linux:certbot_client

差分

このページの2つのバージョン間の差分を表示します。

この比較画面へのリンク

両方とも前のリビジョン 前のリビジョン
次のリビジョン		 前のリビジョン
linux:certbot_client [2023/03/01 09:43] – [テスト実行] ともやんlinux:certbot_client [2023/08/28 08:27] (現在) – [既に取得済みの証明書にサブドメインを追加] ともやん
行 1: 行 1:
 ====== Certbot クライアント ====== ====== Certbot クライアント ======
  
-===== Fedora 29 でのインストール ===== +===== Fedora でのインストール ===== 
-<code>+<WRAP color_term> 
 +<WRAP color_command><html><pre>
 $ sudo -s $ sudo -s
 # cd ~ # cd ~
行 9: 行 10:
 # chmod a+x certbot-auto # chmod a+x certbot-auto
 # ./certbot-auto # ./certbot-auto
-</code> +</pre></html></WRAP> 
-<WRAP prewrap 100%+<WRAP color_result><html><pre>
-<code>+
 Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap) Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap)
 dnf は /usr/bin/dnf です dnf は /usr/bin/dnf です
行 43: 行 43:
  
 Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot-auto certonly" to do so. You'll need to manually configure your web server to use the resulting certificate. Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot-auto certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
-</code>+</pre></html></WRAP>
 </WRAP> </WRAP>
 +
 ===== インストール ===== ===== インストール =====
-<code>+<WRAP color_term> 
 +<WRAP color_command><html><pre>
 $ sudo dnf install certbot python-certbot-apache $ sudo dnf install certbot python-certbot-apache
-</code>+</pre></html></WRAP> 
 +</WRAP>
  
 ===== 使用方法 [--help] ===== ===== 使用方法 [--help] =====
行 138: 行 141:
  
 ===== 証明書取得の実行 ===== ===== 証明書取得の実行 =====
-<WRAP prewrap 100%+<WRAP color_term
-<code+<WRAP color_command><html><pre
-$ sudo certbot certonly --webroot -w /var/www/vhosts/monsters-g.com -d monsters-g.com -w /var/www/vhosts/www.monsters-g.com -d www.monsters-g.com+$ sudo certbot certonly --webroot -w /var/www/vhosts/letsencrypt -d monsters-g.com -w /var/www/vhosts/letsencrypt -d www.monsters-g.com 
 +</pre></html></WRAP> 
 +<WRAP color_result_long><html><pre>
  
