差分
このページの2つのバージョン間の差分を表示します。
両方とも前のリビジョン 前のリビジョン 次のリビジョン | 前のリビジョン | ||
linux:certbot_client [2019/02/15 05:00] – [テスト実行] ともやん | linux:certbot_client [2023/08/28 08:27] (現在) – [既に取得済みの証明書にサブドメインを追加] ともやん | ||
---|---|---|---|
行 1: | 行 1: | ||
====== Certbot クライアント ====== | ====== Certbot クライアント ====== | ||
+ | |||
+ | ===== Fedora でのインストール ===== | ||
+ | <WRAP color_term> | ||
+ | <WRAP color_command>< | ||
+ | $ sudo -s | ||
+ | # cd ~ | ||
+ | # dnf install python3-virtualenv | ||
+ | # curl -O https:// | ||
+ | # chmod a+x certbot-auto | ||
+ | # ./ | ||
+ | </ | ||
+ | <WRAP color_result>< | ||
+ | Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap) | ||
+ | dnf は / | ||
+ | dnf はハッシュされています (/ | ||
+ | メタデータの期限切れの最終確認: | ||
+ | パッケージ gcc-8.2.1-6.fc29.x86_64 は既にインストールされています。 | ||
+ | パッケージ augeas-libs-1.10.1-3.fc29.x86_64 は既にインストールされています。 | ||
+ | パッケージ openssl-1: | ||
+ | パッケージ openssl-devel-1: | ||
+ | パッケージ libffi-devel-3.1-18.fc29.x86_64 は既にインストールされています。 | ||
+ | パッケージ redhat-rpm-config-118-1.fc29.noarch は既にインストールされています。 | ||
+ | パッケージ ca-certificates-2018.2.26-2.fc29.noarch は既にインストールされています。 | ||
+ | パッケージ python2-libs-2.7.15-11.fc29.x86_64 は既にインストールされています。 | ||
+ | パッケージ python2-setuptools-40.4.3-1.fc29.noarch は既にインストールされています。 | ||
+ | パッケージ python2-devel-2.7.15-11.fc29.x86_64 は既にインストールされています。 | ||
+ | パッケージ python2-virtualenv-16.0.0-5.fc29.noarch は既にインストールされています。 | ||
+ | パッケージ python2-tools-2.7.15-11.fc29.x86_64 は既にインストールされています。 | ||
+ | パッケージ python2-pip-18.1-1.fc29.noarch は既にインストールされています。 | ||
+ | パッケージ mod_ssl-1: | ||
+ | 依存関係が解決しました。 | ||
+ | 行うべきことはありません。 | ||
+ | 完了しました! | ||
+ | Creating virtual environment... | ||
+ | Installing Python packages... | ||
+ | Installation succeeded. | ||
+ | Saving debug log to / | ||
+ | Error while running apachectl configtest. | ||
+ | |||
+ | AH00526: Syntax error on line 101 of / | ||
+ | SSLCertificateFile: | ||
+ | |||
+ | Certbot doesn' | ||
+ | </ | ||
+ | </ | ||
===== インストール ===== | ===== インストール ===== | ||
- | <code> | + | <WRAP color_term> |
+ | <WRAP color_command>< | ||
$ sudo dnf install certbot python-certbot-apache | $ sudo dnf install certbot python-certbot-apache | ||
- | </code> | + | </pre></ |
+ | </ | ||
+ | |||
+ | ===== 使用方法 [--help] ===== | ||
+ | <WRAP color_term> | ||
+ | <WRAP color_command>< | ||
+ | $ certbot --help | ||
+ | </ | ||
+ | <WRAP color_result_long>< | ||
+ | |||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | |||
+ | certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... | ||
+ | |||
+ | Certbot can obtain and install HTTPS/ | ||
+ | it will attempt to use a webserver both for obtaining and installing the | ||
+ | certificate. The most common SUBCOMMANDS and flags are: | ||
+ | |||
+ | obtain, install, and renew certificates: | ||
+ | (default) run | ||
+ | certonly | ||
+ | renew Renew all previously obtained certificates that are near | ||
+ | expiry | ||
+ | enhance | ||
+ | -d DOMAINS | ||
+ | |||
+ | (the certbot apache plugin is not installed) | ||
+ | --standalone | ||
+ | (the certbot nginx plugin is not installed) | ||
+ | --webroot | ||
+ | --manual | ||
+ | hooks | ||
+ | |||
+ | | ||
+ | --test-cert | ||
+ | --dry-run | ||
+ | to disk | ||
+ | |||
+ | manage certificates: | ||
+ | certificates | ||
+ | revoke | ||
+ | delete | ||
+ | |||
+ | manage your account: | ||
+ | register | ||
+ | unregister | ||
+ | update_account | ||
+ | show_account | ||
+ | --agree-tos | ||
+ | -m EMAIL Email address for important account notifications | ||
+ | |||
+ | More detailed help: | ||
+ | |||
+ | -h, --help [TOPIC] | ||
+ | the available TOPICS are: | ||
+ | |||
+ | all, automation, commands, paths, security, testing, or any of the | ||
+ | | ||
+ | | ||
+ | -h all print a detailed help page including all topics | ||
+ | --version | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | </ | ||
+ | </WRAP> | ||
===== テスト実行 ===== | ===== テスト実行 ===== | ||
- | < | + | < |
- | <code> | + | <WRAP color_command>< |
$ sudo certbot | $ sudo certbot | ||
+ | </ | ||
+ | <WRAP color_result>< | ||
Saving debug log to / | Saving debug log to / | ||
