MoinQ: Letsencrypt/certbot/新規作成例/t3-2

1. 再作成動作

dns-01の txt レコードは再作成されない。(変化なし)

• acme サイトに確認と再署名を依頼している。

# certbot certonly --manual --preferred-challenges dns-01 -d *.t3.odns.info --manual-auth-hook /home/tmaeno/dnsdata/txt.sh

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/t3.odns.info.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/nginx

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/t3.odns.info/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/t3.odns.info/privkey.pem
   Your cert will expire on 2022-05-20. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

2. history

2022-02-19 10:33:22,885:DEBUG:certbot.main:certbot version: 0.31.0
2022-02-19 10:33:22,886:DEBUG:certbot.main:Arguments: ['--manual', '--preferred-challenges', 'dns-01', '-d', '*.t3.odns.info', '--manual-auth-hook', '/home/tmaeno/dnsdata/txt.sh']

2022-02-19 10:33:22,886:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-02-19 10:33:22,892:DEBUG:certbot.log:Root logging level set at 20
2022-02-19 10:33:22,893:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2022-02-19 10:33:22,894:DEBUG:certbot.plugins.selection:Requested authenticator manual and installer None
2022-02-19 10:33:22,894:DEBUG:certbot.plugins.selection:Single candidate plugin: * manual
2022-02-19 10:33:22,894:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.manual.Authenticator object at 0x7f8b5324acc0> and installer None
2022-02-19 10:33:22,895:INFO:certbot.plugins.selection:Plugins selected: Authenticator manual, Installer None
2022-02-19 10:33:22,897:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/72678326', new_authzr_uri=None, terms_of_service=None), 3ae7aa5460bedcfae1ac248a1ba58bd3, Meta(creation_dt=datetime.datetime(2019, 11, 27, 23, 32, 30, tzinfo=<UTC>), creation_host='ik1-329-24992'))>

2022-02-19 10:33:22,898:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2022-02-19 10:33:22,900:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2022-02-19 10:33:23,360:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2022-02-19 10:33:23,361:DEBUG:acme.client:Received response:
2022-02-19 10:33:23,369:INFO:certbot.renewal:Cert not yet due for renewal
2022-02-19 10:33:29,378:INFO:certbot.main:Renewing an existing certificate
2022-02-19 10:33:29,443:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0073_key-certbot.pem
2022-02-19 10:33:29,445:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0073_csr-certbot.pem
2022-02-19 10:33:29,445:DEBUG:acme.client:Requesting fresh nonce
2022-02-19 10:33:29,445:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2022-02-19 10:33:29,592:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-02-19 10:33:29,593:DEBUG:acme.client:Received response:
2022-02-19 10:33:29,593:DEBUG:acme.client:Storing nonce: 0002i3_cPjtq4tBv_Zel0iW7j8CFsJVG4DVHJLpE7f-7a34
2022-02-19 10:33:29,594:DEBUG:acme.client:JWS payload:
2022-02-19 10:33:29,596:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
2022-02-19 10:33:29,767:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 334
2022-02-19 10:33:29,767:DEBUG:acme.client:Received response:
2022-02-19 10:33:29,768:DEBUG:acme.client:Storing nonce: 0002gYRtvZrycVwd7GgB6cq6oqMX28rBMGoSS5w8vXt9SbE
2022-02-19 10:33:29,768:DEBUG:acme.client:JWS payload:
2022-02-19 10:33:29,769:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/79901980920:
2022-02-19 10:33:29,920:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/79901980920 HTTP/1.1" 200 518
2022-02-19 10:33:29,920:DEBUG:acme.client:Received response:
2022-02-19 10:33:29,921:DEBUG:acme.client:Storing nonce: 0001qipxDu3_XqNIn_CRtJ14T7FcV_NIzPdAikXF1jycHS4

2022-02-19 10:33:29,921:DEBUG:certbot.client:CSR: CSR(file='/etc/letsencrypt/csr/0073_csr-certbot.pem', data=b'-----BEGIN CERTIFICATE REQUEST-----\nMIICcTCCAVkCAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMJ1
...
\nxLAZNgE4bvbDe7EVDVHwCZqItwjXPOzkhv244+b743G5V2YjAQnKbC0jWpB1n5S0\nHPzdMt5uEgcHh4Mxm1kA/eXMctI9/+xoKVugGUxsrWoab5/dvll1LxNg6L2saH8q\nJLGIAAnIszRz3hELXAZP9DDFMW5bsKh3qs+U0gf5/KRicn6MLVM4zwK2qYmL0HRG\nKugM2Go=\n-----END CERTIFICATE REQUEST-----\n', form='pem')

