
|   |   |-- disco_test.py
|   |   |-- __init__.py
|   |   |-- manual.py
|   |   |-- manual_test.py
|   |   |-- null.py
|   |   |-- null_test.py
|   |   |-- selection.py
|   |   |-- selection_test.py
|   |   |-- standalone.py
|   |   |-- standalone_test.py
|   |   |-- util.py
|   |   |-- util_test.py
|   |   |-- webroot.py
|   |   `-- webroot_test.py
|   |-- renewal.py
|   |-- reporter.py
|   |-- reverter.py
|   |-- storage.py
|   `-- tests
|       |-- account_test.py
|       |-- acme_util.py
|       |-- auth_handler_test.py
|       |-- client_test.py
|       |-- cli_test.py
|       |-- colored_logging_test.py
|       |-- configuration_test.py
|       |-- crypto_util_test.py
|       |-- display
|       |   |-- enhancements_test.py
|       |   |-- __init__.py
|       |   |-- ops_test.py
|       |   `-- util_test.py
|       |-- error_handler_test.py
|       |-- errors_test.py
|       |-- __init__.py
|       |-- le_util_test.py
|       |-- log_test.py
|       |-- notify_test.py
|       |-- reporter_test.py
|       |-- reverter_test.py
|       |-- storage_test.py
|       |-- testdata
|       |   |-- archive
|       |   |   `-- sample-renewal
|       |   |       |-- cert1.pem
|       |   |       |-- chain1.pem
|       |   |       |-- fullchain1.pem
|       |   |       `-- privkey1.pem
|       |   |-- cert.b64jose
|       |   |-- cert.der
|       |   |-- cert.pem
|       |   |-- cert-san.pem
|       |   |-- cli.ini
|       |   |-- csr-6sans.pem
|       |   |-- csr.der
|       |   |-- csr-nosans.pem
|       |   |-- csr.pem
|       |   |-- csr-san.der
|       |   |-- csr-san.pem
|       |   |-- dsa512_key.pem
|       |   |-- dsa_cert.pem
|       |   |-- live
|       |   |   `-- sample-renewal
|       |   |       |-- cert.pem -> ../../archive/sample-renewal/cert1.pem
|       |   |       |-- chain.pem -> ../../archive/sample-renewal/chain1.pem
|       |   |       |-- fullchain.pem -> ../../archive/sample-renewal/fullchain1.pem
|       |   |       `-- privkey.pem -> ../../archive/sample-renewal/privkey1.pem
|       |   |-- matching_cert.pem
|       |   |-- rsa256_key.pem
|       |   |-- rsa512_key_2.pem
|       |   |-- rsa512_key.pem
|       |   |-- sample-renewal-ancient.conf
|       |   |-- sample-renewal.conf
|       |   `-- webrootconftest.ini
|       `-- test_util.py
|-- letsencrypt-apache
|   |-- docs
|   |   |-- api
|   |   |   |-- augeas_configurator.rst
|   |   |   |-- configurator.rst
|   |   |   |-- display_ops.rst
|   |   |   |-- obj.rst
|   |   |   |-- parser.rst
|   |   |   `-- tls_sni_01.rst
|   |   |-- api.rst
|   |   |-- conf.py
|   |   |-- index.rst
|   |   |-- make.bat
|   |   |-- Makefile
|   |   |-- _static
|   |   `-- _templates
|   |-- letsencrypt_apache
|   |   |-- augeas_configurator.py
|   |   |-- augeas_lens
|   |   |   |-- httpd.aug
|   |   |   `-- README
|   |   |-- centos-options-ssl-apache.conf
|   |   |-- configurator.py
|   |   |-- constants.py
|   |   |-- display_ops.py
|   |   |-- __init__.py
|   |   |-- obj.py
|   |   |-- options-ssl-apache.conf
|   |   |-- parser.py
|   |   |-- tests
|   |   |   |-- apache-conf-files
|   |   |   |   |-- apache-conf-test
|   |   |   |   |-- failing
|   |   |   |   |   |-- ipv6-1143b.conf
|   |   |   |   |   |-- ipv6-1143.conf
|   |   |   |   |   |-- missing-double-quote-1724.conf
|   |   |   |   |   |-- multivhost-1093b.conf
|   |   |   |   |   `-- multivhost-1093.conf
|   |   |   |   |-- NEEDED.txt
|   |   |   |   `-- passing
|   |   |   |       |-- 1626-1531.conf
|   |   |   |       |-- anarcat-1531.conf
|   |   |   |       |-- drupal-errordocument-arg-1724.conf
|   |   |   |       |-- drupal-htaccess-1531.conf
|   |   |   |       |-- example-1755.conf
|   |   |   |       |-- example.conf
|   |   |   |       |-- example-ssl.conf
|   |   |   |       |-- finalize-1243.apache2.conf.txt
|   |   |   |       |-- finalize-1243.conf
|   |   |   |       |-- graphite-quote-1934.conf
|   |   |   |       |-- missing-quote-1724.conf
|   |   |   |       |-- modmacro-1385.conf
|   |   |   |       |-- owncloud-1264.conf
|   |   |   |       |-- README.modules
|   |   |   |       |-- rewrite-quote-1960.conf
|   |   |   |       |-- roundcube-1222.conf
|   |   |   |       |-- section-continuations-2525.conf
|   |   |   |       |-- semacode-1598.conf
|   |   |   |       |-- sslrequire-wordlist-1827.htaccess
|   |   |   |       `-- two-blocks-one-line-1693.conf
|   |   |   |-- augeas_configurator_test.py
|   |   |   |-- complex_parsing_test.py
|   |   |   |-- configurator_test.py
|   |   |   |-- constants_test.py
|   |   |   |-- display_ops_test.py
|   |   |   |-- __init__.py
|   |   |   |-- obj_test.py
|   |   |   |-- parser_test.py
|   |   |   |-- testdata
|   |   |   |   |-- complex_parsing
|   |   |   |   |   |-- apache2.conf
|   |   |   |   |   |-- conf-enabled
|   |   |   |   |   |   `-- dummy.conf
|   |   |   |   |   |-- test_fnmatch.conf
|   |   |   |   |   `-- test_variables.conf
|   |   |   |   `-- debian_apache_2_4
|   |   |   |       |-- default_vhost
|   |   |   |       |   |-- apache2
|   |   |   |       |   |   |-- apache2.conf
|   |   |   |       |   |   |-- conf-available
|   |   |   |       |   |   |   |-- other-vhosts-access-log.conf
|   |   |   |       |   |   |   |-- security.conf
|   |   |   |       |   |   |   `-- serve-cgi-bin.conf
|   |   |   |       |   |   |-- conf-enabled
|   |   |   |       |   |   |   |-- other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf
|   |   |   |       |   |   |   |-- security.conf -> ../conf-available/security.conf
|   |   |   |       |   |   |   `-- serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf
|   |   |   |       |   |   |-- envvars
|   |   |   |       |   |   |-- mods-available
|   |   |   |       |   |   |   |-- ssl.conf
|   |   |   |       |   |   |   `-- ssl.load
|   |   |   |       |   |   |-- ports.conf
|   |   |   |       |   |   |-- sites-available
|   |   |   |       |   |   |   |-- 000-default.conf
|   |   |   |       |   |   |   `-- default-ssl.conf
|   |   |   |       |   |   `-- sites-enabled
|   |   |   |       |   |       `-- 000-default.conf -> ../sites-available/000-default.conf
|   |   |   |       |   `-- sites
|   |   |   |       `-- multiple_vhosts
|   |   |   |           |-- apache2
|   |   |   |           |   |-- apache2.conf
|   |   |   |           |   |-- conf-available
|   |   |   |           |   |   |-- bad_conf_file.conf
|   |   |   |           |   |   |-- other-vhosts-access-log.conf
|   |   |   |           |   |   |-- security.conf
|   |   |   |           |   |   `-- serve-cgi-bin.conf
|   |   |   |           |   |-- conf-enabled
|   |   |   |           |   |   |-- other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf
|   |   |   |           |   |   |-- security.conf -> ../conf-available/security.conf
|   |   |   |           |   |   `-- serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf
|   |   |   |           |   |-- envvars
|   |   |   |           |   |-- mods-available
|   |   |   |           |   |   |-- authz_svn.load
|   |   |   |           |   |   |-- dav.load
|   |   |   |           |   |   |-- dav_svn.conf
|   |   |   |           |   |   |-- dav_svn.load
|   |   |   |           |   |   |-- rewrite.load
|   |   |   |           |   |   |-- ssl.conf
|   |   |   |           |   |   `-- ssl.load
|   |   |   |           |   |-- mods-enabled
|   |   |   |           |   |   |-- authz_svn.load -> ../mods-available/authz_svn.load
|   |   |   |           |   |   |-- dav.load -> ../mods-available/dav.load
|   |   |   |           |   |   |-- dav_svn.conf -> ../mods-available/dav_svn.conf
