Let’s Encrypt、certbot-autoが動かない!

Let’s Encrypt証明書発行のツール「certbot-auto」が動かない・・・



# /root/certbot-auto certonly --webroot -w /home/site/web -d (FQDN) --renew-by-default --email (メールアドレス)
Skipping bootstrap because certbot-auto is deprecated on this system.
Your system is not supported by certbot-auto anymore.
Certbot cannot be installed.
Please visit https://certbot.eff.org/ to check for other alternatives.



# yum remove certbot



# yum install snapd

# systemctl enable --now snapd.socket
Created symlink from /etc/systemd/system/sockets.target.wants/snapd.socket to /usr/lib/systemd/system/snapd.socket.


# ln -s /var/lib/snapd/snap /snap

# snap install --classic certbot
2021-XX-XX:XX:XX+09:00 INFO Waiting for automatic snapd restart...
Warning: /var/lib/snapd/snap/bin was not found in your $PATH. If you've not restarted your session
         since you installed snapd, try doing that. Please see https://forum.snapcraft.io/t/9469
         for more details.

certbot 1.15.0 from Certbot Project (certbot-eff?) installed


# snap install --classic certbot
error: cannot install "certbot": classic confinement requires snaps under /snap or symlink from
       /snap to /var/lib/snapd/snap


# ln -s /var/lib/snapd/snap /snap


再度、「snap install –classic certbot」コマンドを実行させます。(2021/06/09)


Let’s Encrypt証明書発行

# /var/lib/snapd/snap/bin/certbot certonly --webroot -w /home/site/web -d (FQDN) --renew-by-default --email (メールアドレス)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for (FQDN)
Performing the following challenges:
http-01 challenge for (FQDN)
Using the webroot path /home/site/web for all unmatched domains.
Waiting for verification...
Cleaning up challenges

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your certificate will expire on 2021-XX-XX. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

↑ Let’s Encrypt がインストールができました。



2021年10月1日より(2021年9月30日をもって)、Let's Encryptで使われている「DST Root X3」のルート証明書が利用できなくなります。 これにより、wgetコマンドで、以下のようなエラーが出てきます。 wget...