Let's Encryptの証明書を自動更新する
cronの設定
/etc/cron.monthly/letsencryptを編集する
#!/bin/sh
/opt/letsencrypt/letsencrypt-auto renew
let's Encryptの更新用設定ファイルを準備する
/etc/letsencrypt/renewal以下にファイルが自動生成されているので確認する
renew_before_expiry = 30 days
version = 0.10.1
archive_dir = /etc/letsencrypt/archive/blog.takezou.com
cert = /etc/letsencrypt/live/blog.takezou.com/cert.pem
privkey = /etc/letsencrypt/live/blog.takezou.com/privkey.pem
chain = /etc/letsencrypt/live/blog.takezou.com/chain.pem
fullchain = /etc/letsencrypt/live/blog.takezou.com/fullchain.pem
Options used in the renewal process
authenticator = webroot
installer = None
account = fb9783b17c56b375556c9f8757d42a94
webroot_path = /tmp/letsencrypt-auto, [[webroot_map]]
blog.takezou.com = /tmp/letsencrypt-auto$ sudo mkdir /tmp/letsencrypt-auto
nginx.confのserverディレクティブ内に下記を追加
server {
location /.well-known {
root /tmp/letsencrypt-auto;
}
nginx.confの編集が終わったらnginxの設定をチェック
$ sudo /opt/nginx/sbin/nginx -t
nginx: the configuration file /opt/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /opt/nginx/conf/nginx.conf test is successful
nginxを再起動(CentOS7)
$ sudo systemctl restart nginx
$/opt/letsencrypt/letsencrypt-auto renew