|   |   |   |           |   |   `-- dav_svn.load -> ../mods-available/dav_svn.load
|   |   |   |           |   |-- ports.conf
|   |   |   |           |   |-- sites-available
|   |   |   |           |   |   |-- 000-default.conf
|   |   |   |           |   |   |-- default-ssl.conf
|   |   |   |           |   |   |-- default-ssl-port-only.conf
|   |   |   |           |   |   |-- encryption-example.conf
|   |   |   |           |   |   |-- letsencrypt.conf
|   |   |   |           |   |   |-- mod_macro-example.conf
|   |   |   |           |   |   `-- wildcard.conf
|   |   |   |           |   `-- sites-enabled
|   |   |   |           |       |-- 000-default.conf -> ../sites-available/000-default.conf
|   |   |   |           |       |-- encryption-example.conf -> ../sites-available/encryption-example.conf
|   |   |   |           |       |-- letsencrypt.conf -> ../sites-available/letsencrypt.conf
|   |   |   |           |       `-- mod_macro-example.conf -> ../sites-available/mod_macro-example.conf
|   |   |   |           `-- sites
|   |   |   |-- tls_sni_01_test.py
|   |   |   `-- util.py
|   |   `-- tls_sni_01.py
|   |-- LICENSE.txt
|   |-- MANIFEST.in
|   |-- README.rst
|   |-- readthedocs.org.requirements.txt
|   `-- setup.py
|-- letsencrypt-auto
|-- letsencrypt-auto-source
|   |-- build.py
|   |-- Dockerfile
|   |-- letsencrypt-auto
|   |-- letsencrypt-auto.sig
|   |-- letsencrypt-auto.template
|   |-- pieces
|   |   |-- bootstrappers
|   |   |   |-- arch_common.sh
|   |   |   |-- deb_common.sh
|   |   |   |-- free_bsd.sh
|   |   |   |-- gentoo_common.sh
|   |   |   |-- mac.sh
|   |   |   |-- rpm_common.sh
|   |   |   `-- suse_common.sh
|   |   |-- fetch.py
|   |   |-- letsencrypt-auto-requirements.txt
|   |   `-- pipstrap.py
|   `-- tests
|       |-- auto_test.py
|       |-- certs
|       |   |-- ca
|       |   |   |-- my-root-ca.crt.pem
|       |   |   |-- my-root-ca.key.pem
|       |   |   `-- my-root-ca.srl
|       |   `-- localhost
|       |       |-- cert.pem
|       |       |-- localhost.csr.pem
|       |       |-- privkey.pem
|       |       `-- server.pem
|       |-- fake-letsencrypt
|       |   |-- dist
|       |   |   `-- letsencrypt-99.9.9.tar.gz
|       |   |-- letsencrypt.py
|       |   `-- setup.py
|       |-- __init__.py
|       `-- signing.key
|-- letsencrypt-compatibility-test
|   |-- docs
|   |   |-- api
|   |   |   `-- index.rst
|   |   |-- api.rst
|   |   |-- conf.py
|   |   |-- index.rst
|   |   |-- make.bat
|   |   |-- Makefile
|   |   |-- _static
|   |   `-- _templates
|   |-- letsencrypt_compatibility_test
|   |   |-- configurators
|   |   |   |-- apache
|   |   |   |   |-- a2dismod.sh
|   |   |   |   |-- a2enmod.sh
|   |   |   |   |-- apache24.py
|   |   |   |   |-- common.py
|   |   |   |   |-- Dockerfile
|   |   |   |   `-- __init__.py
|   |   |   |-- common.py
|   |   |   `-- __init__.py
|   |   |-- errors.py
|   |   |-- __init__.py
|   |   |-- interfaces.py
|   |   |-- testdata
|   |   |   |-- configs.tar.gz
|   |   |   |-- empty_cert.pem
|   |   |   |-- rsa1024_key2.pem
|   |   |   `-- rsa1024_key.pem
|   |   |-- test_driver.py
|   |   |-- util.py
|   |   |-- validator.py
|   |   `-- validator_test.py
|   |-- LICENSE.txt
|   |-- MANIFEST.in
|   |-- README.rst
|   |-- readthedocs.org.requirements.txt
|   `-- setup.py
|-- letsencrypt-nginx
|   |-- docs
|   |   |-- api
|   |   |   |-- nginxparser.rst
|   |   |   |-- obj.rst
|   |   |   |-- parser.rst
|   |   |   `-- tls_sni_01.rst
|   |   |-- api.rst
|   |   |-- conf.py
|   |   |-- index.rst
|   |   |-- make.bat
|   |   |-- Makefile
|   |   |-- _static
|   |   `-- _templates
|   |-- letsencrypt_nginx
|   |   |-- configurator.py
|   |   |-- constants.py
|   |   |-- __init__.py
|   |   |-- nginxparser.py
|   |   |-- obj.py
|   |   |-- options-ssl-nginx.conf
|   |   |-- parser.py
|   |   |-- tests
|   |   |   |-- configurator_test.py
|   |   |   |-- __init__.py
|   |   |   |-- nginxparser_test.py
|   |   |   |-- obj_test.py
|   |   |   |-- parser_test.py
|   |   |   |-- testdata
|   |   |   |   `-- etc_nginx
|   |   |   |       |-- broken.conf
|   |   |   |       |-- edge_cases.conf
|   |   |   |       |-- foo.conf
|   |   |   |       |-- mime.types
|   |   |   |       |-- minimalistic_comments.conf
|   |   |   |       |-- minimalistic_comments.new.conf
|   |   |   |       |-- nginx.conf
|   |   |   |       |-- nginx.new.conf
|   |   |   |       |-- server.conf
|   |   |   |       |-- sites-enabled
|   |   |   |       |   |-- default
|   |   |   |       |   `-- example.com
|   |   |   |       `-- ubuntu_nginx_1_4_6
|   |   |   |           `-- default_vhost
|   |   |   |               `-- nginx
|   |   |   |                   |-- fastcgi_params
|   |   |   |                   |-- koi-utf
|   |   |   |                   |-- koi-win
|   |   |   |                   |-- mime.types
|   |   |   |                   |-- naxsi_core.rules
|   |   |   |                   |-- naxsi.rules
|   |   |   |                   |-- naxsi-ui.conf.1.4.1
|   |   |   |                   |-- nginx.conf
|   |   |   |                   |-- proxy_params
|   |   |   |                   |-- scgi_params
|   |   |   |                   |-- sites-available
|   |   |   |                   |   `-- default
|   |   |   |                   |-- sites-enabled
|   |   |   |                   |   `-- default -> ../sites-available/default
|   |   |   |                   |-- uwsgi_params
|   |   |   |                   `-- win-utf
|   |   |   |-- tls_sni_01_test.py
|   |   |   `-- util.py
|   |   `-- tls_sni_01.py
|   |-- LICENSE.txt
|   |-- MANIFEST.in
|   |-- README.rst
|   |-- readthedocs.org.requirements.txt
|   |-- setup.py
|   `-- tests
|       |-- boulder-integration.conf.sh
|       `-- boulder-integration.sh
|-- letshelp-letsencrypt
|   |-- docs
|   |   |-- api
|   |   |   `-- index.rst
|   |   |-- api.rst
|   |   |-- conf.py
|   |   |-- index.rst
|   |   |-- make.bat
|   |   |-- Makefile
|   |   |-- _static
|   |   `-- _templates
|   |-- letshelp_letsencrypt
|   |   |-- apache.py
|   |   |-- apache_test.py
|   |   |-- __init__.py
|   |   `-- testdata
|   |       |-- mods-available
|   |       |   `-- ssl.load
|   |       |-- mods-enabled
|   |       |   `-- ssl.load -> ../mods-available/ssl.load
|   |       |-- super_secret_file.txt
|   |       |-- uncommonly_named_k3y
|   |       `-- uncommonly_named_p4sswd
|   |-- LICENSE.txt
|   |-- MANIFEST.in
|   |-- README.rst
|   |-- readthedocs.org.requirements.txt
|   `-- setup.py
|-- LICENSE.txt
|-- linter_plugin.py
|-- MANIFEST.in
|-- pep8.travis.sh
|-- README.rst
|-- readthedocs.org.requirements.txt
|-- setup.cfg
|-- setup.py
|-- tests
|   |-- boulder-fetch.sh
|   |-- boulder-integration.sh
|   |-- boulder-start.sh
|   |-- display.py
|   |-- integration
|   |   `-- _common.sh
|   |-- letstest
|   |   |-- apache2_targets.yaml
|   |   |-- multitester.py
|   |   |-- README.md
|   |   |-- scripts
|   |   |   |-- boulder_config.sh
|   |   |   |-- boulder_install.sh
|   |   |   |-- test_apache2.sh
|   |   |   |-- test_leauto_upgrades.sh
|   |   |   |-- test_letsencrypt_auto_certonly_standalone.sh
|   |   |   |-- test_letsencrypt_auto_venv_only.sh
|   |   |   |-- test_renew_standalone.sh
|   |   |   `-- test_tox.sh
|   |   `-- targets.yaml
|   |-- mac-bootstrap.sh
|   `-- travis-integration.sh
|-- tools
|   |-- deps.sh
|   |-- eff-pubkey.pem
|   |-- half-sign.c
|   |-- offline-sigrequest.sh
|   |-- release.sh
|   |-- venv3.sh
|   |-- _venv_common.sh
|   `-- venv.sh
|-- tox.cover.sh
|-- tox.ini
`-- Vagrantfile

