Ubuntu 16.04
sudo apt-get install python-certbot-nginx
nginx: [emerg] duplicate listen options for [::]:443 in /etc/nginx/sites-enabled/example.online:29
ãšã©ãŒã¯ãªãã¯ãã§ã
server {
listen 80;
listen [::]:80;
server_name example.online;
root /home/example/deploy;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
listen [::]:80;
server_name www.example.online;
return 301 $scheme://example.online$request_uri;
}
@iamdubxããªãã¯ãããç解ããŸãããïŒ ç§ã¯åãåé¡ãæ±ããŠããŸãã
åãåé¡...ããã©ã«ãã®ãµã€ãã§ã¯æ©èœããŸãããã«ã¹ã¿ã ãµããã¡ã€ã³ã§ã¯æ©èœããŸãã
ç§ã¯åãåé¡ãæ±ããŠããŸãã
ãã ããè€æ°ã®ãã¡ã€ã³ããã£ããããããã®æ§æã¯ãããŸãã
server {
listen 80;
listen [::]:80;
root /home/primarydomain/public;
index index.html index.htm;
server_name domain1.com *.domain1.com domain2.com *.domain2.com domain3.com *.domain3.com domain4.com *.domain4.com;
return 302 $scheme://primarydomain.com$request_uri;
access_log /var/log/nginx/others.access.log;
error_log /var/log/nginx/others.error.log;
location / {
try_files $uri $uri/ /index.html =404;
}
}
ãã®æ§æã§nginx: [emerg] duplicate listen options for [::]:443 in /etc/nginx/sites-enabled/others:19
ãååŸããŸãã
OSïŒUbuntu16.04ã äœãå©ãã¯ãããŸããïŒ
åãåé¡ã
ã³ãã³ããå®è¡ããŸããïŒ certbot --redirect --nginx -d readacted.com -d www.redacted.com
å ã®confãã¡ã€ã«ã¯æ¬¡ã®ããã«ãªããŸãã
server {
server_name redacted.com;
location / {
root /home/redacted/www;
index index.html;
}
}
server {
listen 80;
listen [::]:80;
server_name www.redacted.com;
return 301 $scheme://redacted.com$request_uri;
}
/var/log/letsencrypt/letsencrypt.logã«ãããšãcertbotããããå®è¡ããããšããŠããããšãããããŸãã
server {
server_name redacted.com;
location / {
root /home/redacted/www;
index index.html;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/redacted.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/redacted.com-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
listen [::]:80;
server_name www.redacted.com;
return 301 $scheme://redacted.com$request_uri;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.redacted.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.redacted.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
nginxã¯listen [::]:443 ssl ipv6only=on; # managed by Certbot
å®éã®ãšã©ãŒã¡ãã»ãŒãžïŒ
nginx: [emerg] duplicate listen options for [::]:443 in /etc/nginx/sites-enabled/redacted.com:23
ç°¡åãªã°ãŒã°ã«ã2010幎ãããã®ããŒãžãç«ã¡äžããŸããïŒ
http://www.serverphorums.com/read.php?5,203912
ããã¯ãå éšå®è£ ã®è©³çŽ°ãåå ã§nginxãæ··ä¹±ããããšã瀺åããŠããŸãã
ç§ã¯nginxã®å°é家ã§ã¯ãããŸãããã次ã®ããšãæ©èœããããã«èŠããããšããã¹ãããŸããã
server {
server_name redacted.com;
location / {
root /home/redacted/www;
index index.html;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/redacted.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/redacted.com-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
listen [::]:80;
server_name www.redacted.com;
return 301 http://redacted.com$request_uri;
listen [::]:443; # manually changed
ssl on; #manually changed
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/www.redacted.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.redacted.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
ãã®åé¿çãçæ³çã§ããããè¯ã解決çã欲ããã§ã...
