差分

このページの2つのバージョン間の差分を表示します。

--- linux:certbot_client [2023/03/01 12:55] – [既に取得済みの証明書にサブドメインを追加] ともやん
+++ linux:certbot_client [2025/04/23 07:14] (現在) – [Certbot クライアント] ともやん
@@ 行 1: / 行 1: @@
 ====== Certbot クライアント ======
+Certbot は Electronic Frontier 財団が開発した ACME クライアントで Python で書かれている🤔\\
+[[arc>Certbot|Certbot - ArchWiki]] より...\\
-===== Fedora 29 でのインストール =====
+ACME (自動証明書管理環境) は、認証機関 (CA) が署名する X.509 証明書を自動化するために、インターネット標準 ([[https://datatracker.ietf.org/doc/html/rfc8555|RFC 8555]]) で仕様化されている😉\\
+[[https://letsencrypt.org/ja/docs/client-options/|ACME クライアント実装 - Let's Encrypt]]\\
+===== Fedora でのインストール =====
 <WRAP color_term>
 <WRAP color_command><html><pre>
@@ 行 196: / 行 202: @@
 <WRAP color_term>
 <WRAP color_command><html><pre>
-$ sudo certbot certonly --force-renew --webroot -w /var/www/vhosts/letsencrypt -d monsters-g.com -w /var/www/vhosts/letsencrypt -d www.monsters-g.com -w /var/www/vhosts/letsencrypt -d redmine.monsters-g.com
+<b class=GRN>$</b> <b class=HIY>sudo</b> ls -al /etc/letsencrypt/live
+</pre></html></WRAP>
+<WRAP color_result><html><pre>
+合計 3
+drwx------. 1 root root  88  8月 28 06:47 .
+drwxr-xr-x. 1 root root 106  8月 28 06:47 ..
+-rw-r--r--. 1 root root 740  2月 15  2019 README
+drwxr-xr-x  1 root root  94  8月 28 06:47 monsters-g.com
+drwxr-xr-x. 1 root root  94  8月 28 06:15 tomoyan.net
+</pre></html></WRAP>
+</WRAP>
+<WRAP color_term>
+<WRAP color_command><html><pre>
+<b class=GRN>$</b> <b class=HIY>sudo</b> certbot certonly <b class=HIK>--force-renew --webroot -w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b> monsters-g.com <b class=HIK>-w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b> www.monsters-g.com <b class=HIK>-w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b> redmine.monsters-g.com
 </pre></html></WRAP>
 <WRAP color_result><html><pre>
 Saving debug log to /var/log/letsencrypt/letsencrypt.log
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+An RSA certificate named monsters-g.com already exists. Do you want to update
+its key type to ECDSA?
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+(U)pdate key type/(K)eep existing key type: u
 Renewing an existing certificate for monsters-g.com and 2 more domains
@@ 行 205: / 行 230: @@
 Certificate is saved at: /etc/letsencrypt/live/monsters-g.com/fullchain.pem
 Key is saved at:         /etc/letsencrypt/live/monsters-g.com/privkey.pem
-This certificate expires on 2023-05-29.
+This certificate expires on 2023-07-02.
 These files will be updated when the certificate renews.
 Certbot has set up a scheduled task to automatically renew this certificate in the background.
@@ 行 220: / 行 245: @@
 <WRAP color_term>
 <WRAP color_command><html><pre>
-$ sudo systemctl reload httpd
+<b class=GRN>$</b> <b class=HIY>sudo</b> systemctl reload httpd
 </pre></html></WRAP>
 </WRAP>
@@ 行 249: / 行 274: @@
 </pre></html></WRAP>
 </WRAP>
+===== 証明書更新の実行 =====
+<WRAP color_term>
+<WRAP color_command><html><pre>
+$ sudo certbot renew
+</pre></html></WRAP>
+<WRAP color_result_long><html><pre>
+Saving debug log to /var/log/letsencrypt/letsencrypt.log
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Processing /etc/letsencrypt/renewal/monsters-g.com.conf
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Cert is due for renewal, auto-renewing...
+Plugins selected: Authenticator webroot, Installer None
+Renewing an existing certificate
+Performing the following challenges:
+http-01 challenge for monsters-g.com
+http-01 challenge for www.monsters-g.com
+Waiting for verification...
+Cleaning up challenges
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+new certificate deployed without reload, fullchain is
+/etc/letsencrypt/live/monsters-g.com/fullchain.pem
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Processing /etc/letsencrypt/renewal/tomoyan.net.conf
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Cert is due for renewal, auto-renewing...
+Plugins selected: Authenticator webroot, Installer None
+Renewing an existing certificate
+Performing the following challenges:
+http-01 challenge for redmine.tomoyan.net
+http-01 challenge for repos.tomoyan.net
+http-01 challenge for tomoyan.net
+http-01 challenge for www.tomoyan.net
+Waiting for verification...
+Cleaning up challenges
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+new certificate deployed without reload, fullchain is
+/etc/letsencrypt/live/tomoyan.net/fullchain.pem
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+Congratulations, all renewals succeeded. The following certs have been renewed:
+  /etc/letsencrypt/live/monsters-g.com/fullchain.pem (success)
+  /etc/letsencrypt/live/tomoyan.net/fullchain.pem (success)
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+</pre></html></WRAP>
+</WRAP>
+新しい証明書を反映させるために、Apache をリロードする😉\\
+<WRAP color_term>
+<WRAP color_command><html><pre>
+$ sudo systemctl reload httpd
+</pre></html></WRAP>
+</WRAP>