108 directories, 514 files
# tree /etc/letsencrypt
/etc/letsencrypt
|-- accounts
|   `-- acme-v01.api.letsencrypt.org
|       `-- directory
|           `-- 61d6ccc841c628d0d422e8d94ee8866c
|               |-- meta.json
|               |-- private_key.json
|               `-- regr.json
|-- archive
|   `-- binfish.jp
|       |-- cert1.pem
|       |-- chain1.pem
|       |-- fullchain1.pem
|       `-- privkey1.pem
|-- csr
|   |-- 0000_csr-certbot.pem
|   `-- 0000_csr-letsencrypt.pem
|-- keys
|   |-- 0000_key-certbot.pem
|   `-- 0000_key-letsencrypt.pem
|-- live
|   `-- binfish.jp
|       |-- cert.pem -> ../../archive/binfish.jp/cert1.pem
|       |-- chain.pem -> ../../archive/binfish.jp/chain1.pem
|       |-- fullchain.pem -> ../../archive/binfish.jp/fullchain1.pem
|       |-- privkey.pem -> ../../archive/binfish.jp/privkey1.pem
|       `-- scts
|           |-- aviator.sct
|           |-- pilot.sct
|           `-- rocketeer.sct
`-- renewal
    `-- binfish.jp.conf

12 directories, 19 files
# tree /usr/local/certbot/
/usr/local/certbot/
|-- acme
|   |-- acme
|   |   |-- challenges.py
|   |   |-- challenges_test.py
|   |   |-- client.py
|   |   |-- client_test.py
|   |   |-- crypto_util.py
|   |   |-- crypto_util_test.py
|   |   |-- dns_resolver.py
|   |   |-- dns_resolver_test.py
|   |   |-- errors.py
|   |   |-- errors_test.py
|   |   |-- fields.py
|   |   |-- fields_test.py
|   |   |-- __init__.py
|   |   |-- jose
|   |   |   |-- b64.py
|   |   |   |-- b64_test.py
|   |   |   |-- errors.py
|   |   |   |-- errors_test.py
|   |   |   |-- __init__.py
|   |   |   |-- interfaces.py
|   |   |   |-- interfaces_test.py
|   |   |   |-- json_util.py
|   |   |   |-- json_util_test.py
|   |   |   |-- jwa.py
|   |   |   |-- jwa_test.py
|   |   |   |-- jwk.py
|   |   |   |-- jwk_test.py
|   |   |   |-- jws.py
|   |   |   |-- jws_test.py
|   |   |   |-- util.py
|   |   |   `-- util_test.py
|   |   |-- jws.py
|   |   |-- jws_test.py
|   |   |-- messages.py
|   |   |-- messages_test.py
|   |   |-- standalone.py
|   |   |-- standalone_test.py
|   |   |-- testdata
|   |   |   |-- cert-100sans.pem
|   |   |   |-- cert.der
|   |   |   |-- cert-idnsans.pem
|   |   |   |-- cert.pem
|   |   |   |-- cert-san.pem
|   |   |   |-- csr-100sans.pem
|   |   |   |-- csr-6sans.pem
|   |   |   |-- csr.der
|   |   |   |-- csr-idnsans.pem
|   |   |   |-- csr-nosans.pem
|   |   |   |-- csr.pem
|   |   |   |-- csr-san.pem
|   |   |   |-- dsa512_key.pem
|   |   |   |-- README
|   |   |   |-- rsa1024_key.pem
|   |   |   |-- rsa2048_key.pem
|   |   |   |-- rsa256_key.pem
|   |   |   `-- rsa512_key.pem
|   |   |-- test_util.py
|   |   |-- util.py
|   |   `-- util_test.py
|   |-- docs
|   |   |-- api
|   |   |   |-- challenges.rst
|   |   |   |-- client.rst
|   |   |   |-- errors.rst
|   |   |   |-- fields.rst
|   |   |   |-- jose
|   |   |   |   |-- base64.rst
|   |   |   |   |-- errors.rst
|   |   |   |   |-- interfaces.rst
|   |   |   |   |-- json_util.rst
|   |   |   |   |-- jwa.rst
|   |   |   |   |-- jwk.rst
|   |   |   |   |-- jws.rst
|   |   |   |   `-- util.rst
|   |   |   |-- jose.rst
|   |   |   |-- messages.rst
|   |   |   |-- other.rst
|   |   |   `-- standalone.rst
|   |   |-- api.rst
|   |   |-- conf.py
|   |   |-- index.rst
|   |   |-- make.bat
|   |   |-- Makefile
|   |   |-- man
|   |   |   `-- jws.rst
|   |   |-- _static
|   |   `-- _templates
|   |-- examples
|   |   |-- example_client.py
|   |   `-- standalone
|   |       |-- localhost
|   |       |   |-- cert.pem -> ../../../acme/testdata/cert.pem
|   |       |   `-- key.pem -> ../../../acme/testdata/rsa512_key.pem
|   |       `-- README
|   |-- LICENSE.txt
|   |-- MANIFEST.in
|   |-- README.rst
|   |-- readthedocs.org.requirements.txt
|   |-- setup.cfg
|   `-- setup.py
|-- certbot
|   |-- account.py
|   |-- achallenges.py
|   |-- auth_handler.py
|   |-- client.py
|   |-- cli.py
|   |-- colored_logging.py
|   |-- configuration.py
|   |-- constants.py
|   |-- crypto_util.py
|   |-- display
|   |   |-- completer.py
|   |   |-- dummy_readline.py
|   |   |-- enhancements.py
|   |   |-- __init__.py
|   |   |-- ops.py
|   |   `-- util.py
|   |-- error_handler.py
|   |-- errors.py
|   |-- hooks.py
|   |-- __init__.py
|   |-- interfaces.py
|   |-- log.py
|   |-- main.py
|   |-- notify.py
|   |-- plugins
|   |   |-- common.py
|   |   |-- common_test.py
|   |   |-- disco.py
|   |   |-- disco_test.py
|   |   |-- __init__.py
|   |   |-- manual.py
|   |   |-- manual_test.py
|   |   |-- null.py
|   |   |-- null_test.py
|   |   |-- selection.py
|   |   |-- selection_test.py
|   |   |-- standalone.py
|   |   |-- standalone_test.py
|   |   |-- util.py
|   |   |-- util_test.py
|   |   |-- webroot.py
|   |   `-- webroot_test.py
|   |-- renewal.py
|   |-- reporter.py
|   |-- reverter.py
|   |-- storage.py
|   |-- tests
|   |   |-- account_test.py
|   |   |-- acme_util.py
|   |   |-- auth_handler_test.py
|   |   |-- client_test.py
|   |   |-- cli_test.py
|   |   |-- colored_logging_test.py
|   |   |-- configuration_test.py
|   |   |-- crypto_util_test.py
|   |   |-- display
|   |   |   |-- completer_test.py
|   |   |   |-- enhancements_test.py
|   |   |   |-- __init__.py
|   |   |   |-- ops_test.py
|   |   |   `-- util_test.py
|   |   |-- error_handler_test.py
|   |   |-- errors_test.py
|   |   |-- hook_test.py
|   |   |-- __init__.py
|   |   |-- log_test.py
|   |   |-- main_test.py
|   |   |-- notify_test.py
|   |   |-- reporter_test.py
|   |   |-- reverter_test.py
|   |   |-- storage_test.py
|   |   |-- testdata
|   |   |   |-- archive
|   |   |   |   `-- sample-renewal
|   |   |   |       |-- cert1.pem
|   |   |   |       |-- chain1.pem
|   |   |   |       |-- fullchain1.pem
|   |   |   |       `-- privkey1.pem
|   |   |   |-- cert-5sans.pem
|   |   |   |-- cert.b64jose
|   |   |   |-- cert.der
|   |   |   |-- cert.pem
|   |   |   |-- cert-san.pem
|   |   |   |-- cli.ini
|   |   |   |-- csr-6sans.pem
|   |   |   |-- csr.der
|   |   |   |-- csr-nonames.pem
|   |   |   |-- csr-nosans.pem
|   |   |   |-- csr.pem
|   |   |   |-- csr-san.der
|   |   |   |-- csr-san.pem
|   |   |   |-- dsa512_key.pem
|   |   |   |-- dsa_cert.pem
|   |   |   |-- live
|   |   |   |   `-- sample-renewal
|   |   |   |       |-- cert.pem -> ../../archive/sample-renewal/cert1.pem
|   |   |   |       |-- chain.pem -> ../../archive/sample-renewal/chain1.pem
|   |   |   |       |-- fullchain.pem -> ../../archive/sample-renewal/fullchain1.pem
|   |   |   |       `-- privkey.pem -> ../../archive/sample-renewal/privkey1.pem
|   |   |   |-- matching_cert.pem
|   |   |   |-- os-release
|   |   |   |-- rsa256_key.pem
|   |   |   |-- rsa512_key_2.pem
|   |   |   |-- rsa512_key.pem
|   |   |   |-- sample-renewal-ancient.conf
|   |   |   |-- sample-renewal.conf