@ohemorange ãããã远跡ããæ¢åã®åé¡ããããã©ããç¥ã£ãŠããŸããïŒ ãªãã¿ã®ããæãã§ããããããŸã§èª¿ã¹ãããšããã£ããã©ããã¯èŠããŠããŸããã
ç§ã¯ãããŸã§èŠãããšããããŸããã IPv6ã䜿çšããŠããå Žåãé€ããŠãå ã®ãã°ãä¿®æ£ãããããã§ãã ãããŠãIPv6ãµããŒããéå§ããã°ãããªã®ã§ã人ã ã¯ããã«ã¶ã€ãã£ãŠããŸãã äžèšã®è§£æ±ºçã¯æ©èœããŸãã Nginx forIPv6ã§ããããŸã ä¿®æ£ãããŠããªãçç±ããããã©ããã確èªããŸãã
å®éã«ã¯ã ssl on
å€æŽãè¡ãå¿
èŠã¯ãããŸãããã©ã¡ãããŸãã¯äž¡æ¹ããipv6only=on
ãåé€ãããšãåé¡ãä¿®æ£ãããŸãã
@joohoi ã ipv6only=on
å®å
šã«åé€ããããè¿œå ããäžæã®äœæè¡ããšã«1åã ãé
眮ããããšã§ããããä¿®æ£ããããšæãã§ãããã ããã§äœãäžçªããã®ãåãããŸããïŒ
ããã§åãåé¡ããããŸãã ç§ã®æåã®ãã¡ã€ã³ã§ã¯ãã¹ãŠãé 調ã§ããã 2çªç®ã®ãã¡ã€ã³ã§ã¯ãããã®åé¡ãçºçãå§ããŸããã
äœããã®çç±ã§ãCertbotãipv6onlyãã£ã¬ã¯ãã£ããå®å šã«æ€åºã§ããªãããã§ãã ãããåé€ãããšãã»ãšãã©ã®ãŠãŒã¶ãŒã®åé¡ãä¿®æ£ãããŸãã ipv6onlyã®åäœãšããã©ã«ããæéã®çµéãšãšãã«å€æŽããããããããã«ãããå®éã«å€ãNginxããŒãžã§ã³ã§ããã€ãã®åé¡ãçºçããå¯èœæ§ããããŸãã
åä»ãªãããã«ã€ããŠãè©«ã³ããŸãããããã§ä¿®æ£ãããŸããããŸããªãé©åãªä¿®æ£ãè¡ãããããšãé¡ã£ãŠããŸãã
--- /usr/lib/python3/dist-packages/certbot_nginx/configurator.py.orig 2018-02-14 18:38:30.380863045 +0000
+++ /usr/lib/python3/dist-packages/certbot_nginx/configurator.py 2018-02-14 18:38:01.501018553 +0000
@@ -507,10 +507,10 @@ class NginxConfigurator(common.Installer
'[::]:{0}'.format(self.config.tls_sni_01_port),
' ',
'ssl']
- if not ipv6info[1]:
- # ipv6only=on is absent in global config
- ipv6_block.append(' ')
- ipv6_block.append('ipv6only=on')
+ #if not ipv6info[1]:
+ # # ipv6only=on is absent in global config
+ # ipv6_block.append(' ')
+ # ipv6_block.append('ipv6only=on')
if vhost.ipv4_enabled():
ipv4_block = ['\n ',
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
$ nginx -V
nginx version: nginx/1.10.3 (Ubuntu)
built with OpenSSL 1.0.2g 1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads
$ apt show python-certbot-nginx
Package: python-certbot-nginx
Version: 0.21.1-1+ubuntu16.04.1+certbot+1
Priority: optional
Section: oldlibs
Maintainer: Debian Let's Encrypt <[email protected]>
Installed-Size: 9,216 B
Depends: python3-certbot-nginx
Download-Size: 2,470 B
APT-Manual-Installed: yes
APT-Sources: http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 Packages
Description: transitional dummy package
This is a transitional dummy package for the migration of certbot
from python2 to python3. It can be safely removed.
