LetsEncrypt 、過去に設定した情報を削除する方法です。
syslogにエラーメッセージ
XXX XX XX:XX:XX XXX certbot.renew: Failed to renew certificate (FQDN) with error: Some challenges have failed. XXX XX XX:XX:XX XXX certbot.renew: /etc/letsencrypt/live/(FQDN)/fullchain.pem (failure) XXX XX XX:XX:XX XXX systemd: snap.certbot.renew.service: main process exited, code=exited, status=1/FAILURE XXX XX XX:XX:XX XXX systemd: Failed to start Service for snap application certbot.renew. XXX XX XX:XX:XX XXX systemd: Unit snap.certbot.renew.service entered failed state. XXX XX XX:XX:XX XXX systemd: snap.certbot.renew.service failed.
というようなエラーメッセージがでている場合があります。
過去、LetsEncryptにて、設定をしたが、サーバー自体(サイト自体)が、無効になり、LetsEncryptの
設定だけが残ってしまったと、考えられます。
このままでも、無害ですが、すっきりと、設定の削除をしておきましょう。
ドメインを無効にする
設定した、SSL(TSL)を無効にします
# certbot revoke --cert-path /etc/letsencrypt/live/(FQDN)/cert.pem
と、「revoke」を指定します。
# certbot revoke --cert-path /etc/letsencrypt/live/(FQDN)/cert.pem Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you like to delete the certificate(s) you just revoked, along with all earlier and later versions of the certificate? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es (recommended)/(N)o: y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certificate(s) are selected for deletion: * (FQDN) WARNING: Before continuing, ensure that the listed certificates are not being used by any installed server software (e.g. Apache, nginx, mail servers). Deleting a certificate that is still being used will cause the server software to stop working. See https://certbot.org/deleting-certs for information on deleting certificates safely. Are you sure you want to delete the above certificate(s)? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y Deleted all files relating to certificate (FQDN). Congratulations! You have successfully revoked the certificate that was located at /etc/letsencrypt/live/(FQDN)/cert.pem.
↑上記の通り、メッセージに従い、「y」を入れると削除されます。
revokeでエラー
# certbot revoke --cert-path /etc/letsencrypt/live/(FQDN)/cert.pem Saving debug log to /var/log/letsencrypt/letsencrypt.log An unexpected error occurred: Certificate is expired Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
↑というエラーが出る場合があります。
これは、そもそも、証明書自体の期限が切れている場合です。
この場合は次の「delete」を指定します。
deleteで削除
# certbot delete --cert-name (FQDN)
↑上記のように「delete」を指定します。
# certbot delete --cert-name (FQDN) Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certificate(s) are selected for deletion: * (FQDN) WARNING: Before continuing, ensure that the listed certificates are not being used by any installed server software (e.g. Apache, nginx, mail servers). Deleting a certificate that is still being used will cause the server software to stop working. See https://certbot.org/deleting-certs for information on deleting certificates safely. Are you sure you want to delete the above certificate(s)? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y Deleted all files relating to certificate (FQDN).
deleteでも、エラーになってしまう
# certbot delete --cert-name (FQDN) Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certificate(s) are selected for deletion: * (FQDN) WARNING: Before continuing, ensure that the listed certificates are not being used by any installed server software (e.g. Apache, nginx, mail servers). Deleting a certificate that is still being used will cause the server software to stop working. See https://certbot.org/deleting-certs for information on deleting certificates safely. Are you sure you want to delete the above certificate(s)? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y No certificate found with name (FQDN) (expected /etc/letsencrypt/renewal/(FQDN).conf). Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
↑と、設定ファイルである「/etc/letsencrypt/renewal/(FQDN).conf」というファイル自体が無い場合があるようです。
この場合、
# cd /etc/letsencrypt/ # rm -Rf archive/(FQDN)/ # rm -Rf live/(FQDN)/
と、ディレクトリ自体削除するのがいいかと。
(上記は、慎重に行ってください。手が滑って、たくさんのファイルが削除されたとか・・・。汗。
ファイルを個別に削除して、ディレクトリを削除する。というのが面倒ですが、事故の少ない方法かと思います。)
#本文中の「FQDN」は、「FQDN-001」などになっている場合があります。