|   |   |   `-- webrootconftest.ini
|   |   |-- test_util.py
|   |   `-- util_test.py
|   `-- util.py
|-- certbot-apache
|   |-- certbot_apache
|   |   |-- augeas_configurator.py
|   |   |-- augeas_lens
|   |   |   |-- httpd.aug
|   |   |   `-- README
|   |   |-- centos-options-ssl-apache.conf
|   |   |-- configurator.py
|   |   |-- constants.py
|   |   |-- display_ops.py
|   |   |-- __init__.py
|   |   |-- obj.py
|   |   |-- options-ssl-apache.conf
|   |   |-- parser.py
|   |   |-- tests
|   |   |   |-- apache-conf-files
|   |   |   |   |-- apache-conf-test
|   |   |   |   |-- failing
|   |   |   |   |   |-- missing-double-quote-1724.conf
|   |   |   |   |   |-- multivhost-1093b.conf
|   |   |   |   |   `-- multivhost-1093.conf
|   |   |   |   |-- NEEDED.txt
|   |   |   |   `-- passing
|   |   |   |       |-- 1626-1531.conf
|   |   |   |       |-- anarcat-1531.conf
|   |   |   |       |-- comment-continuations-2050.conf
|   |   |   |       |-- drupal-errordocument-arg-1724.conf
|   |   |   |       |-- drupal-htaccess-1531.conf
|   |   |   |       |-- escaped-space-arguments-2735.conf
|   |   |   |       |-- example-1755.conf
|   |   |   |       |-- example.conf
|   |   |   |       |-- example-ssl.conf
|   |   |   |       |-- finalize-1243.apache2.conf.txt
|   |   |   |       |-- finalize-1243.conf
|   |   |   |       |-- graphite-quote-1934.conf
|   |   |   |       |-- ipv6-1143b.conf
|   |   |   |       |-- ipv6-1143c.conf
|   |   |   |       |-- ipv6-1143.conf
|   |   |   |       |-- ipv6-1143d.conf
|   |   |   |       |-- missing-quote-1724.conf
|   |   |   |       |-- modmacro-1385.conf
|   |   |   |       |-- owncloud-1264.conf
|   |   |   |       |-- README.modules
|   |   |   |       |-- rewrite-quote-1960.conf
|   |   |   |       |-- roundcube-1222.conf
|   |   |   |       |-- section-continuations-2525.conf
|   |   |   |       |-- section-empty-continuations-2731.conf
|   |   |   |       |-- semacode-1598.conf
|   |   |   |       |-- sslrequire-wordlist-1827.htaccess
|   |   |   |       `-- two-blocks-one-line-1693.conf
|   |   |   |-- augeas_configurator_test.py
|   |   |   |-- complex_parsing_test.py
|   |   |   |-- configurator_test.py
|   |   |   |-- constants_test.py
|   |   |   |-- display_ops_test.py
|   |   |   |-- __init__.py
|   |   |   |-- obj_test.py
|   |   |   |-- parser_test.py
|   |   |   |-- testdata
|   |   |   |   |-- complex_parsing
|   |   |   |   |   |-- apache2.conf
|   |   |   |   |   |-- conf-enabled
|   |   |   |   |   |   `-- dummy.conf
|   |   |   |   |   |-- test_fnmatch.conf
|   |   |   |   |   `-- test_variables.conf
|   |   |   |   `-- debian_apache_2_4
|   |   |   |       |-- augeas_vhosts
|   |   |   |       |   |-- apache2
|   |   |   |       |   |   |-- apache2.conf
|   |   |   |       |   |   |-- conf-available
|   |   |   |       |   |   |   |-- bad_conf_file.conf
|   |   |   |       |   |   |   |-- other-vhosts-access-log.conf
|   |   |   |       |   |   |   |-- security.conf
|   |   |   |       |   |   |   `-- serve-cgi-bin.conf
|   |   |   |       |   |   |-- conf-enabled
|   |   |   |       |   |   |   |-- other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf
|   |   |   |       |   |   |   |-- security.conf -> ../conf-available/security.conf
|   |   |   |       |   |   |   `-- serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf
|   |   |   |       |   |   |-- envvars
|   |   |   |       |   |   |-- mods-available
|   |   |   |       |   |   |   |-- authz_svn.load
|   |   |   |       |   |   |   |-- dav.load
|   |   |   |       |   |   |   |-- dav_svn.conf
|   |   |   |       |   |   |   |-- dav_svn.load
|   |   |   |       |   |   |   |-- rewrite.load
|   |   |   |       |   |   |   |-- ssl.conf
|   |   |   |       |   |   |   `-- ssl.load
|   |   |   |       |   |   |-- mods-enabled
|   |   |   |       |   |   |   |-- authz_svn.load -> ../mods-available/authz_svn.load
|   |   |   |       |   |   |   |-- dav.load -> ../mods-available/dav.load
|   |   |   |       |   |   |   |-- dav_svn.conf -> ../mods-available/dav_svn.conf
|   |   |   |       |   |   |   `-- dav_svn.load -> ../mods-available/dav_svn.load
|   |   |   |       |   |   |-- ports.conf
|   |   |   |       |   |   |-- sites-available
|   |   |   |       |   |   |   `-- old,default.conf
|   |   |   |       |   |   `-- sites-enabled
|   |   |   |       |   |       `-- placeholder.conf
|   |   |   |       |   `-- sites
|   |   |   |       |-- default_vhost
|   |   |   |       |   |-- apache2
|   |   |   |       |   |   |-- apache2.conf
|   |   |   |       |   |   |-- conf-available
|   |   |   |       |   |   |   |-- other-vhosts-access-log.conf
|   |   |   |       |   |   |   |-- security.conf
|   |   |   |       |   |   |   `-- serve-cgi-bin.conf
|   |   |   |       |   |   |-- conf-enabled
|   |   |   |       |   |   |   |-- other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf
|   |   |   |       |   |   |   |-- security.conf -> ../conf-available/security.conf
|   |   |   |       |   |   |   `-- serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf
|   |   |   |       |   |   |-- envvars
|   |   |   |       |   |   |-- mods-available
|   |   |   |       |   |   |   |-- ssl.conf
|   |   |   |       |   |   |   `-- ssl.load
|   |   |   |       |   |   |-- ports.conf
|   |   |   |       |   |   |-- sites-available
|   |   |   |       |   |   |   |-- 000-default.conf
|   |   |   |       |   |   |   `-- default-ssl.conf
|   |   |   |       |   |   `-- sites-enabled
|   |   |   |       |   |       `-- 000-default.conf -> ../sites-available/000-default.conf
|   |   |   |       |   `-- sites
|   |   |   |       `-- multiple_vhosts
|   |   |   |           |-- apache2
|   |   |   |           |   |-- apache2.conf
|   |   |   |           |   |-- conf-available
|   |   |   |           |   |   |-- bad_conf_file.conf
|   |   |   |           |   |   |-- other-vhosts-access-log.conf
|   |   |   |           |   |   |-- security.conf
|   |   |   |           |   |   `-- serve-cgi-bin.conf
|   |   |   |           |   |-- conf-enabled
|   |   |   |           |   |   |-- other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf
|   |   |   |           |   |   |-- security.conf -> ../conf-available/security.conf
|   |   |   |           |   |   `-- serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf
|   |   |   |           |   |-- envvars
|   |   |   |           |   |-- mods-available
|   |   |   |           |   |   |-- authz_svn.load
|   |   |   |           |   |   |-- dav.load
|   |   |   |           |   |   |-- dav_svn.conf
|   |   |   |           |   |   |-- dav_svn.load
|   |   |   |           |   |   |-- rewrite.load
|   |   |   |           |   |   |-- ssl.conf
|   |   |   |           |   |   `-- ssl.load
