certbotのコンフィグを削除するやつ

2022/04/02

欲しくて作ったサブドメインについて、SSL証明書も用意して運用していたことがあったのだけど、今はもう要らないんだよねぇ…というやつを処分する話。
そのサブドメインでアクセスが来ても応答するサーバがいないので証明書の更新ができないぜ！とcertbotが言っているまましばらく経って、当然証明書の期限は切れており、ぶっちゃけcertbotのコンフィグさえ消せればそれで良いという話。というわけでコンフィグの消し方。ただのメモ書き。一瞬で終わるやつ。

状況

何も考えずcertbot renewすると以下のような感じで死ぬ。

$ sudo certbot renew
[sudo] password for tea: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/hoge.tea-soak.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/fuga.tea-soak.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/OBSOLETED.tea-soak.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
An error occurred while parsing /etc/letsencrypt/renewal/OBSOLETED.tea-soak.org.conf. The error was Unrecognized challenges: tls-sni-01. Skipping the file.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/tea-soak.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificates are not due for renewal yet:
  /etc/letsencrypt/live/hoge.tea-soak.org/fullchain.pem expires on 2022-06-29 (skipped)
  /etc/letsencrypt/live/fuga.tea-soak.org/fullchain.pem expires on 2022-06-29 (skipped)
  /etc/letsencrypt/live/tea-soak.org/fullchain.pem expires on 2022-06-29 (skipped)
No renewals were attempted.

Additionally, the following renewal configurations were invalid: 
  /etc/letsencrypt/renewal/OBSOLETED.tea-soak.org.conf (parsefail)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
0 renew failure(s), 1 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

configurations were invalidって言われるくらいまでって、結構放置してましたね、というのがバレるやつ。

コンフィグを消そう

本当は証明書も消すのが良いのだろうけど、期限切れになってからだいぶ長いし、別に良いでしょそのままで。コンフィグだけ消して、certbotが恙なく動ける状態にすれば良い。
certbotにdeleteサブコマンドを渡すだけでおｋ

$ sudo certbot delete
[sudo] password for tea: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which certificate(s) would you like to delete?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: hoge.tea-soak.org
2: fuga.tea-soak.org
3: OBSOLETED.tea-soak.org
4: tea-soak.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following certificate(s) are selected for deletion:

  * OBSOLETED.tea-soak.org

WARNING: Before continuing, ensure that the listed certificates are not being
used by any installed server software (e.g. Apache, nginx, mail servers).
Deleting a certificate that is still being used will cause the server software
to stop working. See https://certbot.org/deleting-certs for information on
deleting certificates safely.

Are you sure you want to delete the above certificate(s)?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Deleted all files relating to certificate OBSOLETED.tea-soak.org.

おしまい

ほんとは使わなくなった時点で証明書も削除してコンフィグも消して…ってやるのが正解なんだけど、めんどくさくて放置してしまっていたのでした。しょうがないね。