åãåé¡ã ããã¯å¯ŸåŠãããŸããïŒ
ããã¹ãã®å£ã§ç³ãèš³ãããŸããããããã«è¡ããŸãã
ãã®åé¡ã«å
ãåœãŠãã«ã¯ïŒ
ipv6onlyãªãã·ã§ã³ã¯ããœã±ããããšã«è€æ°ã®ãªãã¹ã³ã¹ããŒãã¡ã³ããåŠçã§ããããã«ããããã«äœ¿çšãããŸãã æ®å¿µãªããããœã±ããã®ãµãŒããŒæ§æã§ã¯1åãã䜿çšã§ããŸããã ãããã£ãŠã次ã®å ŽåãNginxã¯èµ·åã«å€±æããŸãã
server {
...
server_name first.example.org;
listen [::]:80 ipv6only=on;
listen 80;
}Â
server {
...
server_name second.example.org;
listen [::]:80 ipv6only=on;
listen 80;
}
Nginxã®æè¿ã®ããŒãžã§ã³ã§ã¯ãå€æ°ã®ããã©ã«ãå€ãipv6only=on
ããã ipv6only
èšå®ãå®å
šââã«çç¥ãããŠããå Žåããã®åé¡ã¯çºçããŸããã ãããã£ãŠã以äžã¯NginxããŒãžã§ã³> = 1.3.4ã§æå¹ã§æ©èœããæ§æã§ãïŒ
server {
...
server_name first.example.org;
listen [::]:80;
listen 80;
}
server {
...
server_name second.example.org;
listen [::]:80;
listen 80;
}
ãã ãã1.3.4ããåã®NginxããŒãžã§ã³ã®ipv6only
å€æ°ã®ããã©ã«ãå€ã¯ipv6only=off
ã§ãã£ããããå€ãããŒãžã§ã³ã¯æ¬¡ã®æ§æã§å€±æããŸãã
server {
...
server_name first.example.org;
listen [::]:80;
listen 80;
}
çŸåšããã£ã¹ããªãã¥ãŒã·ã§ã³ããã±ãŒãžã®ç¶æ³ã¯ãå€ãããŒãžã§ã³ã®Nginxã«å梱ãããŠãããã£ã¹ããªãã¥ãŒã·ã§ã³ã¯Debian WheezyïŒDebian 7ïŒã®ã¿ã§ãããããã©ã«ãã®ãªããžããªããããŒãžã§ã³1.2.1ã®Nginxãå梱ããŠããŸãã
ipv6only
æ€åºãšèšå®ãCertbotããå®å
šã«åé€ãããšãDebianWheezyã®ãã¹ãŠã®ãŠãŒã¶ãŒã«ãšã£ãŠãããæ©èœããªããªããŸãã 幞ããWheezyã®EOLæ¥ä»ã¯2018幎5æã«èšå®ãããŠãããããCertbotã³ãŒããããã®è¿œå ã®è€éããå®å
šã«åãé€ãããšãã§ããããã«ãªããŸãã
Certbotã®çŸåšã®æ©èœã¯ãå®å
šãªNginxæ§æã解æãã server{}
ãããã¯ã®1ã€ã«ãã§ã«ååšããipv6only=on
èšå®ãæ€åºããååšããå Žåã¯è¿œå ãçç¥ããŸãã ãã ããå€ãèŠã€ãããªãã£ãå ŽåãCertbotã¯ãããè¿œå ããŸãã ãã®åé¡ã¯ãCertbotããŠãŒã¶ãŒã®çŸåšã®æ§æã®äžéšã®ãããã¯ãããã®æ¢åã®å€æ°ãæ€åºã§ããªããããæ§æäžã®server{}