Certbot doesn' | Certbot doesn' | ||
$ sudo less / | $ sudo less / | ||
- | </code> | + | </pre></ |
</ | </ | ||
- | < | + | |
- | <file / | + | < |
- | 2019-02-14 14:08:59,139: | + | <WRAP color_mincode> |
- | 2019-02-14 14:08:59,139: | + | 2019-02-15 11:53:24,221: |
- | 2019-02-14 14:08:59,139: | + | 2019-02-15 11:53:24,222: |
- | 2019-02-14 14:08:59,159: | + | 2019-02-15 11:53:24,222: |
- | 2019-02-14 14:08:59,159: | + | 2019-02-15 11:53:24,246: |
- | 2019-02-14 14:08:59,160: | + | 2019-02-15 11:53:24,247: |
- | 2019-02-14 14:08:59,160: | + | 2019-02-15 11:53:24,248: |
- | 2019-02-14 14:08:59,160: | + | 2019-02-15 11:53:24,248: |
- | </ | + | 2019-02-15 11:53:24,248: |
+ | </file></ | ||
</ | </ | ||
===== 証明書取得の実行 ===== | ===== 証明書取得の実行 ===== | ||
- | < | + | < |
- | <code> | + | <WRAP color_command>< |
- | $ sudo certbot certonly --agree-tos --webroot | + | $ sudo certbot certonly --webroot |
+ | </ | ||
+ | <WRAP color_result_long>< | ||
Saving debug log to / | Saving debug log to / | ||
Plugins selected: Authenticator webroot, Installer None | Plugins selected: Authenticator webroot, Installer None | ||
Enter email address (used for urgent renewal and security notices) (Enter ' | Enter email address (used for urgent renewal and security notices) (Enter ' | ||
cancel): tomoyan@tomoyan.net | cancel): tomoyan@tomoyan.net | ||
+ | |||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | Please read the Terms of Service at | ||
+ | https:// | ||
+ | agree in order to register with the ACME server at | ||
+ | https:// | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | (A)gree/ | ||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
行 43: | 行 166: | ||
encrypting the web, EFF news, campaigns, and ways to support digital freedom. | encrypting the web, EFF news, campaigns, and ways to support digital freedom. | ||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
- | (Y)es/ | + | (Y)es/ |
Obtaining a new certificate | Obtaining a new certificate | ||
Performing the following challenges: | Performing the following challenges: | ||
- | http-01 challenge for tomoyan.net | + | http-01 challenge for monsters-g.com |
- | Using the webroot path /var/www/html for all unmatched domains. | + | http-01 challenge for www.monsters-g.com |
+ | Using the webroot path /var/www/vhosts/ | ||
Waiting for verification... | Waiting for verification... | ||
Cleaning up challenges | Cleaning up challenges | ||
- | Failed authorization procedure. tomoyan.net (http-01): urn: | ||
IMPORTANT NOTES: | IMPORTANT NOTES: | ||
- | | + | |
+ | / | ||
+ | Your key file has been saved at: | ||
+ | / | ||
+ | Your cert will expire on 2019-05-16. To obtain a new or tweaked | ||
+ | | ||
+ | | ||
+ | " | ||
+ | - If you like Certbot, please consider supporting our work by: | ||
- | Domain: tomoyan.net | + | Donating to ISRG / Let's Encrypt: |
- | Type: connection | + | |
- | Detail: Fetching | + | </ |
- | http:// | + | </ |
- | Error getting validation data | + | |
+ | ===== 既に取得済みの証明書にサブドメインを追加 ===== | ||
+ | **redmine.monsters-g.com** サブドメインを追加する場合、既存ドメインに **monsters-g.com**、**www.monsters-g.com** のあとに追記する🤔\\ | ||
+ | コマンドラインでは、< | ||
+ | <WRAP color_term> | ||
+ | <WRAP color_command>< | ||
+ | <b class=GRN> | ||
+ | </ | ||
+ | <WRAP color_result>< | ||
+ | 合計 3 | ||
+ | drwx------. 1 root root 88 8月 28 06:47 . | ||
+ | drwxr-xr-x. 1 root root 106 8月 28 06:47 .. | ||
+ | -rw-r--r--. 1 root root 740 2月 15 2019 README | ||
+ | drwxr-xr-x | ||
+ | drwxr-xr-x. 1 root root 94 8月 28 06:15 tomoyan.net | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | <WRAP color_term> | ||
+ | <WRAP color_command>< | ||
+ | <b class=GRN> | ||
+ | </ | ||
+ | <WRAP color_result>< | ||
+ | Saving debug log to / | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | An RSA certificate named monsters-g.com already exists. Do you want to update | ||
+ | its key type to ECDSA? | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | (U)pdate key type/(K)eep existing key type: u | ||
+ | Renewing an existing certificate for monsters-g.com and 2 more domains | ||
+ | |||
