## page was copied from DnsTemplate ##master-page:HelpTemplate <> <> wild card certificate を入手する簡単な方法: == 前提 == qmail.jp NS は複数存在するので、権利確認用のドメイン名はひとつにまとめておく。 {{{ _acme-challenge.qmail.jp CNAME txt.tmaeno.com }}} tmaeno.com DNS を操れるホストで実行する。 _acme-challenge.qmail.jp CNAME == sudo certbot == {{{ certbot certonly --manual --preferred-challenges dns-01 \ -d *.qmail.jp --manual-auth-hook /home/tmaeno/dnsdata/txt.sh }}} {{{ $ cat txt.sh DATA_DIR=/home/tmaeno/dnsdata #TXT_RR="'txt.${CERTBOT_DOMAIN}:${CERTBOT_VALIDATION}:300" TXT_RR="'txt.tmaeno.com:${CERTBOT_VALIDATION}:300" (cd ${DATA_DIR} && (echo ${TXT_RR} > letxt) && make) sleep 10 exit 0 }}} == history == うまく行っているようだが。-- ToshinoriMaeno <> nginx を再起動する必要がある。 {{{ Saving debug log to /var/log/letsencrypt/letsencrypt.log Renewing an existing certificate for *.qmail.jp Hook '--manual-auth-hook' for qmail.jp ran with output: cat base cname txt0 letxt tmaeno > /service/tinydns/root/qmailjp (cd /service/tinydns/root; make) make[1]: Entering directory '/home/tinydns/root' cat localdomain data0 > data /usr/local/bin/tinydns-data make[1]: Leaving directory '/home/tinydns/root' Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/qmail.jp-0001/fullchain.pem Key is saved at: /etc/letsencrypt/live/qmail.jp-0001/privkey.pem This certificate expires on 2023-10-19. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. }}} {{{ $ cat letxt 'txt.tmaeno.com:uobhPFvnSXGa0m2C6DsO7Tf6k4LS1i7chiX6zC5aWjE:300 }}} ---- CategoryDns CategoryWatch CategoryTemplate