|   |   |   |           |   |-- mods-enabled
|   |   |   |           |   |   |-- authz_svn.load -> ../mods-available/authz_svn.load
|   |   |   |           |   |   |-- dav.load -> ../mods-available/dav.load
|   |   |   |           |   |   |-- dav_svn.conf -> ../mods-available/dav_svn.conf
|   |   |   |           |   |   `-- dav_svn.load -> ../mods-available/dav_svn.load
|   |   |   |           |   |-- ports.conf
|   |   |   |           |   |-- sites-available
|   |   |   |           |   |   |-- 000-default.conf
|   |   |   |           |   |   |-- certbot.conf
|   |   |   |           |   |   |-- default-ssl.conf
|   |   |   |           |   |   |-- default-ssl-port-only.conf
|   |   |   |           |   |   |-- encryption-example.conf
|   |   |   |           |   |   |-- mod_macro-example.conf
|   |   |   |           |   |   |-- ocsp-ssl.conf
|   |   |   |           |   |   `-- wildcard.conf
|   |   |   |           |   `-- sites-enabled
|   |   |   |           |       |-- 000-default.conf -> ../sites-available/000-default.conf
|   |   |   |           |       |-- certbot.conf -> ../sites-available/certbot.conf
|   |   |   |           |       |-- encryption-example.conf -> ../sites-available/encryption-example.conf
|   |   |   |           |       |-- mod_macro-example.conf -> ../sites-available/mod_macro-example.conf
|   |   |   |           |       `-- ocsp-ssl.conf -> ../sites-available/ocsp-ssl.conf
|   |   |   |           `-- sites
|   |   |   |-- tls_sni_01_test.py
|   |   |   `-- util.py
|   |   `-- tls_sni_01.py
|   |-- docs
|   |   |-- api
|   |   |   |-- augeas_configurator.rst
|   |   |   |-- configurator.rst
|   |   |   |-- display_ops.rst
|   |   |   |-- obj.rst
|   |   |   |-- parser.rst
|   |   |   `-- tls_sni_01.rst
|   |   |-- api.rst
|   |   |-- conf.py
|   |   |-- index.rst
|   |   |-- make.bat
|   |   |-- Makefile
|   |   |-- _static
|   |   `-- _templates
|   |-- LICENSE.txt
|   |-- MANIFEST.in
|   |-- README.rst
|   |-- readthedocs.org.requirements.txt
|   `-- setup.py
|-- certbot-auto
|-- certbot-compatibility-test
|   |-- certbot_compatibility_test
|   |   |-- configurators
|   |   |   |-- apache
|   |   |   |   |-- common.py
|   |   |   |   `-- __init__.py
|   |   |   |-- common.py
|   |   |   |-- __init__.py
|   |   |   `-- nginx
|   |   |       |-- common.py
|   |   |       `-- __init__.py
|   |   |-- errors.py
|   |   |-- __init__.py
|   |   |-- interfaces.py
|   |   |-- testdata
|   |   |   |-- apache.tar.gz
|   |   |   |-- empty_cert.pem
|   |   |   |-- nginx.tar.gz
|   |   |   |-- rsa1024_key2.pem
|   |   |   `-- rsa1024_key.pem
|   |   |-- test_driver.py
|   |   |-- util.py
|   |   |-- validator.py
|   |   `-- validator_test.py
|   |-- Dockerfile
|   |-- Dockerfile-apache
|   |-- Dockerfile-nginx
|   |-- docs
|   |   |-- api
|   |   |   `-- index.rst
|   |   |-- api.rst
|   |   |-- conf.py
|   |   |-- index.rst
|   |   |-- make.bat
|   |   |-- Makefile
|   |   |-- _static
|   |   `-- _templates
|   |-- LICENSE.txt
|   |-- MANIFEST.in
|   |-- nginx
|   |   |-- nginx-roundtrip-testdata
|   |   |   |-- 79-configs
|   |   |   |   |-- site-10033
|   |   |   |   |-- site-10571
|   |   |   |   |-- site-10591
|   |   |   |   |-- site-10920
|   |   |   |   |-- site-10947
|   |   |   |   |-- site-11018
|   |   |   |   |-- site-11046
|   |   |   |   |-- site-11382
|   |   |   |   |-- site-1167
|   |   |   |   |-- site-11849
|   |   |   |   |-- site-12027
|   |   |   |   |-- site-12235
|   |   |   |   |-- site-12649
|   |   |   |   |-- site-13577
|   |   |   |   |-- site-14402
|   |   |   |   |-- site-14430
|   |   |   |   |-- site-15141
|   |   |   |   |-- site-15270
|   |   |   |   |-- site-15291
|   |   |   |   |-- site-15456
|   |   |   |   |-- site-15497
|   |   |   |   |-- site-15852
|   |   |   |   |-- site-16345
|   |   |   |   |-- site-17175
|   |   |   |   |-- site-17832
|   |   |   |   |-- site-17942
|   |   |   |   |-- site-18018
|   |   |   |   |-- site-18069
|   |   |   |   |-- site-19334
|   |   |   |   |-- site-19639
|   |   |   |   |-- site-1966
|   |   |   |   |-- site-19791
|   |   |   |   |-- site-19955
|   |   |   |   |-- site-21369
|   |   |   |   |-- site-21549
|   |   |   |   |-- site-230
|   |   |   |   |-- site-23325
|   |   |   |   |-- site-23470
|   |   |   |   |-- site-23791
|   |   |   |   |-- site-23803
|   |   |   |   |-- site-23838
|   |   |   |   |-- site-24125
|   |   |   |   |-- site-24193
|   |   |   |   |-- site-24213
|   |   |   |   |-- site-25480
|   |   |   |   |-- site-26195
|   |   |   |   |-- site-26221
|   |   |   |   |-- site-26637
|   |   |   |   |-- site-26758
|   |   |   |   |-- site-27646
|   |   |   |   |-- site-27728
|   |   |   |   |-- site-27736
|   |   |   |   |-- site-27812
|   |   |   |   |-- site-28050
|   |   |   |   |-- site-28690
|   |   |   |   |-- site-29159
|   |   |   |   |-- site-2951
|   |   |   |   |-- site-30011
|   |   |   |   |-- site-30571
|   |   |   |   |-- site-31900
|   |   |   |   |-- site-32190
|   |   |   |   |-- site-32279
|   |   |   |   |-- site-32317
|   |   |   |   |-- site-32438
|   |   |   |   |-- site-3483
|   |   |   |   |-- site-3507
|   |   |   |   |-- site-3874
|   |   |   |   |-- site-4035
|   |   |   |   |-- site-4143
|   |   |   |   |-- site-4264
|   |   |   |   |-- site-5826
|   |   |   |   |-- site-5872
|   |   |   |   |-- site-6228
|   |   |   |   |-- site-7895
|   |   |   |   |-- site-8343
|   |   |   |   |-- site-8422
|   |   |   |   |-- site-8637
|   |   |   |   |-- site-8662
|   |   |   |   `-- site-9426
|   |   |   |-- activecolab
|   |   |   |   `-- www.example.com.vhost
|   |   |   |-- anothermapcase
|   |   |   |   `-- nginx.conf
|   |   |   |-- chive
|   |   |   |   `-- chive-nginx-master
|   |   |   |       |-- fastcgi.conf
|   |   |   |       |-- fastcgi_params
|   |   |   |       |-- koi-utf
|   |   |   |       |-- koi-win
|   |   |   |       |-- map_https_fcgi.conf
|   |   |   |       |-- mime.types
|   |   |   |       |-- nginx.conf
|   |   |   |       |-- reverse_proxy.conf
|   |   |   |       |-- sites-available
|   |   |   |       |   |-- 000-default
|   |   |   |       |   |-- chive.example.com.conf
|   |   |   |       |   `-- secure.chive.example.com.conf
|   |   |   |       |-- upstream_phpapache.conf
|   |   |   |       |-- upstream_phpcgi.conf
|   |   |   |       `-- win-utf
|   |   |   |-- cms-made-simple
|   |   |   |   `-- nginx.conf
|   |   |   |-- codeigniter
|   |   |   |   |-- nginx-alt.conf
|   |   |   |   `-- nginx.conf
|   |   |   |-- contao
|   |   |   |   `-- sites-available
|   |   |   |       `-- example.com.vhost
|   |   |   |-- cs-cart
|   |   |   |   `-- sites-available
|   |   |   |       `-- example.com.vhost
|   |   |   |-- djangofastcgi
