Contents
wild card certificate を入手する簡単な方法:
1. 前提
qmail.jp NS は複数存在するので、権利確認用のドメイン名はひとつにまとめておく。
_acme-challenge.qmail.jp CNAME txt.tmaeno.com
tmaeno.com DNS を操れるホストで実行する。
- _acme-challenge.qmail.jp CNAME
2. sudo certbot
certbot certonly --manual --preferred-challenges dns-01 \ -d *.qmail.jp --manual-auth-hook /home/tmaeno/dnsdata/txt.sh
$ cat txt.sh
DATA_DIR=/home/tmaeno/dnsdata
#TXT_RR="'txt.${CERTBOT_DOMAIN}:${CERTBOT_VALIDATION}:300"
TXT_RR="'txt.tmaeno.com:${CERTBOT_VALIDATION}:300"
(cd ${DATA_DIR} && (echo ${TXT_RR} > letxt) && make)
sleep 10
exit 0
3. history
うまく行っているようだが。-- ToshinoriMaeno 2023-07-22 00:41:05
nginx を再起動する必要がある。
Saving debug log to /var/log/letsencrypt/letsencrypt.log Renewing an existing certificate for *.qmail.jp Hook '--manual-auth-hook' for qmail.jp ran with output: cat base cname txt0 letxt tmaeno > /service/tinydns/root/qmailjp (cd /service/tinydns/root; make) make[1]: Entering directory '/home/tinydns/root' cat localdomain data0 > data /usr/local/bin/tinydns-data make[1]: Leaving directory '/home/tinydns/root' Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/qmail.jp-0001/fullchain.pem Key is saved at: /etc/letsencrypt/live/qmail.jp-0001/privkey.pem This certificate expires on 2023-10-19. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background.
$ cat letxt 'txt.tmaeno.com:uobhPFvnSXGa0m2C6DsO7Tf6k4LS1i7chiX6zC5aWjE:300