You are here
Home > IT > let’s EncryptのワイルドカードSSL証明書を取得する。

let’s EncryptのワイルドカードSSL証明書を取得する。

certbotをインストールしてSSL証明書をリクエストする。二つ以上のワイルドカードでも問題ない。

sudo apt-get install certbot
sudo certbot certonly --manual --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns -d *.test.co.jp -d *.test.com -m test@gmail.com --agree-tos

質問に答える。

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
(メアド共有しても良いか?)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for test.com
dns-01 challenge for test.co.jp

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
(マシンのIP記録しても良いか?)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

TXTレコードをDNS設定しろと言われるので設定する。私はお名前コムで設定した。設定が反映されたかは下記コマンドで確認。

 nslookup -q=txt _acme-challenge.test.com

Server:		8.8.8.8
Address:	8.8.8.8#53

** server can't find _acme-challenge.test.com: NXDOMAIN(未設定時)
Non-authoritative answer:_acme-challenge.test.com	text = "xxxxx"(設定成功後)

DNSの設定が完了したらエンターを押す。エンター押したら認証が実行される。

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.test.com with the following value:

xxxxxxxxxxx

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.test.co.jp with the following value:

xxxxxxxxxxx

Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...

crontabに自動更新の設定を追加しておく

10 0 21 8,11,2,5 * sudo certbot renew
25 0 * * * sudo systemctl restart nginx
25 0 * * * /opt/bitnami/ctlscript.sh restart apache

コメントを残す

Top