【Cron】ジョブスケジューリング (Let's Encrypt更新)

ジョブスケジューリング

決められた時刻に特定のコマンドを定期的に実行する機能は、 cron（クーロン）と呼ばれるジョブスケジューラによって提供されます。

$ systemctl status crond

● crond.service - Command Scheduler
   Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)
   Active: active (running) since [曜日] [年]-[月]-[日] 19:22:27 JST; [何ヶ月何日前]
 Main PID: 2592 (crond)
   CGroup: /system.slice/crond.service
           └─2592 /usr/sbin/crond -n

crontabファイル

【crontab】cronの設定ファイル

システムのcrontabファイル

（/var/spool/cron）

ユーザーのcrontabファイル

（/etc/crontab）

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed

crondに登録 (rootとして実行)

毎日AM５時に、certbot newが実行される。

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root

# For details see man 4 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed

00 05 * * * root certbot renew

有効期限の確認

$ certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/[失効ドメイン]/cert.pem is unknown

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: [失効ドメイン]
    Domains: [失効ドメイン]
    Expiry Date: 2019-07-17 03:14:57+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/[失効ドメイン]/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/[失効ドメイン]/privkey.pem

  Certificate Name: ******.com
    Domains: *********.com
    Expiry Date: 2020-01-08 11:31:48+00:00 (VALID: 17 days)
    Certificate Path: /etc/letsencrypt/live/[稼働中のドメイン]/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/[稼働中のドメイン]/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

成功確認

# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/[失効ドメイン]/cert.pem is unknown

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: [失効ドメイン]
    Domains: [失効ドメイン]
    Expiry Date: 2019-07-17 03:14:57+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/[失効ドメイン]/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/[失効ドメイン]/privkey.pem

  Certificate Name: [稼働中のドメイン]
    Domains: [稼働中のドメイン]
    Expiry Date: 2020-03-21 19:03:39+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/[稼働中のドメイン]/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/[稼働中のドメイン]/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[参照１] https://www.kennejs.com/entry/2019/04/14/154652

[参照２] https://qiita.com/UNILORN/items/a1a3f62409cdb4256219