Let's encryptのワイルドカード証明書更新
取得済み証明書の情報を確認する
certbot-auto certificates
コマンドを使用する
$ sudo certbot-auto certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Found the following certs: Certificate Name: exapmle-apple.jp Domains: *.exapmle-apple.jp Expiry Date: 2019-08-07 07:57:20+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/exapmle-apple.jp/fullchain.pem Private Key Path: /etc/letsencrypt/live/exapmle-apple.jp/privkey.pem Certificate Name: exapmle-orange.jp Domains: exapmle-orange.jp Expiry Date: 2019-06-23 11:37:42+00:00 (VALID: 45 days) Certificate Path: /etc/letsencrypt/live/exapmle-orange.jp/fullchain.pem Private Key Path: /etc/letsencrypt/live/exapmle-orange.jp/privkey.pem Certificate Name: p2.exapmle-peach.jp Domains: p2.exapmle-peach.jp Expiry Date: 2019-06-29 11:45:17+00:00 (VALID: 51 days) Certificate Path: /etc/letsencrypt/live/p2.exapmle-peach.jp/fullchain.pem Private Key Path: /etc/letsencrypt/live/p2.exapmle-peach.jp/privkey.pem Certificate Name: exapmle-peach.jp Domains: *.exapmle-peach.jp Expiry Date: 2019-08-07 08:00:53+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/exapmle-peach.jp/fullchain.pem Private Key Path: /etc/letsencrypt/live/exapmle-peach.jp/privkey.pem
取得済みのドメインと有効期限、各ファイルの場所を出力してくれます
ワイルドカード証明書の更新
- 手動でないと更新されないようです。
$ sudo certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns --domain *.exapmle-peach.jp --agree-tos -m <メールアドレス> Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: dns-01 challenge for exapmle-peach.jp - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.exapmle-peach.jp with the following value: weOTD24vGNTrKabWGwh7orHwN4xiepacrRl2603s Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/exapmle-peach.jp/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/exapmle-peach.jp/privkey.pem Your cert will expire on 2019-08-07. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
TXT レコードに weOTD24vGNTrKabWGwh7orHwN4xiepacrRl2603s
を設定することで対象サーバーであることを確認できます。