+ | Successfully received certificate. | ||
+ | Certificate is saved at: / | ||
+ | Key is saved at: / | ||
+ | This certificate expires on 2023-07-02. | ||
+ | These files will be updated when the certificate renews. | ||
+ | Certbot has set up a scheduled task to automatically renew this certificate in the background. | ||
+ | |||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | If you like Certbot, please consider supporting our work by: | ||
+ | * Donating to ISRG / Let's Encrypt: | ||
+ | * Donating to EFF: https:// | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | Apache の場合は、新しく取得した証明書を有効化する為にリロードする🤔\\ | ||
+ | <WRAP color_term> | ||
+ | <WRAP color_command>< | ||
+ | <b class=GRN> | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ===== 証明書更新テストの実行 ===== | ||
+ | <WRAP color_term> | ||
+ | <WRAP color_command>< | ||
+ | $ sudo certbot renew --dry-run | ||
+ | </ | ||
+ | <WRAP color_result>< | ||
+ | Saving debug log to / | ||
+ | |||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | Processing / | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | Simulating renewal of an existing certificate for monsters-g.com and www.monsters-g.com | ||
+ | |||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | Processing / | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | Simulating renewal of an existing certificate for tomoyan.net and 3 more domains | ||
+ | |||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | Congratulations, | ||
+ | | ||
+ | / | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ===== 証明書更新の実行 ===== | ||
+ | <WRAP color_term> | ||
+ | <WRAP color_command>< | ||
+ | $ sudo certbot renew | ||
+ | </ | ||
+ | <WRAP color_result_long>< | ||
+ | Saving debug log to / | ||
+ | |||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | Processing / | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | Cert is due for renewal, auto-renewing... | ||
+ | Plugins selected: Authenticator webroot, Installer None | ||
+ | Renewing an existing certificate | ||
+ | Performing the following challenges: | ||
+ | http-01 | ||
+ | http-01 challenge for www.monsters-g.com | ||
+ | Waiting for verification... | ||
+ | Cleaning up challenges | ||
+ | |||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | new certificate deployed without reload, fullchain is | ||
+ | /etc/ | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | |||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | Processing / | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | Cert is due for renewal, auto-renewing... | ||
+ | Plugins selected: Authenticator webroot, Installer None | ||
+ | Renewing an existing certificate | ||
+ | Performing the following challenges: | ||
+ | http-01 challenge for redmine.tomoyan.net | ||
+ | http-01 challenge for repos.tomoyan.net | ||
+ | http-01 challenge for tomoyan.net | ||
+ | http-01 challenge for www.tomoyan.net | ||
+ | Waiting for verification... | ||
+ | Cleaning up challenges | ||
+ | |||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | new certificate deployed without reload, fullchain is | ||
+ | / | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | |||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | |||
+ | Congratulations, | ||
+ | / | ||
+ | / | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | </ | ||
+ | </ | ||
- | To fix these errors, please make sure that your domain name was | + | 新しい証明書を反映させるために、Apache をリロードする😉\\ |
- | entered correctly and the DNS A/AAAA record(s) for that domain | + | <WRAP color_term> |
- | contain(s) the right IP address. Additionally, | + | <WRAP color_command>< |
- | your computer has a publicly routable IP address and that no | + | $ sudo systemctl reload httpd |
- | firewalls are preventing the server from communicating with the | + | </pre></html></WRAP> |
- | | + | |
- | that you are serving files from the webroot path you provided. | + | |
- | - Your account credentials have been saved in your Certbot | + | |
- | | + | |
- | | + | |
- | also contain certificates and private keys obtained by Certbot so | + | |
- | | + | |
- | </code> | + | |
</ | </ | ||