|   |   |   |   |-- large.conf
|   |   |   |   `-- nginx.conf
|   |   |   |-- dokuwiki
|   |   |   |   |-- dokuwiki.conf
|   |   |   |   |-- drop.conf
|   |   |   |   |-- full.conf
|   |   |   |   |-- nginx.conf
|   |   |   |   `-- nginx-no-ssl.conf
|   |   |   |-- drupal
|   |   |   |   `-- nginx.conf
|   |   |   |-- dynamic_ssi
|   |   |   |   `-- nginx.conf
|   |   |   |-- elgg
|   |   |   |   `-- nginx.conf
|   |   |   |-- embeddedperlminifyjs
|   |   |   |   `-- nginx.conf
|   |   |   |-- embeddedperlsitemapsproxy
|   |   |   |   `-- nginx.conf
|   |   |   |-- expressionengine
|   |   |   |   |-- bad.conf
|   |   |   |   |-- better.conf
|   |   |   |   `-- yourpath.conf
|   |   |   |-- fastcgiexample
|   |   |   |   |-- fastcgi.conf
|   |   |   |   `-- nginx.conf
|   |   |   |-- fengoffice
|   |   |   |   `-- sites-available
|   |   |   |       `-- www.example.com.vhost
|   |   |   |-- full-example
|   |   |   |   |-- fastcgi.conf
|   |   |   |   |-- mime.types
|   |   |   |   |-- nginx.conf
|   |   |   |   `-- proxy.conf
|   |   |   |-- fullexample2
|   |   |   |   `-- nginx.conf
|   |   |   |-- geoip
|   |   |   |   `-- nginx.conf
|   |   |   |-- guide-to-nginx-ssl-spdy-hsts
|   |   |   |   `-- nginx.conf
|   |   |   |-- hardwarelberrors
|   |   |   |   `-- nginx.conf
|   |   |   |-- icinga
|   |   |   |   `-- sites-available
|   |   |   |       `-- www.example.com.vhost
|   |   |   |-- imapauthenticatewithapacheperlscript
|   |   |   |   `-- nginx.conf
|   |   |   |-- imapauthenticatewithapachephpscript
|   |   |   |   `-- nginx.conf
|   |   |   |-- imapproxyexample
|   |   |   |   |-- nginx.conf
|   |   |   |   `-- proxy-example.conf
|   |   |   |-- iphone-website-with-nginx
|   |   |   |   |-- mobile.conf
|   |   |   |   `-- nginx.conf
|   |   |   |-- iredmail
|   |   |   |   |-- iredadmin.conf
|   |   |   |   `-- nginx.conf
|   |   |   |-- javaservers
|   |   |   |   `-- nginx.conf
|   |   |   |-- joomla
|   |   |   |   `-- nginx.conf
|   |   |   |-- likeapache
|   |   |   |   `-- nginx.conf
|   |   |   |-- loadbalanceexample
|   |   |   |   `-- nginx.conf
|   |   |   |-- mailman
|   |   |   |   `-- nginx.conf
|   |   |   |-- mediawiki
|   |   |   |   `-- nginx.conf
|   |   |   |-- memcachepreload
|   |   |   |   `-- sites-available
|   |   |   |       `-- default
|   |   |   |-- minio
|   |   |   |   `-- sites-enabled
|   |   |   |       `-- nginx.conf
|   |   |   |-- mono
|   |   |   |   `-- nginx.conf
|   |   |   |-- mybb
|   |   |   |   `-- nginx.conf
|   |   |   |-- nonrootwebpath
|   |   |   |   `-- nginx.conf
|   |   |   |-- omeka
|   |   |   |   `-- nginx.conf
|   |   |   |-- oscommerce
|   |   |   |   `-- nginx.conf
|   |   |   |-- osticket
|   |   |   |   `-- nginx.conf
|   |   |   |-- owncloud
|   |   |   |   `-- sites-available
|   |   |   |       `-- www.example.com.vhost
|   |   |   |-- oxid-eshop
|   |   |   |   `-- sites-available
|   |   |   |       `-- www.example.com.vhost
|   |   |   |-- phpbb
|   |   |   |   `-- nginx.sample.conf
|   |   |   |-- phpfastcgionwindows
|   |   |   |   `-- nginx.conf
|   |   |   |-- phpfcgi
|   |   |   |   |-- fastcgi_params
|   |   |   |   `-- nginx.conf
|   |   |   |-- php-fpm
|   |   |   |   `-- default.conf
|   |   |   |-- phplist
|   |   |   |   `-- nginx.conf
|   |   |   |-- piwik
|   |   |   |   `-- nginx.conf
|   |   |   |-- pmwiki
|   |   |   |   `-- nginx.conf
|   |   |   |-- prestashop
|   |   |   |   `-- sites-available
|   |   |   |       `-- www.example.com.vhost
|   |   |   |-- processwire
|   |   |   |   `-- sites-available
|   |   |   |       `-- www.example.com.vhost
|   |   |   |-- pylons
|   |   |   |   `-- nginx.vhost.conf
|   |   |   |-- pyrocms
|   |   |   |   |-- drop.conf
|   |   |   |   |-- fastcgi_params
|   |   |   |   `-- nginx.conf
|   |   |   |-- qwebric
|   |   |   |   |-- redirect.conf
|   |   |   |   `-- reverse-proxy.conf
|   |   |   |-- redaxo
|   |   |   |   `-- sites-available
|   |   |   |       `-- www.example.com.vhost
|   |   |   |-- redmine
|   |   |   |   `-- nginx.conf
|   |   |   |-- reverseproxycachingexample
|   |   |   |   `-- nginx.conf
|   |   |   |-- roundcube
|   |   |   |   `-- sites-available
|   |   |   |       `-- example.com.vhost.conf
|   |   |   |-- separateerrorloggingpervirtualhost
|   |   |   |   `-- nginx.conf
|   |   |   |-- server_blocks
|   |   |   |   |-- catchall.conf
|   |   |   |   |-- two.conf
|   |   |   |   `-- wildcard-subdomains.conf
|   |   |   |-- shopware
|   |   |   |   `-- sites-available
|   |   |   |       `-- www.example.com.vhost
|   |   |   |-- shopware4
|   |   |   |   `-- sites-available
|   |   |   |       `-- www.example.com.vhost
|   |   |   |-- silverstripe
|   |   |   |   `-- nginx.conf
|   |   |   |-- simplecgi
|   |   |   |   `-- nginx.conf
|   |   |   |-- simplegroupware
|   |   |   |   `-- sites-available
|   |   |   |       `-- www.example.com.vhost
|   |   |   |-- simplepythonfcgi
|   |   |   |   |-- fastcgi.conf
|   |   |   |   |-- nginx.conf
|   |   |   |   `-- weird-spacing.conf
|   |   |   |-- simplerubyfcgi
|   |   |   |   `-- nginx.conf
|   |   |   |-- spip
|   |   |   |   `-- nginx.conf
|   |   |   |-- sugarcrm
|   |   |   |   `-- sites-available
|   |   |   |       `-- www.example.com.vhost
|   |   |   |-- symfony
|   |   |   |   |-- nginx.conf
|   |   |   |   |-- old.conf
|   |   |   |   `-- oldold.conf
|   |   |   |-- typo3-4.6
|   |   |   |   `-- sites-available
|   |   |   |       `-- www.example.com.vhost
|   |   |   |-- typo3-6.2
|   |   |   |   `-- sites-available
|   |   |   |       `-- www.example.com.vhost
|   |   |   |-- upstream-issue-17
|   |   |   |   `-- nginx.conf
|   |   |   |-- upstream-issue-19
|   |   |   |   `-- nginx.conf
|   |   |   |-- wordpress
|   |   |   |   |-- multisite-subdir.conf
|   |   |   |   |-- multisite-subdomain.conf
|   |   |   |   `-- nginx.conf
|   |   |   |-- wordpress-caching
|   |   |   |   |-- no-cache.conf
|   |   |   |   |-- supercache.conf
|   |   |   |   |-- total-cache.conf
|   |   |   |   `-- totalcache-enhanced.conf
|   |   |   |-- xenforo
|   |   |   |   `-- nginx.conf
|   |   |   |-- yii
|   |   |   |   `-- nginx.conf
|   |   |   |-- zend
|   |   |   |   `-- nginx.conf
|   |   |   |-- zenphoto
|   |   |   |   `-- nginx.conf
|   |   |   `-- zope
|   |   |       `-- nginx.conf
|   |   |-- README
|   |   `-- roundtrip.py
|   |-- README.rst
|   |-- readthedocs.org.requirements.txt
|   `-- setup.py
|-- certbot-nginx
|   |-- certbot_nginx
|   |   |-- configurator.py
|   |   |-- constants.py
|   |   |-- __init__.py
|   |   |-- nginxparser.py
|   |   |-- obj.py
|   |   |-- options-ssl-nginx.conf
|   |   |-- parser.py
|   |   |-- tests
|   |   |   |-- configurator_test.py
|   |   |   |-- __init__.py
|   |   |   |-- nginxparser_test.py