2022-02-19 10:33:29,922:DEBUG:acme.client:JWS payload:
2022-02-19 10:33:29,923:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/finalize/72678326/65091956340:
2022-02-19 10:33:30,291:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/finalize/72678326/65091956340 HTTP/1.1" 200 438
2022-02-19 10:33:30,292:DEBUG:acme.client:Received response:
2022-02-19 10:33:30,292:DEBUG:acme.client:Storing nonce: 0001l48OFRwHsnq91ixARfw10sdhS0-8maCMOLZ7JAfUgUA
2022-02-19 10:33:31,293:DEBUG:acme.client:JWS payload:
2022-02-19 10:33:31,294:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/order/72678326/65091956340:
2022-02-19 10:33:31,453:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/order/72678326/65091956340 HTTP/1.1" 200 438
2022-02-19 10:33:31,454:DEBUG:acme.client:Received response:
2022-02-19 10:33:31,454:DEBUG:acme.client:Storing nonce: 0001fKnVZCVaLFh2jaZF_j53aklutcYk4-TU2RG8CbYovPk
2022-02-19 10:33:31,455:DEBUG:acme.client:JWS payload:
2022-02-19 10:33:31,456:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/cert/03890fc24ce20d11e71bb4e731e54c9d9427:
2022-02-19 10:33:31,606:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/cert/03890fc24ce20d11e71bb4e731e54c9d9427 HTTP/1.1" 200 5593
2022-02-19 10:33:31,606:DEBUG:acme.client:Received response:
2022-02-19 10:33:31,607:DEBUG:acme.client:Storing nonce: 0002wLGfhi0i-O4VtLNNrRtX1vp295oERl2uvaHoPXdDkXg
2022-02-19 10:33:31,608:DEBUG:certbot.storage:Writing new private key to /etc/letsencrypt/archive/t3.odns.info/privkey2.pem.
2022-02-19 10:33:31,608:DEBUG:certbot.storage:Writing certificate to /etc/letsencrypt/archive/t3.odns.info/cert2.pem.
2022-02-19 10:33:31,608:DEBUG:certbot.storage:Writing chain to /etc/letsencrypt/archive/t3.odns.info/chain2.pem.
2022-02-19 10:33:31,608:DEBUG:certbot.storage:Writing full chain to /etc/letsencrypt/archive/t3.odns.info/fullchain2.pem.

2022-02-19 10:33:31,615:DEBUG:certbot.plugins.selection:Requested authenticator manual and installer <certbot.cli._Default object at 0x7f8b529afef0>
2022-02-19 10:33:31,618:DEBUG:certbot.cli:Var pref_challs=dns-01 (set by user).
2022-02-19 10:33:31,622:DEBUG:certbot.cli:Var authenticator=manual (set by user).
2022-02-19 10:33:31,624:DEBUG:certbot.cli:Var manual_auth_hook=/home/tmaeno/dnsdata/txt.sh (set by user).
2022-02-19 10:33:31,626:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/t3.odns.info.conf.new.

2022-02-19 10:33:31,627:INFO:certbot.hooks:Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/nginx
2022-02-19 10:33:31,644:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
2022-02-19 10:33:31,644:DEBUG:certbot.reporter:Reporting to user: If you like Certbot, please consider supporting our work by:
root@skr:/var/log/letsencrypt# 

2022-02-19 10:26:01.642586500 997ebbf6:dd46:2bc6 + S0010 t3.odns.info
2022-02-19 10:26:16.476307500 997ebbf6:eb1f:11f6 + S0010 txt.t3.odns.info
2022-02-19 10:34:59.001079500 acd9258f:d6d8:262b + 001c moin.qmail.jp
2022-02-19 10:35:02.336304500 4a7d7001:e67c:7447 + 0010 t3.odns.info
2022-02-19 10:35:02.353745500 4a7d728f:9031:0f83 + 0010 t3.odns.info
2022-02-19 10:35:41.076693500 9c9a4d92:e8ff:c83d + S0010 t3.odns.info
2022-02-19 10:37:58.066725500 997ebbf6:c9d2:6efe + S0010 txt.t3.odns.info
2022-02-19 10:42:25.824530500 acfdd60d:e995:5414 + S0010 t3.odns.info
2022-02-19 10:42:55.826085500 a29eb848:f233:3514 + S0010 \052.t3.odns.info
2022-02-19 10:43:31.507798500 acfd0886:b634:b275 + S0010 t3.odns.info
2022-02-19 10:44:02.758991500 acfdd66f:e667:95d9 + 0010 t3.odns.info
2022-02-19 10:44:56.552898500 a29eb848:57d3:f27f + S0010 \052.t3.odns.info
2022-02-19 10:45:32.467423500 a29eb849:a6e9:89ba + S0010 \052.t3.odns.info
2022-02-19 10:47:29.277045500 03fb69c5:d982:49ba + S0010 \052.t3.odns.info
2022-02-19 10:47:29.278336500 03fb69e7:14c5:3032 + S0010 \052.t3.odns.info
2022-02-19 10:50:38.334425500 6deaa11c:a4e4:197f + S0010 default._domainkey.uranus.odns.info

CategoryDns CategoryWatch CategoryTemplate