linux:certbot_client

差分

このページの2つのバージョン間の差分を表示します。

この比較画面へのリンク

両方とも前のリビジョン 前のリビジョン
次のリビジョン		 前のリビジョン
linux:certbot_client [2019/05/18 02:23] – 外部編集 非ログインユーザーlinux:certbot_client [2023/08/28 08:27] (現在) – [既に取得済みの証明書にサブドメインを追加] ともやん
行 1: 行 1:
 ====== Certbot クライアント ====== ====== Certbot クライアント ======
  
-===== Fedora 29 でのインストール ===== +===== Fedora でのインストール ===== 
-<code>+<WRAP color_term> 
 +<WRAP color_command><html><pre>
 $ sudo -s $ sudo -s
 # cd ~ # cd ~
行 9: 行 10:
 # chmod a+x certbot-auto # chmod a+x certbot-auto
 # ./certbot-auto # ./certbot-auto
-</code> +</pre></html></WRAP> 
-<WRAP prewrap 100%+<WRAP color_result><html><pre>
-<code>+
 Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap) Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap)
 dnf は /usr/bin/dnf です dnf は /usr/bin/dnf です
行 43: 行 43:
  
 Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot-auto certonly" to do so. You'll need to manually configure your web server to use the resulting certificate. Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot-auto certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
-</code>+</pre></html></WRAP>
 </WRAP> </WRAP>
 +
 ===== インストール ===== ===== インストール =====
-<code>+<WRAP color_term> 
 +<WRAP color_command><html><pre>
 $ sudo dnf install certbot python-certbot-apache $ sudo dnf install certbot python-certbot-apache
-</code>+</pre></html></WRAP> 
 +</WRAP> 
 + 
 +===== 使用方法 [--help] ===== 
 +<WRAP color_term> 
 +<WRAP color_command><html><pre> 
 +$ certbot --help 
 +</pre></html></WRAP> 
 +<WRAP color_result_long><html><pre> 
 + 
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
 + 
 +  certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ... 
 + 
 +Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default, 
 +it will attempt to use a webserver both for obtaining and installing the 
 +certificate. The most common SUBCOMMANDS and flags are: 
 + 
 +obtain, install, and renew certificates: 
 +    (default) run   Obtain & install a certificate in your current webserver 
 +    certonly        Obtain or renew a certificate, but do not install it 
 +    renew           Renew all previously obtained certificates that are near 
 +expiry 
 +    enhance         Add security enhancements to your existing configuration 
 +   -d DOMAINS       Comma-separated list of domains to obtain a certificate for 
 + 
 +  (the certbot apache plugin is not installed) 
 +  --standalone      Run a standalone webserver for authentication 
 +  (the certbot nginx plugin is not installed) 
 +  --webroot         Place files in a server's webroot folder for authentication 
 +  --manual          Obtain certificates interactively, or using shell script 
 +hooks 
 + 
 +   -n               Run non-interactively 
 +  --test-cert       Obtain a test certificate from a staging server 
 +  --dry-run         Test "renew" or "certonly" without saving any certificates 
 +to disk 
 + 
 +manage certificates: 
 +    certificates    Display information about certificates you have from Certbot 
 +    revoke          Revoke a certificate (supply --cert-name or --cert-path) 
 +    delete          Delete a certificate (supply --cert-name) 
 + 
 +manage your account: 
 +    register        Create an ACME account 
 +    unregister      Deactivate an ACME account 
 +    update_account  Update an ACME account 
 +    show_account    Display account details 
 +  --agree-tos       Agree to the ACME server's Subscriber Agreement 
 +   -m EMAIL         Email address for important account notifications 
 + 
 +More detailed help: 
 + 
 +  -h, --help [TOPIC]    print this message, or detailed help on a topic; 
 +                        the available TOPICS are: 
 + 
 +   all, automation, commands, paths, security, testing, or any of the 
 +   subcommands or plugins (certonly, renew, install, register, nginx, 
 +   apache, standalone, webroot, etc.) 
 +  -h all                print a detailed help page including all topics 
 +  --version             print the version number 
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
 +</pre></html></WRAP> 
 +</WRAP>
  