|   |   |   |-- obj_test.py
|   |   |   |-- parser_test.py
|   |   |   |-- testdata
|   |   |   |   `-- etc_nginx
|   |   |   |       |-- broken.conf
|   |   |   |       |-- edge_cases.conf
|   |   |   |       |-- foo.conf
|   |   |   |       |-- mime.types
|   |   |   |       |-- minimalistic_comments.conf
|   |   |   |       |-- nginx.conf
|   |   |   |       |-- server.conf
|   |   |   |       |-- sites-enabled
|   |   |   |       |   |-- default
|   |   |   |       |   `-- example.com
|   |   |   |       `-- ubuntu_nginx_1_4_6
|   |   |   |           `-- default_vhost
|   |   |   |               `-- nginx
|   |   |   |                   |-- fastcgi_params
|   |   |   |                   |-- koi-utf
|   |   |   |                   |-- koi-win
|   |   |   |                   |-- mime.types
|   |   |   |                   |-- naxsi_core.rules
|   |   |   |                   |-- naxsi.rules
|   |   |   |                   |-- naxsi-ui.conf.1.4.1
|   |   |   |                   |-- nginx.conf
|   |   |   |                   |-- proxy_params
|   |   |   |                   |-- scgi_params
|   |   |   |                   |-- sites-available
|   |   |   |                   |   `-- default
|   |   |   |                   |-- sites-enabled
|   |   |   |                   |   `-- default -> ../sites-available/default
|   |   |   |                   |-- uwsgi_params
|   |   |   |                   `-- win-utf
|   |   |   |-- tls_sni_01_test.py
|   |   |   `-- util.py
|   |   `-- tls_sni_01.py
|   |-- docs
|   |   |-- api
|   |   |   |-- nginxparser.rst
|   |   |   |-- obj.rst
|   |   |   |-- parser.rst
|   |   |   `-- tls_sni_01.rst
|   |   |-- api.rst
|   |   |-- conf.py
|   |   |-- index.rst
|   |   |-- make.bat
|   |   |-- Makefile
|   |   |-- _static
|   |   `-- _templates
|   |-- LICENSE.txt
|   |-- MANIFEST.in
|   |-- README.rst
|   |-- readthedocs.org.requirements.txt
|   |-- setup.py
|   `-- tests
|       |-- boulder-integration.conf.sh
|       `-- boulder-integration.sh
|-- CHANGES.rst
|-- CONTRIBUTING.md
|-- docker-compose.yml
|-- Dockerfile
|-- Dockerfile-dev
|-- docs
|   |-- api
|   |   |-- account.rst
|   |   |-- achallenges.rst
|   |   |-- auth_handler.rst
|   |   |-- client.rst
|   |   |-- configuration.rst
|   |   |-- constants.rst
|   |   |-- crypto_util.rst
|   |   |-- display.rst
|   |   |-- errors.rst
|   |   |-- index.rst
|   |   |-- interfaces.rst
|   |   |-- log.rst
|   |   |-- plugins
|   |   |   |-- common.rst
|   |   |   |-- disco.rst
|   |   |   |-- manual.rst
|   |   |   |-- standalone.rst
|   |   |   |-- util.rst
|   |   |   `-- webroot.rst
|   |   |-- reporter.rst
|   |   |-- reverter.rst
|   |   |-- storage.rst
|   |   `-- util.rst
|   |-- api.rst
|   |-- ciphers.rst
|   |-- cli-help.txt
|   |-- conf.py
|   |-- contributing.rst
|   |-- index.rst
|   |-- install.rst
|   |-- intro.rst
|   |-- make.bat
|   |-- Makefile
|   |-- man
|   |   `-- certbot.rst
|   |-- packaging.rst
|   |-- resources.rst
|   |-- _static
|   `-- using.rst
|-- examples
|   |-- cli.ini
|   |-- dev-cli.ini
|   |-- generate-csr.sh
|   |-- openssl.cnf
|   `-- plugins
|       |-- certbot_example_plugins.py
|       `-- setup.py
|-- letsencrypt
|   |-- letsencrypt
|   |   `-- __init__.py
|   |-- LICENSE.txt
|   |-- MANIFEST.in
|   |-- README.rst
|   |-- setup.py
|   `-- tests
|       `-- testdata
|           `-- os-release
|-- letsencrypt-apache
|   |-- letsencrypt_apache
|   |   `-- __init__.py
|   |-- LICENSE.txt
|   |-- MANIFEST.in
|   |-- README.rst
|   `-- setup.py
|-- letsencrypt-auto
|-- letsencrypt-auto-source
|   |-- build.py
|   |-- certbot-auto.asc
|   |-- Dockerfile
|   |-- letsencrypt-auto
|   |-- letsencrypt-auto.sig
|   |-- letsencrypt-auto.template
|   |-- pieces
|   |   |-- bootstrappers
|   |   |   |-- arch_common.sh
|   |   |   |-- deb_common.sh
|   |   |   |-- free_bsd.sh
|   |   |   |-- gentoo_common.sh
|   |   |   |-- mac.sh
|   |   |   |-- mageia_common.sh
|   |   |   |-- rpm_common.sh
|   |   |   |-- smartos.sh
|   |   |   `-- suse_common.sh
|   |   |-- fetch.py
|   |   |-- letsencrypt-auto-requirements.txt
|   |   `-- pipstrap.py
|   `-- tests
|       |-- auto_test.py
|       |-- certs
|       |   |-- ca
|       |   |   |-- my-root-ca.crt.pem
|       |   |   |-- my-root-ca.key.pem
|       |   |   `-- my-root-ca.srl
|       |   `-- localhost
|       |       |-- cert.pem
|       |       |-- localhost.csr.pem
|       |       |-- privkey.pem
|       |       `-- server.pem
|       |-- fake-letsencrypt
|       |   |-- dist
|       |   |   `-- letsencrypt-99.9.9.tar.gz
|       |   |-- letsencrypt.py
|       |   `-- setup.py
|       |-- __init__.py
|       `-- signing.key
|-- letsencrypt-nginx
|   |-- letsencrypt_nginx
|   |   `-- __init__.py
|   |-- LICENSE.txt
|   |-- MANIFEST.in
|   |-- README.rst
|   `-- setup.py
|-- letshelp-certbot
|   |-- docs
|   |   |-- api
|   |   |   `-- index.rst
|   |   |-- api.rst
|   |   |-- conf.py
|   |   |-- index.rst
|   |   |-- make.bat
|   |   |-- Makefile
|   |   |-- _static
|   |   `-- _templates
|   |-- letshelp_certbot
|   |   |-- apache.py
|   |   |-- apache_test.py
|   |   |-- __init__.py
|   |   `-- testdata
|   |       |-- mods-available
|   |       |   `-- ssl.load
|   |       |-- mods-enabled
|   |       |   `-- ssl.load -> ../mods-available/ssl.load
|   |       |-- super_secret_file.txt
|   |       |-- uncommonly_named_k3y
|   |       `-- uncommonly_named_p4sswd
|   |-- LICENSE.txt
|   |-- MANIFEST.in
|   |-- README.rst
|   |-- readthedocs.org.requirements.txt
|   `-- setup.py
|-- letshelp-letsencrypt
|   |-- letshelp_letsencrypt
|   |   `-- __init__.py
|   |-- LICENSE.txt
|   |-- MANIFEST.in
|   |-- README.rst
|   `-- setup.py
|-- LICENSE.txt
|-- linter_plugin.py
|-- MANIFEST.in
|-- pep8.travis.sh
|-- README.rst
|-- readthedocs.org.requirements.txt
|-- setup.cfg
|-- setup.py
|-- tests
|   |-- boulder-fetch.sh
|   |-- boulder-integration.sh
|   |-- boulder-start.sh
|   |-- display.py
|   |-- integration
|   |   `-- _common.sh
|   |-- letstest
|   |   |-- apache2_targets.yaml
|   |   |-- multitester.py
|   |   |-- README.md
|   |   |-- scripts
|   |   |   |-- boulder_config.sh
|   |   |   |-- boulder_install.sh
|   |   |   |-- test_apache2.sh
|   |   |   |-- test_leauto_upgrades.sh
|   |   |   |-- test_letsencrypt_auto_certonly_standalone.sh
|   |   |   |-- test_letsencrypt_auto_venv_only.sh
|   |   |   |-- test_renew_standalone.sh
|   |   |   `-- test_tox.sh
|   |   `-- targets.yaml
|   |-- mac-bootstrap.sh
|   `-- travis-integration.sh
|-- tools
|   |-- deps.sh
|   |-- eff-pubkey.pem
|   |-- half-sign.c
|   |-- offline-sigrequest.sh
|   |-- release.sh
|   |-- venv3.sh
|   |-- _venv_common.sh
|   `-- venv.sh
|-- tox.cover.sh
|-- tox.ini
`-- Vagrantfile

