



両方とも前のリビジョン 前のリビジョン
linux:certbot_client [2019/02/15 14:41] – [証明書取得の実行] ともやんlinux:certbot_client [2023/04/04 07:18] – [既に取得済みの証明書にサブドメインを追加] ともやん
行 2: 行 2:
 ===== Fedora 29 でのインストール ===== ===== Fedora 29 でのインストール =====
-<code>+<WRAP color_term> 
 +<WRAP color_command><html><pre>
 $ sudo -s $ sudo -s
 # cd ~ # cd ~
行 9: 行 10:
 # chmod a+x certbot-auto # chmod a+x certbot-auto
 # ./certbot-auto # ./certbot-auto
-</code> +</pre></html></WRAP> 
-<WRAP prewrap 100%+<WRAP color_result><html><pre>
 Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap) Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap)
 dnf は /usr/bin/dnf です dnf は /usr/bin/dnf です
行 43: 行 43:
 Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot-auto certonly" to do so. You'll need to manually configure your web server to use the resulting certificate. Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot-auto certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
 </WRAP> </WRAP>
 ===== インストール ===== ===== インストール =====
-<code>+<WRAP color_term> 
 +<WRAP color_command><html><pre>
 $ sudo dnf install certbot python-certbot-apache $ sudo dnf install certbot python-certbot-apache
 +===== 使用方法 [--help] ===== 
 +<WRAP color_term> 
 +<WRAP color_command><html><pre> 
 +$ certbot --help 
 +<WRAP color_result_long><html><pre> 
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
 +  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... 
 +Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default, 
 +it will attempt to use a webserver both for obtaining and installing the 
 +certificate. The most common SUBCOMMANDS and flags are: 
 +obtain, install, and renew certificates: 
 +    (default) run   Obtain & install a certificate in your current webserver 
 +    certonly        Obtain or renew a certificate, but do not install it 
 +    renew           Renew all previously obtained certificates that are near 
 +    enhance         Add security enhancements to your existing configuration 
 +   -d DOMAINS       Comma-separated list of domains to obtain a certificate for 
 +  (the certbot apache plugin is not installed) 
 +  --standalone      Run a standalone webserver for authentication 
 +  (the certbot nginx plugin is not installed) 
 +  --webroot         Place files in a server's webroot folder for authentication 
 +  --manual          Obtain certificates interactively, or using shell script 
 +   -n               Run non-interactively 
 +  --test-cert       Obtain a test certificate from a staging server 
 +  --dry-run         Test "renew" or "certonly" without saving any certificates 
 +to disk 
 +manage certificates: 
 +    certificates    Display information about certificates you have from Certbot 
 +    revoke          Revoke a certificate (supply --cert-name or --cert-path) 
 +    delete          Delete a certificate (supply --cert-name) 
 +manage your account: 
 +    register        Create an ACME account 
 +    unregister      Deactivate an ACME account 
 +    update_account  Update an ACME account 
 +    show_account    Display account details 
 +  --agree-tos       Agree to the ACME server's Subscriber Agreement 
 +   -m EMAIL         Email address for important account notifications 
 +More detailed help: 
 +  -h, --help [TOPIC]    print this message, or detailed help on a topic; 
 +                        the available TOPICS are: 
 +   all, automation, commands, paths, security, testing, or any of the 
 +   subcommands or plugins (certonly, renew, install, register, nginx, 
 +   apache, standalone, webroot, etc.) 
 +  -h all                print a detailed help page including all topics 
 +  --version             print the version number 
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
 ===== テスト実行 ===== ===== テスト実行 =====
-<WRAP prewrap 100%+<WRAP color_term
-<code>+<WRAP color_command><html><pre>
 $ sudo certbot $ sudo certbot
 +<WRAP color_result><html><pre>
 Saving debug log to /var/log/letsencrypt/letsencrypt.log Saving debug log to /var/log/letsencrypt/letsencrypt.log
 Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate. Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
 $ sudo less /var/log/letsencrypt/letsencrypt.log $ sudo less /var/log/letsencrypt/letsencrypt.log
 </WRAP> </WRAP>
-<WRAP prewrap 100%+ 
-<file /var/log/letsencrypt/letsencrypt.log>+<WRAP color_term
 +<WRAP color_mincode><file /var/log/letsencrypt/letsencrypt.log>
 2019-02-15 11:53:24,221:DEBUG:certbot.main:certbot version: 0.30.2 2019-02-15 11:53:24,221:DEBUG:certbot.main:certbot version: 0.30.2
 2019-02-15 11:53:24,222:DEBUG:certbot.main:Arguments: [] 2019-02-15 11:53:24,222:DEBUG:certbot.main:Arguments: []
行 69: 行 137:
 2019-02-15 11:53:24,248:DEBUG:certbot.plugins.selection:No candidate plugin 2019-02-15 11:53:24,248:DEBUG:certbot.plugins.selection:No candidate plugin
 2019-02-15 11:53:24,248:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None 2019-02-15 11:53:24,248:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
 </WRAP> </WRAP>
 ===== 証明書取得の実行 ===== ===== 証明書取得の実行 =====
-<WRAP prewrap 100%+<WRAP color_term
-<code+<WRAP color_command><html><pre
-$ sudo certbot certonly --webroot -w /var/www/vhosts/ -d -w /var/www/vhosts/ -d$ sudo certbot certonly --webroot -w /var/www/vhosts/letsencrypt -d -w /var/www/vhosts/letsencrypt -d 
 +<WRAP color_result_long><html><pre>
 Saving debug log to /var/log/letsencrypt/letsencrypt.log Saving debug log to /var/log/letsencrypt/letsencrypt.log
行 99: 行 169:
 Obtaining a new certificate Obtaining a new certificate
 Performing the following challenges: Performing the following challenges:
 +http-01 challenge for
 http-01 challenge for http-01 challenge for
-Using the webroot path /var/www/vhosts/ for all unmatched domains.+Using the webroot path /var/www/vhosts/letsencrypt for all unmatched domains.
