Let's Encrypt ワイルドカード証明書 発行
環境作成及び発行方法はこちらを参考にしました。
hit.hateblo.jp
実行
# ./certbot-auto certonly --manual -d *.tech-memo.work -m d@tech-memo.work --agree-tos --manual-public-ip -logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory Upgrading certbot-auto 0.27.1 to 0.29.1... Replacing certbot-auto... Creating virtual environment... Installing Python packages... Installation succeeded. Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: dns-01 challenge for tech-memo.work - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge.tech-memo.work with the following value: mOAvpFMLuvf40cMTe91ewp7NUcGJK1P8LI-Nm8qIjnM Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue
切り替わったらEnter押下
Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/tech-memo.work/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/tech-memo.work/privkey.pem Your cert will expire on 2019-03-27. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
証明書
2回目の発行なのでcert2.pemとなっています
# cat /etc/letsencrypt/archive/tech-memo.work/cert2.pem -----BEGIN CERTIFICATE----- MIIFWDCCBECgAwIBAgISA4M0/7NWnu3/0uic/jMNSXsUMA0GCSqGSIb3DQEBCwUA MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODEyMjcwNzQ5MDZaFw0x OTAzMjcwNzQ5MDZaMBsxGTAXBgNVBAMMECoudGVjaC1tZW1vLndvcmswggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp5Ni6ezL52C0spzealffDH500yPMz epjyB73H9iQqzP1DwT2LquFsWEDk3z0dTA5aRH61bymwkEorpRqW2MW4pthN0FZm pKULJdvjJkWsDHsX5StlQ1W8U+ljpjc3ehYX6Lnz5UnBfGuCXbpjhfvBbncNcaOy +ndDokPYb83RYoVFeArQV908B3HHhwR3AR1mD6DtJgHaF/My4nF06sT2TSwMlpqR ZoBabghzTExbcXzt3zI7sJZJu4xyGkbBRSAnGKhAzPAIa0xso/PiKhpSIqGK0Hs2 YwzX34AGz4BlpoKpMAQP5pGquplJvd25khYqLb3ehFsfDwvOHiUFMuZtAgMBAAGj ggJlMIICYTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGKhGPwCR2+uI/7MVrTCNDE4 MH1xMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUFBwEB BGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0 Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNyeXB0 Lm9yZy8wGwYDVR0RBBQwEoIQKi50ZWNoLW1lbW8ud29yazBMBgNVHSAERTBDMAgG BmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz LmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AHR+2oMx rTMQkSGcziVPQnDCv/1eQiAIxjc1eeYQe8xWAAABZ+7aW1kAAAQDAEcwRQIhAMsK Dtf2h457iMy6izS2n5nT2Fsl01UPM1Fg2GWUn7aMAiBqnPV/ulGDNtjqy24g40hk Zq8PPLrdeuIAqShqeeloowB2ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM9OVF R/R4AAABZ+7aW28AAAQDAEcwRQIhAJTUWk7Ta76O3wJkmFikChr7jMt9Ga8wTPMp RPgIC+dVAiAbQuseYwedc5BrS41c91pws85c/m4rFDOI8PSN/H3r1TANBgkqhkiG 9w0BAQsFAAOCAQEACRktEW25/KOBC2CdyQtWA8VQa6bE1FlMj+6D3qsr2t4ZEVaX x+OhQBM4GmuVF1NoSixqUiVm99ltU5JYQMrtrFyoh321kQ+mWhyeOldrK7GBVOlB w13MUivpMn1iHmP0fNCa3qAqK92gubWvkYl0fM/hDKkNqCUyfrYvAcupPwF88mON bbXTd7ta6M7dSmp3miQKM7neeRDiQ5jPD3Tp3Yp2zof1LOC1UBhzMcTIpVTTlo/6 hG+/Cnkjkag3cIIHhfngmezpYH5nZhwrCNg6etQq2yLZ9jDqUOMzi9ng25usB7Am an6fMTUiAIW31IE9DxbeddBckDr9TxsW/eyP0w== -----END CERTIFICATE-----
Key
# cat /etc/letsencrypt/archive/tech-memo.work/privkey2.pem -----BEGIN PRIVATE KEY----- o/PiKhpSIqGK0Hs2YwzX34AGz4BlpoKpMAQP5pGquplJvd25khYqLb3ehFsfDwvO HiUFMuZtAgMBAAECggEAen+U0vY7WIdUAZMCmD/7J4KjP0YPueJ3wCs1xkiv4IrE Cnxm04OH1MrUEgqpY3K2AajmA/hYiVTIw9sQ9fhKdc9MclSvK8sHdbM6WtlsnBNd VMJ92+dMO/pmvf4L5U5Xy+Xjnk10N5YGaJzWRdGibUiBqdTeu5paZF3T0sObtBE5 DshVA5IPydkQl5nMky5Qit9szLIUKZrcHRWh3JYoJTjDVc3BJRKvXV+nBIGCBVZr 9HRCY+xcM6fcdyO+ro6Yuk/01WIaZ93816ZhVQ8uv+h+DqgdzAHbdFshLQ0cvnPq VXh7LGFRj1Zy3/3xPqomR+gMg+U54INamRRZh2FMsQKBgQD3R6Y8ig5G1nHTkhJv ZTr2Nr3A3RXdVeiSV8Az2mChsdvVxzYxgZQYIQHWfxg6u1m9zRW3gL9ztKJWf786 BECcnXpKfImR1OVgqWU3ETUXKBTya3DdM27SQ+fizrDXwRNmghddDa+Dpedpt66c hCAa+72VGDvDf/MfhzceiymYlwKBgQDyJFqX2/fg83crdvs/rdcwohbHHwSXOlrV LTjct92bJHRgN1jH6Si92Hi445URbNX0VE7A7UASvaQ7tkUMisxutQVjIG0i4LuO V5y0jnwKH0oNV7ZmKZ7hLkahmnaYFq6rjSKcpmoGhpmXSGy+RAIoodDvfrNK/xqH BPLhKD31mwKBgQC0p2S8X8PUXsCj59iOB2/PBukUKLDblfKmT3N8rnLgTncjtDlU a61M/3g/Q3TpG4yRjG3sNSQpnPLorMWA1jB5+tan6ln674VwW/E1DN4zf7Xl8TZw dC3ncXLMkWJDDaxlvG7jLadnT2JEKsxnTmPCMt4rOZwX1LdC9l7/cn2+GwKBgQC+ iK6kihkt8EYYdIJVZERM526G9rhVCz0IO5Jf02pUNsZAI6z/eU9uu1SbH7FfycU9 gc2Kb+WYGZOOzOjeaqVcg6Kekpht9mp/Ih+Tz/54tJA/mYJUN3HmfNRlOzcQi+Cb 6u2OWEBbrDRVX076FGeic1oF6ivI2p2UGufHFjRS+wKBgQCBKWBJ8hE4Ij/7HVL3 dsWoOFgCeLaSgbLoViIqRVENkRiZCFPrQk0rk4HkHqcQSSs3f8h+ftLhSaudILql GMhpzHlce6kAKxc/yZU7oXAJ7Q82SOm31L7ZAPuP6qZ7p6wwXdMwdYisxgvQUYLE 7ppKH/Gpcq8niq4pmco+ecxl6w== -----END PRIVATE KEY-----