ãããã¯ã«è¿œå ããããšããããšã«ãªããŸãã
ãã®åé¡ãä¿®æ£ããã«ãŒãã決å®ããã«ã¯ãä¿®æ£ããããšã«ããå Žåã«æ¢åã®ipv6only=on
å€æ°ã®æ€åºãæ¹åã§ããããã«ãCertbotãäžèšã®æ¹æ³ã§å€±æããå®å
šãªæ§æäŸãå¿
èŠã§ãããã®æ©èœãå®å
šã«åé€ãã代ããã«ããã®ããã«ããŸãã
ããããããããšãã ããã¯ç§ã®ããã«åããã FWIWãç§ã¯Ubuntu17ã䜿çšããŠããŸãã
ç§ã¯ãã¹ãŠãåé€ããå¿ èŠããããŸãã
listen [::]:80;
listen 80;
ãããæ©èœãããã«ã¯
https://github.com/chilion-ããããšãïŒ åé€ïŒ
listen [::]:80;
listen 80;
ç§ã®ããã«ãåããã
1ã€ã®UbuntuãµãŒããŒã«2ã€ã®ãã¡ã€ã³ããããŸãã æåã®ãã®ã¯åé¡ãªãåäœããŸããã 次ã«ãäžèšã®ãšã©ãŒãçºçããŸããã ããªãã®è§£æ±ºçã¯ç§ã®ããã«åããã æ°ãããµãŒããŒã«nginxãã€ã³ã¹ããŒã«ããŸããã
ããããšãããããŸããã
listen [::]:80
åé€ããŸãããã listen 80;
æ®ããŠãããšãããã©ã«ã以å€ã®ãã¡ã€ã³ã«ã€ã³ã¹ããŒã«ã§ããŸããã
ãµããã¡ã€ã³èšå®ã§listen [::]ïŒ443ãšã³ã¡ã³ããããšãæ©èœããŸãã 倧äžå€«ã§ãã
ç§ã¯ã¡ããã©ãã®åé¡ã«ã¶ã€ãããŸããã ããŸããŸãªlisten
ãã£ã¬ã¯ãã£ããšipv6only
ãç解ããããšããŠããããã£ã
ãã®ããã°æçš¿ã匷ããå§ãããŸãããã®èšäºãèŠã€ãããŸã§ãWebã§èŠã€ããããŸããŸãªã¢ããã€ã¹ãã©ãããã°ãããããããŸããã§ããã
https://stefanchrist.eu/blog/2015_01_21/Using%20ipv6only%20in%20Nginx.xhtml
ããã°æçš¿ããã®ãã®åŒçšã¯ãç§ã«ãšã£ãŠé»çã®ç¬éã§ããã
ãã©ã¡ãŒã¿ã¯ãããšãã°sslãã©ã°ãšã¯ç°ãªããŸãã ãã©ã°sslã¯ãè€æ°ã®ãµãŒããŒã³ã³ããã¹ãã§äœ¿çšã§ããå¿ èŠã«å¿ããŠãªã³ãšãªããåãæ¿ããããšãã§ããŸãã ãã©ã°ipv6onlyã¯ãããŒãïŒããã³ã¢ãã¬ã¹ïŒããšã«1åã ãèšå®ã§ããŸãã ãã©ã¡ãŒã¿ãå«ãã®ã¯1ã€ã®listenãã£ã¬ã¯ãã£ãã®ã¿ã§ããããã®ããŒãã䜿çšãããã¹ãŠã®ãµãŒããŒã³ã³ããã¹ãã§æå¹ã«ãªããŸãã 2å䜿çšãããšãnginxããŒã¢ã³ãèµ·åããã次ã®ãšã©ãŒã¡ãã»ãŒãžããšã©ãŒãã°ã«æžã蟌ãŸããŸãã
ãŸã ååšããŸãããPythonãããŒãžããåŸãã¹ããŒããããã®ãšã©ãŒãåã€ã³ã¹ããŒã«ããŸãã certbotã®ã©ããã«ãšã©ãŒããããŸã
ãã®è¡ã«ã³ã¡ã³ããããšãšã©ãŒã¯è§£æ±ºããŸãããä»ã®åé¡ãçºçããŸã
