現役プログラマのWordPressカスタマイズ相談

WordPress(ワードプレス)のお悩み、うまくいかなくてお困りなこと、不具合調査、新規制作依頼まで、ウェブアプリケーションエンジニアがあなたをサポートします。

トップ > サーバー > Let's encryptのワイルドカード証明書更新

Let's encryptのワイルドカード証明書更新

サーバー

f:id:jsaz:20190530224802p:plain:w480

取得済み証明書の情報を確認する

certbot-auto certificates コマンドを使用する

$ sudo certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: exapmle-apple.jp
    Domains: *.exapmle-apple.jp
    Expiry Date: 2019-08-07 07:57:20+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/exapmle-apple.jp/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/exapmle-apple.jp/privkey.pem
  Certificate Name: exapmle-orange.jp
    Domains: exapmle-orange.jp
    Expiry Date: 2019-06-23 11:37:42+00:00 (VALID: 45 days)
    Certificate Path: /etc/letsencrypt/live/exapmle-orange.jp/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/exapmle-orange.jp/privkey.pem
  Certificate Name: p2.exapmle-peach.jp
    Domains: p2.exapmle-peach.jp
    Expiry Date: 2019-06-29 11:45:17+00:00 (VALID: 51 days)
    Certificate Path: /etc/letsencrypt/live/p2.exapmle-peach.jp/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/p2.exapmle-peach.jp/privkey.pem
  Certificate Name: exapmle-peach.jp
    Domains: *.exapmle-peach.jp
    Expiry Date: 2019-08-07 08:00:53+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/exapmle-peach.jp/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/exapmle-peach.jp/privkey.pem

取得済みのドメインと有効期限、各ファイルの場所を出力してくれます

ワイルドカード証明書の更新

  • 手動でないと更新されないようです。

qiita.com

qiita.com

$ sudo certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns --domain *.exapmle-peach.jp --agree-tos -m <メールアドレス>
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for exapmle-peach.jp

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.exapmle-peach.jp with the following value:

weOTD24vGNTrKabWGwh7orHwN4xiepacrRl2603s

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/exapmle-peach.jp/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/exapmle-peach.jp/privkey.pem
   Your cert will expire on 2019-08-07. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

TXT レコードに weOTD24vGNTrKabWGwh7orHwN4xiepacrRl2603s を設定することで対象サーバーであることを確認できます。