1. Letsencrypt/certbot/ubuntu
| /crontab /http /instructions /renewal /説明 |
Contents
1.1. wildcard manual mode
Letsencrypt/certbot/manual_mode/dns-01/ubuntu/wildcard
1.2. renewalは限定
2020-09-23 で(自動)更新されていた。-- ToshinoriMaeno 2020-09-25 00:52:38
Not Before 9/23/2020, 11:01:16 AM (Japan Standard Time) Not After 12/22/2020, 11:01:16 AM (Japan Standard Time)
moin2 の証明書の期限: 2020/7/25 7:47:00 (Asia/Tokyo)
1.3. certbot instructions
Nginx on Ubuntu 18.04 LTS (bionic) -- ToshinoriMaeno 2020-06-05 21:34:57
https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx /instructions
Test automatic renewal
wildcard certificate 参考リンク : https://laboradian.com/use-wildcard-with-letsencrypt/ /説明
1.4. manual_mode/dns-01/ubuntu
moin2.qmail.jp での証明書更新 (dnsは a.ns.qmail.jpで設定)
更新できたら、# nginx -s reload; OK -- ToshinoriMaeno 2020-04-25 23:55:17
# certbot certonly --manual --preferred-challenges dns-01 -d moin2.qmail.jp Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Cert not yet due for renewal You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry. (ref: /etc/letsencrypt/renewal/moin2.qmail.jp.conf) What would you like to do? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Keep the existing certificate for now 2: Renew & replace the cert (limit ~5 per 7 days) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Renewing an existing certificate Performing the following challenges: dns-01 challenge for moin2.qmail.jp - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.moin2.qmail.jp with the following value: PNHmrGA4sYJ22fy4oBGypqKondDK75TVJ3vvQ9_qkuw Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/moin2.qmail.jp/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/moin2.qmail.jp/privkey.pem Your cert will expire on 2020-07-24. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le