 ===== テスト実行 ===== ===== テスト実行 =====
-<WRAP prewrap 100%+<WRAP color_term
-<code>+<WRAP color_command><html><pre>
 $ sudo certbot $ sudo certbot
 +</pre></html></WRAP>
 +<WRAP color_result><html><pre>
 Saving debug log to /var/log/letsencrypt/letsencrypt.log Saving debug log to /var/log/letsencrypt/letsencrypt.log
 Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate. Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
 $ sudo less /var/log/letsencrypt/letsencrypt.log $ sudo less /var/log/letsencrypt/letsencrypt.log
-</code>+</pre></html></WRAP>
 </WRAP> </WRAP>
-<WRAP prewrap 100%+ 
-<file /var/log/letsencrypt/letsencrypt.log>+<WRAP color_term
 +<WRAP color_mincode><file /var/log/letsencrypt/letsencrypt.log>
 2019-02-15 11:53:24,221:DEBUG:certbot.main:certbot version: 0.30.2 2019-02-15 11:53:24,221:DEBUG:certbot.main:certbot version: 0.30.2
 2019-02-15 11:53:24,222:DEBUG:certbot.main:Arguments: [] 2019-02-15 11:53:24,222:DEBUG:certbot.main:Arguments: []
行 69: 行 137:
 2019-02-15 11:53:24,248:DEBUG:certbot.plugins.selection:No candidate plugin 2019-02-15 11:53:24,248:DEBUG:certbot.plugins.selection:No candidate plugin
 2019-02-15 11:53:24,248:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None 2019-02-15 11:53:24,248:DEBUG:certbot.plugins.selection:Selected authenticator None and installer None
-</file>+</file></WRAP>
 </WRAP> </WRAP>
  
 ===== 証明書取得の実行 ===== ===== 証明書取得の実行 =====
-<WRAP prewrap 100%+<WRAP color_term
-<code+<WRAP color_command><html><pre
-$ sudo certbot certonly --webroot -w /var/www/vhosts/monsters-g.com -d monsters-g.com -w /var/www/vhosts/www.monsters-g.com -d www.monsters-g.com+$ sudo certbot certonly --webroot -w /var/www/vhosts/letsencrypt -d monsters-g.com -w /var/www/vhosts/letsencrypt -d www.monsters-g.com 
 +</pre></html></WRAP> 
 +<WRAP color_result_long><html><pre>
  
