linux:certbot_client

差分

このページの2つのバージョン間の差分を表示します。

この比較画面へのリンク

両方とも前のリビジョン 前のリビジョン
次のリビジョン		 前のリビジョン
linux:certbot_client [2023/03/01 09:46] – [証明書取得の実行] ともやんlinux:certbot_client [2023/08/28 08:27] (現在) – [既に取得済みの証明書にサブドメインを追加] ともやん
行 1: 行 1:
 ====== Certbot クライアント ====== ====== Certbot クライアント ======
  
-===== Fedora 29 でのインストール =====+===== Fedora でのインストール =====
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
行 143: 行 143:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ sudo certbot certonly --webroot -w /var/www/vhosts/monsters-g.com -d monsters-g.com -w /var/www/vhosts/www.monsters-g.com -d www.monsters-g.com+$ sudo certbot certonly --webroot -w /var/www/vhosts/letsencrypt -d monsters-g.com -w /var/www/vhosts/letsencrypt -d www.monsters-g.com
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result_long><html><pre> <WRAP color_result_long><html><pre>
行 171: 行 171:
 http-01 challenge for monsters-g.com http-01 challenge for monsters-g.com
 http-01 challenge for www.monsters-g.com http-01 challenge for www.monsters-g.com
-Using the webroot path /var/www/vhosts/www.monsters-g.com for all unmatched domains.+Using the webroot path /var/www/vhosts/letsencrypt for all unmatched domains.
 Waiting for verification... Waiting for verification...
 Cleaning up challenges Cleaning up challenges
行 190: 行 190:
 </pre></html></WRAP> </pre></html></WRAP>
 </WRAP> </WRAP>
 +
 +===== 既に取得済みの証明書にサブドメインを追加 =====
 +**redmine.monsters-g.com** サブドメインを追加する場合、既存ドメインに **monsters-g.com**、**www.monsters-g.com** のあとに追記する🤔\\
 +コマンドラインでは、<html><code>-w /var/www/vhosts/letsencrypt -d redmine.monsters-g.com</code></html>を追加で指定する。\\
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +<b class=GRN>$</b> <b class=HIY>sudo</b> ls -al /etc/letsencrypt/live
 +</pre></html></WRAP>
 +<WRAP color_result><html><pre>
 +合計 3
 +drwx------. 1 root root  88  8月 28 06:47 .
 +drwxr-xr-x. 1 root root 106  8月 28 06:47 ..
 +-rw-r--r--. 1 root root 740  2月 15  2019 README
 +drwxr-xr-x  1 root root  94  8月 28 06:47 monsters-g.com
 +drwxr-xr-x. 1 root root  94  8月 28 06:15 tomoyan.net
 +</pre></html></WRAP>
 +</WRAP>
 +
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +<b class=GRN>$</b> <b class=HIY>sudo</b> certbot certonly <b class=HIK>--force-renew --webroot -w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b> monsters-g.com <b class=HIK>-w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b> www.monsters-g.com <b class=HIK>-w</b> /var/www/vhosts/letsencrypt <b class=HIK>-d</b> redmine.monsters-g.com
 +</pre></html></WRAP>
 +<WRAP color_result><html><pre>
 +Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +An RSA certificate named monsters-g.com already exists. Do you want to update
 +its key type to ECDSA?
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +(U)pdate key type/(K)eep existing key type: u
 +Renewing an existing certificate for monsters-g.com and 2 more domains
 +
 +Successfully received certificate.
 +Certificate is saved at: /etc/letsencrypt/live/monsters-g.com/fullchain.pem
 +Key is saved at:         /etc/letsencrypt/live/monsters-g.com/privkey.pem
 +This certificate expires on 2023-07-02.
 +These files will be updated when the certificate renews.
 +Certbot has set up a scheduled task to automatically renew this certificate in the background.
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +If you like Certbot, please consider supporting our work by:
 + * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 + * Donating to EFF:                    https://eff.org/donate-le
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +</pre></html></WRAP>
 +</WRAP>
 +
 +Apache の場合は、新しく取得した証明書を有効化する為にリロードする🤔\\
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +<b class=GRN>$</b> <b class=HIY>sudo</b> systemctl reload httpd
 +</pre></html></WRAP>
 +</WRAP>
 +
 +===== 証明書更新テストの実行 =====
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +$ sudo certbot renew --dry-run
 +</pre></html></WRAP>
 +<WRAP color_result><html><pre>
 +Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/monsters-g.com.conf
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Simulating renewal of an existing certificate for monsters-g.com and www.monsters-g.com
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/tomoyan.net.conf
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Simulating renewal of an existing certificate for tomoyan.net and 3 more domains
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Congratulations, all simulated renewals succeeded: 
 +  /etc/letsencrypt/live/monsters-g.com/fullchain.pem (success)
 +  /etc/letsencrypt/live/tomoyan.net/fullchain.pem (success)
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +</pre></html></WRAP>
 +</WRAP>
 +
 +===== 証明書更新の実行 =====
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +$ sudo certbot renew
 +</pre></html></WRAP>
 +<WRAP color_result_long><html><pre>
 +Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/monsters-g.com.conf
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Cert is due for renewal, auto-renewing...
 +Plugins selected: Authenticator webroot, Installer None
 +Renewing an existing certificate
 +Performing the following challenges:
 +http-01 challenge for monsters-g.com
 +http-01 challenge for www.monsters-g.com
 +Waiting for verification...
 +Cleaning up challenges
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +new certificate deployed without reload, fullchain is
 +/etc/letsencrypt/live/monsters-g.com/fullchain.pem
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Processing /etc/letsencrypt/renewal/tomoyan.net.conf
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Cert is due for renewal, auto-renewing...
 +Plugins selected: Authenticator webroot, Installer None
 +Renewing an existing certificate
 +Performing the following challenges:
 +http-01 challenge for redmine.tomoyan.net
 +http-01 challenge for repos.tomoyan.net
 +http-01 challenge for tomoyan.net
 +http-01 challenge for www.tomoyan.net
 +Waiting for verification...
 +Cleaning up challenges
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +new certificate deployed without reload, fullchain is
 +/etc/letsencrypt/live/tomoyan.net/fullchain.pem
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
 +Congratulations, all renewals succeeded. The following certs have been renewed:
 +  /etc/letsencrypt/live/monsters-g.com/fullchain.pem (success)
 +  /etc/letsencrypt/live/tomoyan.net/fullchain.pem (success)
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +</pre></html></WRAP>
 +</WRAP>
 +
 +新しい証明書を反映させるために、Apache をリロードする😉\\
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +$ sudo systemctl reload httpd
 +</pre></html></WRAP>
 +</WRAP>
 +
  
  • linux/certbot_client.1677631563.txt.gz
  • 最終更新: 2023/03/01 09:46
  • by ともやん