Archive for the ‘Serverの構築と運用覚書き’ Category



Server バックアップ用 スクリプトを作成

Saturday, June 6th, 2026

先月末に、このサーバーのmedia(SSD)がクラッシュした後、復旧手続きを終えることができた。

復旧にあたっては、新たなMedia(HDD 1TB)を調達し、この上にOS:Almalinux10.2をインストールしたのち、かなりの部分について記憶をたよりに設定作業をおこなった。

同じような障害の発生に備えて、バックアップ用スクリプトを作成しておいたので記録しておく:
(続きを読む)

Posted in Serverの構築と運用覚書き | No Comments »



LetsEncrypt SSL 証明書の更新(2026/05/02 実施)

Saturday, May 2nd, 2026

LetsEncryptの SSL証明書更新日がきたので恒例の更新作業をおこなった。

更新のタイムリミットが今日の午後6時となっているのをみて、冷や汗をかきながらの更新となった。

以下、更新時のLogを転記しておく:

[root@Server01 ~]# certbot certonly --manual
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): *.yamasnet.com
Renewing an existing certificate for *.yamasnet.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.yamasnet.com.

with the following value:

ngt_XbfyOdoW7V3h2l5GI3E_pmjlwrI3OdCQ-jdml4k

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.yamasnet.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yamasnet.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/yamasnet.com/privkey.pem
This certificate expires on 2026-07-30.
These files will be updated when the certificate renews.

NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

更新作業が完了したことを以下で確認:

[root@Server01 ~]# ccertbot certificates
-bash: ccertbot: command not found
[root@Server01 ~]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: yamasnet.com
    Serial Number: 648289b2410a797e33595e4dcab19f386fb
    Key Type: ECDSA
    Domains: *.yamasnet.com
    Expiry Date: 2026-07-30 23:53:23+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/yamasnet.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/yamasnet.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Posted in Serverの構築と運用覚書き | No Comments »



AlmaLinux 10.1 に upgrade した

Tuesday, March 24th, 2026

AlmaLinux 10.1 が 24 Nov 2025 付でReleaseされている(AlmaLinux Wiki

ver.10 からver.10.1への Minor updateということで、 以下のようにupdateしておいた。

[root@Server01 ~]# dnf update -y

更新作業後、systemを rebootしたのち OSの状態を確認:

[root@Server01 ~]# cat /etc/os-release
NAME="AlmaLinux"
VERSION="10.1 (Heliotrope Lion)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="10.1"
PLATFORM_ID="platform:el10"
PRETTY_NAME="AlmaLinux 10.1 (Heliotrope Lion)"
ANSI_COLOR="0;34"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:almalinux:almalinux:10.1"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
VENDOR_NAME="AlmaLinux"
VENDOR_URL="https://almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"

ALMALINUX_MANTISBT_PROJECT="AlmaLinux-10"
ALMALINUX_MANTISBT_PROJECT_VERSION="10.1"
REDHAT_SUPPORT_PRODUCT="AlmaLinux"
REDHAT_SUPPORT_PRODUCT_VERSION="10.1"
SUPPORT_END=2035-06-01

kernel の versionは以下:

[root@Server01 ~]# uname -sr
Linux 6.12.0-124.45.1.el10_1.x86_64

Posted in Serverの構築と運用覚書き | No Comments »



LetsEncrypt SSL 証明書の更新 (2026/02/01 実施)

Sunday, February 1st, 2026

SSL証明書の有効期限が本日 2月1日になっていることを失念。本サイト にアクセスできなくなっていた。

更新作業をしようにも、すべての記録はこのブログのなかにあるので、右往左往してしまった。

Googleで更新方法を確認し、なんとか更新作業を完了することができた。

以下、更新時のLogを転記しておく:

[root@Server01 ~]# certbot certonly --manual --preferred-challenges dns-01 -m yukichi.yamaguchi@yamasnet.com -d '*.yamasnet.com'
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for *.yamasnet.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.yamasnet.com.

with the following value:

wCai_sjFIKlPO1Nsrj9Bt8LO_fkI3RnAy5i-vkPlGeM

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.yamasnet.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yamasnet.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/yamasnet.com/privkey.pem
This certificate expires on 2026-05-02.
These files will be updated when the certificate renews.

NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

なお、これまでの更新作業は以下のコマンド列で行うことができる。これまでの作業記録にアクセスできず、多少、丁寧なものになっている。

[root@Server01 ~]# certbot certonly --manual

SSLが更新されたことを以下で確認:

[root@Server01 ~]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: yamasnet.com
    Serial Number: 66c6ccb953d6525f7d37170de4eee04e444
    Key Type: ECDSA
    Domains: *.yamasnet.com
    Expiry Date: 2026-05-02 07:37:48+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/yamasnet.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/yamasnet.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Posted in Serverの構築と運用覚書き | No Comments »



LetsEncrypt SSL 証明書の更新(2025/11/03 実施)

Monday, November 3rd, 2025

LetsEncrypt SSLの有効期限が1週間後に迫ってきたので、いつもの更新作業をした。

この証明書の更新作業は、基本的にはcronによる自動更新することも可能だが、私の場合ワイルドカード証明書の更新をするため、DNSレコードの書き換えを更新の都度行う必要があるため手動による作業をおこなっている。

以下、更新時のLogを転記しておく:

[root@Server01 ~]# certbot certonly --manual
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): *.yamasnet.com
Renewing an existing certificate for *.yamasnet.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:

_acme-challenge.yamasnet.com.

with the following value:

cLllrumdCxUWZzLPx0njhtR318gZRQ2aVS_g54cqmYQ

Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.yamasnet.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/yamasnet.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/yamasnet.com/privkey.pem
This certificate expires on 2026-02-01.
These files will be updated when the certificate renews.

NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

(続きを読む)

Posted in Serverの構築と運用覚書き | No Comments »



          Entries (RSS) and Comments (RSS)             Powered by WordPress