233 directories, 789 files

ずらっと貼ってしまったけど。。

厳密にいうと上記は更新後に思い出しながら所々手直しして貼っているので、厳密にはちょっと違った部分もあるかも。

また、実際のところファイル構成の詳細はどうでもよくて、ただ証明書が切れた時点で
/usr/local/letencrypt
/usr/local/certbot
/etc/letsencrypt
のディレクトリに一通りファイルは揃っていた、という状況であることに留意してほしい。

やったこと

# ./letsencrypt-auto certonly --webroot -w /home/kusanagi/kusanagi_html/DocumentRoot/ -d binfish.jp

これだけ。

そしてなにがどうなった?

# tree /etc/letsencrypt
/etc/letsencrypt
|-- accounts
|   `-- acme-v01.api.letsencrypt.org
|       `-- directory
|           `-- 61d6ccc841c628d0d422e8d94ee8866c
|               |-- meta.json
|               |-- private_key.json
|               `-- regr.json
|-- archive
|   `-- binfish.jp
|       |-- cert1.pem
|       |-- cert2.pem
|       |-- chain1.pem
|       |-- chain2.pem
|       |-- fullchain1.pem
|       |-- fullchain2.pem
|       |-- privkey1.pem
|       `-- privkey2.pem
|-- csr
|   |-- 0000_csr-certbot.pem
|   `-- 0000_csr-letsencrypt.pem
|-- keys
|   |-- 0000_key-certbot.pem
|   `-- 0000_key-letsencrypt.pem
|-- live
|   `-- binfish.jp
|       |-- cert.pem -> ../../archive/binfish.jp/cert2.pem
|       |-- chain.pem -> ../../archive/binfish.jp/chain2.pem
|       |-- fullchain.pem -> ../../archive/binfish.jp/fullchain2.pem
|       |-- privkey.pem -> ../../archive/binfish.jp/privkey2.pem
|       `-- scts
|           |-- aviator.sct
|           |-- pilot.sct
|           `-- rocketeer.sct
`-- renewal
    `-- binfish.jp.conf

/etc/letsencrypt/archive/binfish.jp/以下に*2.pemという新しいファイルが作成され、/etc/letsencrypt/live/binfish.jp/以下のシンボリックリンクの参照がそちらに更新された。

この後httpsでサイトを確認したところ、直後はまだ反映されていない模様だったが、1時間弱経って改めて確認すると有効なssl証明書として認識された。

証明書の有効性の確認
“This certificate is valid”

今後は更新のタイミングが来たら下記を実行すればいいらしい。

/usr/local/certbot/certbot-auto renew --force-renew

実行後はnginxの再起動が必要。
まとめてcrontabに設定。

00 05 01 * * /usr/local/certbot/certbot-auto renew --force-renew && nginx -s reload

apacheの場合

00 05 01 * * /usr/local/certbot/certbot-auto renew --force-renew && /bin/systemctl reload httpd

学んだこと

letsencryptの有効期間は90日。

有効期限が切れたら新しく発行すればいいけど、新しい証明書が有効になるまで一時的に「このサイトの証明書は期限が切れてます」という警告が表示されてしまい、信用を失う。

特に、もともとhttpのサイトはそこまで問題にならないかもしれないけど、フルhttps化している(httpアクセスをhttpsにリダイレクトしている)場合はユーザーの通常アクセスで警告が表示されるので影響はめちゃくちゃでかいと思う。

今回の更新(再発行)に際してサイトをフルHTTPS化したんだけど、そのあたりの話はまた次回。

ではでは。

Leave a Reply

Your email address will not be published. Required fields are marked *