Let's Encrypt がある日発行できなくなった


概要

  • OpenResty の lua-resty-auto-ssl を使ってる (多分 certbot-auto でも同じ)
  • 気づいたら以下エラーで証明書の発行がエラーになってた
INFO: Using main config file /path/to/resty-auto-ssl/letsencrypt/config
+ Generating account key...
+ Registering account key with ACME server...\


Error registering account key. See message above for more information.
 err: # !! WARNING !! Extra configuration directory /path/to/resty-auto-ssl/letsencrypt/conf.d exists, but no configuration found in it.
  + ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-reg (Status 400)

Details:
{
  "type": "urn:acme:error:malformed",
  "detail": "Provided agreement URL [https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf] does not match current agreement URL [https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf]",
  "status": 400
}

...

原因

  • Details にある通りデフォルトで指定しているライセンスファイルが今現在指定すべきものと異なるせい

解決策

lua-resty-auto-ssl

$ cat /path/to/resty-auto-ssl/letsencrypt/conf.d/custom.sh
LICENSE="https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"

certbot-auto