server {
listen 443 ssl http2;
# listen [::]:443 ssl http2 ipv6only=on;
è€æ°ã®ãã¡ã€ã³ã®å Žå
ã®ä»£ããã«
ãªãã¹ã³[::]ïŒ443 ssl http2 ipv6only = on;
䜿çšãã
äŸãèããŠãã ããã comïŒ443 ssl http2 ipv6only = on;
ãã¹ãŠã®ãµãŒããŒãããã¯ã§listen
ãã£ã¬ã¯ãã£ããçç¥ããŸãã
ãã®ãšã©ãŒã¯ãåãããŒãã§åããã¡ã€ã³ããªãã¹ã³ããŠãã2ã€ã®ãµãŒããŒãããã¯ãããå Žåã«è¡šç€ºãããŸãã
éè€ãããªã¹ããŒã«ã€ããŠã¯ãsites-availableãã©ã«ããŒå
ã®ãã¹ãŠã®æ§æãã¡ã€ã«ã確èªããŠãã ããã ç§ã®å Žåãcertbotã¯ãããã©ã«ããã¡ã€ã«ã«443ã®ãªã¹ããŒãè€è£œããŠäœæããŸããã
ææ°ããŒãžã§ã³ã®Certbotã§ãããåçŸããããã®æ§æãã¡ã€ã«ãæäŸã§ããã°ãç§ã¯ããããèŠãŠã¿ãããšæããŸãã
å€ç¬ãªæ€çŽ¢ã§å°æ¥ãã®ãã±ããããããããå¯èœæ§ããããä»ã«ipv6only=on
ããªããšãã«ãªããããçºçããã®ãç解ã§ããªãåéºè
ã®ããã«ã
æ§æã«reuseport
ãããå Žåãåããšã©ãŒ/åé¡ãçºçããŸãã
ç§ã¯èªããŸããç§ã¯æ··ä¹±ããŠããŸãã nginxã®ããã¥ã¡ã³ãã«ãããšã listen
ã«ã¯ããã€ãã®ãã©ã¡ãŒã¿ãŒããããŸããããéå§æã«äžåºŠããèšå®ã§ããªãããšæå®ãããŠããã®ã¯ipv6only
ã ãã§ãã ãã®è¡ã¯æ®ãã®ãã©ã¡ãŒã¿ãŒããæ¬ èœããŠããã ãã§ããïŒ ã·ã¹ãã ã«äŸåããŸããïŒ äžæµã§ãã®åäœãä¿®æ£ããããšãæåã®è¡åã§ãããããããªããšç§ã¯èãå§ããŠããŸãã ãšã«ããããããã®ãªãã·ã§ã³ãäžåºŠã ãèšå®ã§ããããã«ããã®ã¯ã°ãããŠããããã§ãã
æ®å¿µãªããç§ã¯Linuxãœã±ããã®å°é家ã§ã¯ãªãã®ã§ããããã®ãªãã·ã§ã³ã1åããèšå®ã§ããªãçç±ã«ã€ããŠé©åãªæèŠãè¿°ã¹ãããšã¯ã§ããŸããããçç±ããããšç¢ºä¿¡ããŠããŸãã
ãã¶ããã®æçš¿ã¯åœ¹ã«ç«ã¡ãŸãïŒ https ïŒ
ç§ãç¥ã£ãŠããããšã¯ã ipv6only
åæ§ã«ã reuseport
ãç¹å®ã®ããŒãããšã«1åããèšå®ã§ããªããšããããšã§ãïŒãããã£ãŠã1人ã®ãªã¹ããŒã ããèšå®ã§ããŸãïŒã ãããå¶ç¶ã«ïŒããè¯ãèšèããªãããã«ïŒ ipv6only
ãšç«¶åããçç±ã¯ãç§ã«ã¯ããããŸããã
ããã§ããcertbotã®å®è¡ãå°ãç¡é§ãªå Žåã¯ã ipv6only=on
è¿œå ããããšæããŸãã
2012幎ã«ãªãªãŒã¹ãããnginx1.3.4以éã¯äžèŠã§ãããæè¡çã«ã¯EOLã§ãã