 Waiting for verification... Waiting for verification...
 Cleaning up challenges Cleaning up challenges
行 113: 行 184:
    again. To non-interactively renew *all* of your certificates, run    again. To non-interactively renew *all* of your certificates, run
    "certbot renew"    "certbot renew"
- - Your account credentials have been saved in your Certbot 
-   configuration directory at /etc/letsencrypt. You should make a 
-   secure backup of this folder now. This configuration directory will 
-   also contain certificates and private keys obtained by Certbot so 
-   making regular backups of this folder is ideal. 
  - If you like Certbot, please consider supporting our work by:  - If you like Certbot, please consider supporting our work by:
    Donating to ISRG / Let's Encrypt:    Donating to ISRG / Let's Encrypt:
    Donating to EFF:              Donating to EFF:          
 </WRAP> </WRAP>
 +===== 既に取得済みの証明書にサブドメインを追加 =====
 +**** サブドメインを追加する場合、既存ドメインに ****、**** のあとに追記する🤔\\
 +コマンドラインでは、<html><code>-w /var/www/vhosts/letsencrypt -d</code></html>を追加で指定する。\\
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +<b class=GRN>$</b> <b class=HIY>sudo</b> certbot certonly <b class=HIK>--force-renew --webroot -w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b> <b class=HIK>-w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b> <b class=HIK>-w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b>
 +<WRAP color_result><html><pre>
 +Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +An RSA certificate named already exists. Do you want to update
 +its key type to ECDSA?
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +(U)pdate key type/(K)eep existing key type: u
 +Renewing an existing certificate for and 2 more domains
 +Successfully received certificate.
 +Certificate is saved at: /etc/letsencrypt/live/
 +Key is saved at:         /etc/letsencrypt/live/
 +This certificate expires on 2023-07-02.
 +These files will be updated when the certificate renews.
 +Certbot has set up a scheduled task to automatically renew this certificate in the background.
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +If you like Certbot, please consider supporting our work by:
 + * Donating to ISRG / Let's Encrypt:
 + * Donating to EFF:          
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Apache の場合は、新しく取得した証明書を有効化する為にリロードする🤔\\
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +<b class=GRN>$</b> <b class=HIY>sudo</b> systemctl reload httpd
 +===== 証明書更新テストの実行 =====
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +$ sudo certbot renew --dry-run
 +<WRAP color_result><html><pre>
 +Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Simulating renewal of an existing certificate for and
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Simulating renewal of an existing certificate for and 3 more domains
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Congratulations, all simulated renewals succeeded: 
 +  /etc/letsencrypt/live/ (success)
 +  /etc/letsencrypt/live/ (success)
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +===== 証明書更新の実行 =====
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +$ sudo certbot renew
 +<WRAP color_result_long><html><pre>
 +Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Cert is due for renewal, auto-renewing...
 +Plugins selected: Authenticator webroot, Installer None
 +Renewing an existing certificate
 +Performing the following challenges:
 +http-01 challenge for
 +http-01 challenge for
 +Waiting for verification...
 +Cleaning up challenges
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +new certificate deployed without reload, fullchain is
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Cert is due for renewal, auto-renewing...
 +Plugins selected: Authenticator webroot, Installer None
 +Renewing an existing certificate
 +Performing the following challenges:
 +http-01 challenge for
 +http-01 challenge for
 +http-01 challenge for
 +http-01 challenge for
 +Waiting for verification...
 +Cleaning up challenges
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +new certificate deployed without reload, fullchain is
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Congratulations, all renewals succeeded. The following certs have been renewed:
 +  /etc/letsencrypt/live/ (success)
 +  /etc/letsencrypt/live/ (success)
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +新しい証明書を反映させるために、Apache をリロードする😉\\
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +$ sudo systemctl reload httpd
  • linux/certbot_client.txt
  • 最終更新: 2023/08/28 08:27
  • by ともやん