The connection used to load resources from https://example.com used TLS 1.0 or TLS1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented from loading these resources. The server sould enable TLS 1.2 or later. See https://www.chromestatus.com/feature/〜 for more information.
$ ./letsencrypt-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/blog.4star.link.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for blog.4star.link
-------------------------------------------------------------------------------
Port 443 is already in use by another process. This will prevent us from binding
to that port. Please stop the process that is populating the port in question
and try again. For automated renewal, you may want to use a script that stops
and starts your webserver. You can find an example at
https://certbot.eff.org/docs/using.html#renewal . Alternatively you can use the
webroot plugin to renew without needing to stop and start your webserver.
-------------------------------------------------------------------------------
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/blog.4star.link.conf produced an unexpected error: At least one of the (possibly) required ports is already taken.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/blog.4star.link/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
必要なポートが既に使われているらしい。
ポートチェック
$ netstat -tanplsof -i:80
nginxで使っているので一旦停止(サービスが止まるので注意!
$ service nginx stop
再びrenew!
$ ./letsencrypt-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/blog.4star.link.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for blog.4star.link
-------------------------------------------------------------------------------
Port 443 is already in use by another process. This will prevent us from binding
to that port. Please stop the process that is populating the port in question
and try again. For automated renewal, you may want to use a script that stops
and starts your webserver. You can find an example at
https://certbot.eff.org/docs/using.html#renewal . Alternatively you can use the
webroot plugin to renew without needing to stop and start your webserver.
-------------------------------------------------------------------------------
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/blog.4star.link.conf produced an unexpected error: At least one of the (possibly) required ports is already taken.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/blog.4star.link/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
また同じエラーが。。。
さらにもう一回!
どりゃっっxさらにもう一回!
ぐああーーっしゃいさらにもう1っかい!
。。。。
。。。。。
何度か同じエラーがでたあと、
$ ./letsencrypt-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/blog.4star.link.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for blog.4star.link
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/blog.4star.link/fullchain.pem
-------------------------------------------------------------------------------
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/blog.4star.link/fullchain.pem (success)
The program nginx (process ID 18766) is already listening on TCP
port 80. This will prevent us from binding to that port. Please stop
the nginx program temporarily and then try again.