å°ãªããšããããŒãžã§ã³ãã§ãã¯ããããè¿œå ããåã«nginx < 1.3.4
å Žåã«ã®ã¿è¿œå ããå¿
èŠããããŸãã
Certbotã§ã¯èšå®ããŠããŸããã ãµãŒããŒãããã¯ãäœæãããšããæ¢åã®ããã©ã«ããµãŒããŒãããã¯ãŸãã¯ä»ã®ãã³ãã¬ãŒããµãŒããŒãããã¯ããããã€ãã®ãã£ã¬ã¯ãã£ããã³ããŒããŸããããã«ã¯ãlistenãã£ã¬ã¯ãã£ããšãã®ãªãã·ã§ã³ãå«ãŸããŸãã ããã«ãããNginxããããã·ãŸãã¯ä»ã®ã¿ã€ãã®ããŒã転éã®èåŸã«ããå Žåã§ãCertbotãæ©èœããŸãã è€è£œããããµãŒããŒãããã¯ããipv6only=on
ãæ瀺çã«åé€ããŸããããã¯ãããã¥ã¡ã³ãã«1åãã䜿çšã§ããªãããšã瀺ãããŠããããã§ãã
çæ³çã«ã¯ããã®æ¹æ³ã§è€è£œã§ããªãããšãããã£ãŠãããã¹ãŠã®ãªãã·ã§ã³ã«å¯ŸããŠåãããšãè¡ããŸããããŠãŒã¶ãŒããã¹ãŠã®ãµãŒããŒãããã¯ã«ç¹ã«å¿ èŠãšããå¯èœæ§ã®ããä»ã®ãªãã·ã§ã³ã¯æ®ããŸãã ãã®ããã«ã¯ãã©ã®ãªãã·ã§ã³ãåçŸå¯èœã§ãã©ã®ããã¥ã¡ã³ãã瀺ããŠããªãããã§ããã®ãããªåé¡ã«ã€ããŠç§ãã¡ã«æ¥ã人ã ãéããŠã®ã¿çºèŠããããã«èŠããããç¥ãå¿ èŠããããŸãã
ããããšã@joohoi
ããªãã®èª¬æãšè§£æ±ºçã¯ãnginxããŒãžã§ã³1.18.0ã®Ubuntu20ã§ç§ã®ããã«åããŸãã
2ã€ã®VPSããããŸãã1ã€ã¯UbuntuãNginx1.10ãå®è¡ãããã1ã€ã¯CentosãNginx 1.16ãå®è¡ãããã®ãšã©ãŒãçºçããŸãã å¥åŠãª
æãåèã«ãªãã³ã¡ã³ã
åãåé¡ã
ã³ãã³ããå®è¡ããŸããïŒ
certbot --redirect --nginx -d readacted.com -d www.redacted.com
å ã®confãã¡ã€ã«ã¯æ¬¡ã®ããã«ãªããŸãã
/var/log/letsencrypt/letsencrypt.logã«ãããšãcertbotããããå®è¡ããããšããŠããããšãããããŸãã
nginxã¯
listen [::]:443 ssl ipv6only=on; # managed by Certbot
å®éã®ãšã©ãŒã¡ãã»ãŒãžïŒ
nginx: [emerg] duplicate listen options for [::]:443 in /etc/nginx/sites-enabled/redacted.com:23
ç°¡åãªã°ãŒã°ã«ã2010幎ãããã®ããŒãžãç«ã¡äžããŸããïŒ
http://www.serverphorums.com/read.php?5,203912
ããã¯ãå éšå®è£ ã®è©³çŽ°ãåå ã§nginxãæ··ä¹±ããããšã瀺åããŠããŸãã
ç§ã¯nginxã®å°é家ã§ã¯ãããŸãããã次ã®ããšãæ©èœããããã«èŠããããšããã¹ãããŸããã
ãã®åé¿çãçæ³çã§ããããè¯ã解決çã欲ããã§ã...