 Saving debug log to /var/log/letsencrypt/letsencrypt.log Saving debug log to /var/log/letsencrypt/letsencrypt.log
行 166: 行 171:
 http-01 challenge for monsters-g.com http-01 challenge for monsters-g.com
 http-01 challenge for www.monsters-g.com http-01 challenge for www.monsters-g.com
-Using the webroot path /var/www/vhosts/www.monsters-g.com for all unmatched domains.+Using the webroot path /var/www/vhosts/letsencrypt for all unmatched domains.
 Waiting for verification... Waiting for verification...
 Cleaning up challenges Cleaning up challenges
行 183: 行 188:
    Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate    Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
    Donating to EFF:                    https://eff.org/donate-le    Donating to EFF:                    https://eff.org/donate-le
-</code>+</pre></html></WRAP>
 </WRAP> </WRAP>
 +
 +===== 既に取得済みの証明書にサブドメインを追加 =====
 +**redmine.monsters-g.com** サブドメインを追加する場合、既存ドメインに **monsters-g.com**、**www.monsters-g.com** のあとに追記する🤔\\
 +コマンドラインでは、<html><code>-w /var/www/vhosts/letsencrypt -d redmine.monsters-g.com</code></html>を追加で指定する。\\
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +<b class=GRN>$</b> <b class=HIY>sudo</b> ls -al /etc/letsencrypt/live
 +</pre></html></WRAP>
 +<WRAP color_result><html><pre>
 +合計 3
 +drwx------. 1 root root  88  8月 28 06:47 .
 +drwxr-xr-x. 1 root root 106  8月 28 06:47 ..
 +-rw-r--r--. 1 root root 740  2月 15  2019 README
 +drwxr-xr-x  1 root root  94  8月 28 06:47 monsters-g.com
 +drwxr-xr-x. 1 root root  94  8月 28 06:15 tomoyan.net
 +</pre></html></WRAP>
 +</WRAP>
 +
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +<b class=GRN>$</b> <b class=HIY>sudo</b> certbot certonly <b class=HIK>--force-renew --webroot -w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b> monsters-g.com <b class=HIK>-w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b> www.monsters-g.com <b class=HIK>-w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b> redmine.monsters-g.com
 +</pre></html></WRAP>
 +<WRAP color_result><html><pre>
 +Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +An RSA certificate named monsters-g.com already exists. Do you want to update
 +its key type to ECDSA?
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +(U)pdate key type/(K)eep existing key type: u
 +Renewing an existing certificate for monsters-g.com and 2 more domains
 +
 +Successfully received certificate.
 +Certificate is saved at: /etc/letsencrypt/live/monsters-g.com/fullchain.pem
 +Key is saved at:         /etc/letsencrypt/live/monsters-g.com/privkey.pem
 +This certificate expires on 2023-07-02.
 +These files will be updated when the certificate renews.
 +Certbot has set up a scheduled task to automatically renew this certificate in the background.
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +If you like Certbot, please consider supporting our work by:
 + * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 + * Donating to EFF:                    https://eff.org/donate-le
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +</pre></html></WRAP>
 +</WRAP>
 +
 +Apache の場合は、新しく取得した証明書を有効化する為にリロードする🤔\\
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +<b class=GRN>$</b> <b class=HIY>sudo</b> systemctl reload httpd
 +</pre></html></WRAP>
 +</WRAP>
 +
 +===== 証明書更新テストの実行 =====
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +$ sudo certbot renew --dry-run
 +</pre></html></WRAP>
 +<WRAP color_result><html><pre>
 +Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/monsters-g.com.conf
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Simulating renewal of an existing certificate for monsters-g.com and www.monsters-g.com
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/tomoyan.net.conf
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Simulating renewal of an existing certificate for tomoyan.net and 3 more domains
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Congratulations, all simulated renewals succeeded: 
 +  /etc/letsencrypt/live/monsters-g.com/fullchain.pem (success)
 +  /etc/letsencrypt/live/tomoyan.net/fullchain.pem (success)
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +</pre></html></WRAP>
 +</WRAP>
 +
 +===== 証明書更新の実行 =====
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +$ sudo certbot renew
 +</pre></html></WRAP>
 +<WRAP color_result_long><html><pre>
 +Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/monsters-g.com.conf
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Cert is due for renewal, auto-renewing...
 +Plugins selected: Authenticator webroot, Installer None
 +Renewing an existing certificate
 +Performing the following challenges:
 +http-01 challenge for monsters-g.com
 +http-01 challenge for www.monsters-g.com
 +Waiting for verification...
 +Cleaning up challenges
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +new certificate deployed without reload, fullchain is
 +/etc/letsencrypt/live/monsters-g.com/fullchain.pem
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/tomoyan.net.conf
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Cert is due for renewal, auto-renewing...
 +Plugins selected: Authenticator webroot, Installer None
 +Renewing an existing certificate
 +Performing the following challenges:
 +http-01 challenge for redmine.tomoyan.net
 +http-01 challenge for repos.tomoyan.net
 +http-01 challenge for tomoyan.net
 +http-01 challenge for www.tomoyan.net
 +Waiting for verification...
 +Cleaning up challenges
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +new certificate deployed without reload, fullchain is
 +/etc/letsencrypt/live/tomoyan.net/fullchain.pem
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
 +Congratulations, all renewals succeeded. The following certs have been renewed:
 +  /etc/letsencrypt/live/monsters-g.com/fullchain.pem (success)
 +  /etc/letsencrypt/live/tomoyan.net/fullchain.pem (success)
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +</pre></html></WRAP>
 +</WRAP>
 +
 +新しい証明書を反映させるために、Apache をリロードする😉\\
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +$ sudo systemctl reload httpd
 +</pre></html></WRAP>
 +</WRAP>
 +
  
  • linux/certbot_client.1677631392.txt.gz
  • 最終更新: 2023/03/01 09:43
  • by ともやん