 Saving debug log to /var/log/letsencrypt/letsencrypt.log Saving debug log to /var/log/letsencrypt/letsencrypt.log
行 101: 行 171:
 http-01 challenge for monsters-g.com http-01 challenge for monsters-g.com
 http-01 challenge for www.monsters-g.com http-01 challenge for www.monsters-g.com
-Using the webroot path /var/www/vhosts/www.monsters-g.com for all unmatched domains.+Using the webroot path /var/www/vhosts/letsencrypt for all unmatched domains.
 Waiting for verification... Waiting for verification...
 Cleaning up challenges Cleaning up challenges
行 118: 行 188:
    Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate    Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
    Donating to EFF:                    https://eff.org/donate-le    Donating to EFF:                    https://eff.org/donate-le
-</code>+</pre></html></WRAP>
 </WRAP> </WRAP>
 +
 +===== 既に取得済みの証明書にサブドメインを追加 =====
 +**redmine.monsters-g.com** サブドメインを追加する場合、既存ドメインに **monsters-g.com**、**www.monsters-g.com** のあとに追記する🤔\\
 +コマンドラインでは、<html><code>-w /var/www/vhosts/letsencrypt -d redmine.monsters-g.com</code></html>を追加で指定する。\\
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +<b class=GRN>$</b> <b class=HIY>sudo</b> ls -al /etc/letsencrypt/live
 +</pre></html></WRAP>
 +<WRAP color_result><html><pre>
 +合計 3
 +drwx------. 1 root root  88  8月 28 06:47 .
 +drwxr-xr-x. 1 root root 106  8月 28 06:47 ..
 +-rw-r--r--. 1 root root 740  2月 15  2019 README
 +drwxr-xr-x  1 root root  94  8月 28 06:47 monsters-g.com
 +drwxr-xr-x. 1 root root  94  8月 28 06:15 tomoyan.net
 +</pre></html></WRAP>
 +</WRAP>
 +
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +<b class=GRN>$</b> <b class=HIY>sudo</b> certbot certonly <b class=HIK>--force-renew --webroot -w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b> monsters-g.com <b class=HIK>-w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b> www.monsters-g.com <b class=HIK>-w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b> redmine.monsters-g.com
 +</pre></html></WRAP>
 +<WRAP color_result><html><pre>
 +Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +An RSA certificate named monsters-g.com already exists. Do you want to update
 +its key type to ECDSA?
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +(U)pdate key type/(K)eep existing key type: u
 +Renewing an existing certificate for monsters-g.com and 2 more domains
 +
 +Successfully received certificate.
 +Certificate is saved at: /etc/letsencrypt/live/monsters-g.com/fullchain.pem
 +Key is saved at:         /etc/letsencrypt/live/monsters-g.com/privkey.pem
 +This certificate expires on 2023-07-02.
 +These files will be updated when the certificate renews.
 +Certbot has set up a scheduled task to automatically renew this certificate in the background.
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +If you like Certbot, please consider supporting our work by:
 + * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 + * Donating to EFF:                    https://eff.org/donate-le
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +</pre></html></WRAP>
 +</WRAP>
 +
 +Apache の場合は、新しく取得した証明書を有効化する為にリロードする🤔\\
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +<b class=GRN>$</b> <b class=HIY>sudo</b> systemctl reload httpd
 +</pre></html></WRAP>
 +</WRAP>
 +
 +===== 証明書更新テストの実行 =====
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +$ sudo certbot renew --dry-run
 +</pre></html></WRAP>
 +<WRAP color_result><html><pre>
 +Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/monsters-g.com.conf
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Simulating renewal of an existing certificate for monsters-g.com and www.monsters-g.com
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/tomoyan.net.conf
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Simulating renewal of an existing certificate for tomoyan.net and 3 more domains
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Congratulations, all simulated renewals succeeded: 
 +  /etc/letsencrypt/live/monsters-g.com/fullchain.pem (success)
 +  /etc/letsencrypt/live/tomoyan.net/fullchain.pem (success)
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +</pre></html></WRAP>
 +</WRAP>
 +
 +===== 証明書更新の実行 =====
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +$ sudo certbot renew
 +</pre></html></WRAP>
 +<WRAP color_result_long><html><pre>
 +Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/monsters-g.com.conf
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Cert is due for renewal, auto-renewing...
 +Plugins selected: Authenticator webroot, Installer None
 +Renewing an existing certificate
 +Performing the following challenges:
 +http-01 challenge for monsters-g.com
 +http-01 challenge for www.monsters-g.com
 +Waiting for verification...
 +Cleaning up challenges
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +new certificate deployed without reload, fullchain is
 +/etc/letsencrypt/live/monsters-g.com/fullchain.pem
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/tomoyan.net.conf
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Cert is due for renewal, auto-renewing...
 +Plugins selected: Authenticator webroot, Installer None
 +Renewing an existing certificate
 +Performing the following challenges:
 +http-01 challenge for redmine.tomoyan.net
 +http-01 challenge for repos.tomoyan.net
 +http-01 challenge for tomoyan.net
 +http-01 challenge for www.tomoyan.net
 +Waiting for verification...
 +Cleaning up challenges
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +new certificate deployed without reload, fullchain is
 +/etc/letsencrypt/live/tomoyan.net/fullchain.pem
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
 +Congratulations, all renewals succeeded. The following certs have been renewed:
 +  /etc/letsencrypt/live/monsters-g.com/fullchain.pem (success)
 +  /etc/letsencrypt/live/tomoyan.net/fullchain.pem (success)
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +</pre></html></WRAP>
 +</WRAP>
 +
 +新しい証明書を反映させるために、Apache をリロードする😉\\
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +$ sudo systemctl reload httpd
 +</pre></html></WRAP>
 +</WRAP>
 +
  
  • linux/certbot_client.1558113795.txt.gz
  • 最終更新: 2019/05/18 02:23
  • by 非ログインユーザー