let’s EncryptのワイルドカードSSL証明書を取得する。 IT by NHM - 2021-02-092021-05-25 certbotをインストールしてSSL証明書をリクエストする。二つ以上のワイルドカードでも問題ない。 sudo apt-get install certbot sudo certbot certonly --manual --server https://acme-v02.api.letsencrypt.org/directory --preferred-challenges dns -d *.test.co.jp -d *.test.com -m test@gmail.com --agree-tos 質問に答える。 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. (メアド共有しても良いか?) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y Obtaining a new certificate Performing the following challenges: dns-01 challenge for test.com dns-01 challenge for test.co.jp - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? (マシンのIP記録しても良いか?) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - TXTレコードをDNS設定しろと言われるので設定する。私はお名前コムで設定した。設定が反映されたかは下記コマンドで確認。 nslookup -q=txt _acme-challenge.test.com Server: 8.8.8.8 Address: 8.8.8.8#53 ** server can't find _acme-challenge.test.com: NXDOMAIN(未設定時) Non-authoritative answer:_acme-challenge.test.com text = "xxxxx"(設定成功後) DNSの設定が完了したらエンターを押す。エンター押したら認証が実行される。 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.test.com with the following value: xxxxxxxxxxx Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.test.co.jp with the following value: xxxxxxxxxxx Before continuing, verify the record is deployed. (This must be set up in addition to the previous challenges; do not remove, replace, or undo the previous challenge tasks yet. Note that you might be asked to create multiple distinct TXT records with the same name. This is permitted by DNS standards.) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue Waiting for verification... crontabに自動更新の設定を追加しておく 10 0 21 8,11,2,5 * sudo certbot renew 25 0 * * * sudo systemctl restart nginx 25 0 * * * /opt/bitnami/ctlscript.sh restart apache Share on Facebook Share Share on TwitterTweet Share on Pinterest Share Share on LinkedIn Share Share on Digg Share Tags: Let'sEncrypt / Lightsail / SSL証明書